Re: Policy Routing

From: Luan Nguyen (lm_nguyen@xxxxxxxxxxx)
Date: Tue Jul 09 2002 - 01:41:51 GMT-3

• Next message: Nick Shah: "Re: As Transit"
• Previous message: Jay Hennigan: "Re: As Transit"
• Maybe in reply to: Dan Lockwood: "Policy Routing"
• Next in thread: Omer Ansari: "Re: Policy Routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Packets that are generated by the router are not normally policy routed,by
using that command you enable local policy routing for such packets, all
packets originating on the router will then be subject to local policy
routing. If you ping from the router chances are it will use the wan
interface and if this ping packet get examined by your route-map, then the
extended acl make more sense. your standard acl would just say permit that
ip address and unless the source ip address of your ping packet match those
defined by the acl1, it is dropped.
so you want permit from *anywhere* to your destination.
suggestion for clearer understanding:
debug icmp, debug ip policy routing (or something like that..do a ? to find
out). These will let you see clearly what's wrong with your policy routing.

wr/lmn

From: "Dan Lockwood" <dlockwood@shastalink.k12.ca.us>
Reply-To: "Dan Lockwood" <dlockwood@shastalink.k12.ca.us>
To: <ccielab@groupstudy.com>
Subject: Policy Routing
Date: Mon, 8 Jul 2002 20:03:12 -0700

I have the following route-maps and access-lists. When I set local policy
to
use LOCAL-MAP I an not able to ping any destinations on my ACL. However the
route-map 10 works. Is there some documentation regarding why policy
routing
likes the extended ACL over the standard ACL? Your thoughts are
appreciated.

ip local policy route-map 10
!
access-list 1 permit 10.10.1.3
access-list 1 permit 10.10.1.5
access-list 1 permit 10.4.0.0 0.0.255.255
access-list 1 permit 10.34.0.0 0.0.255.255
access-list 1 permit 10.44.0.0 0.0.3.255
access-list 101 permit ip any 10.34.0.0 0.0.255.255
access-list 101 permit ip any 11.1.0.0 0.0.255.255
access-list 101 permit ip any 10.4.0.0 0.0.255.255
access-list 101 permit ip any host 10.10.1.3
access-list 101 permit ip any host 10.10.1.5
access-list 101 permit ip any 10.44.0.0 0.0.255.255
route-map 10 permit 10
  match ip address 101
  set ip next-hop 10.10.1.1
!
route-map LOCAL-MAP permit 10
  match ip address 1
  set ip next-hop 10.10.1.1

Dan Lockwood

• Next message: Nick Shah: "Re: As Transit"
• Previous message: Jay Hennigan: "Re: As Transit"
• Maybe in reply to: Dan Lockwood: "Policy Routing"
• Next in thread: Omer Ansari: "Re: Policy Routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:22 GMT-3