From: Omer Ansari (omer@xxxxxxxxxx)
Date: Mon Jul 08 2002 - 21:36:27 GMT-3
Dan,
seems like simple ACLs for policy routing also behave the same way as for
security, that is they match the Source IP of the packet.
in your case you want to match the dest IP , which matches fine using the
extended acl
On Mon, 8 Jul 2002, Dan Lockwood wrote:
> I have the following route-maps and access-lists. When I set local policy to
> use LOCAL-MAP I an not able to ping any destinations on my ACL. However the
> route-map 10 works. Is there some documentation regarding why policy routing
> likes the extended ACL over the standard ACL? Your thoughts are appreciated.
>
> ip local policy route-map 10
> !
> access-list 1 permit 10.10.1.3
> access-list 1 permit 10.10.1.5
> access-list 1 permit 10.4.0.0 0.0.255.255
> access-list 1 permit 10.34.0.0 0.0.255.255
> access-list 1 permit 10.44.0.0 0.0.3.255
> access-list 101 permit ip any 10.34.0.0 0.0.255.255
> access-list 101 permit ip any 11.1.0.0 0.0.255.255
> access-list 101 permit ip any 10.4.0.0 0.0.255.255
> access-list 101 permit ip any host 10.10.1.3
> access-list 101 permit ip any host 10.10.1.5
> access-list 101 permit ip any 10.44.0.0 0.0.255.255
> route-map 10 permit 10
> match ip address 101
> set ip next-hop 10.10.1.1
> !
> route-map LOCAL-MAP permit 10
> match ip address 1
> set ip next-hop 10.10.1.1
>
> Dan Lockwood
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:22 GMT-3