Re: policy routing woes (w/ correction)

From: Jim Nguyen (nhatquang@thiennam.org)
Date: Sat Apr 16 2005 - 03:44:21 GMT-3

• Next message: simon hart: "RE: policy routing woes (w/ correction)"
• Previous message: Ricky Martin: "Some problems in the router"
• Maybe in reply to: John Matus: "policy routing woes (w/ correction)"
• Next in thread: simon hart: "RE: policy routing woes (w/ correction)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You donot need to add that statement ( route-map policy deny 20) to the policy
because the router will treat all other packets that are no match base on
its routing table as usual. In this case, you want to apply route-policy all
traffic from R1 to 130.1.3.0/24 ( the match condition) through R2, so the
access-list used for match condition shoud be

access-list 150 permit ip any 130.1.3.0 0 0.0.0.255

and the route-map:

route-map policy permit 10
 match ip add 150
 set ip next-hop 150.1.124.2

then apply this route-map to incoming interfaces on R1 rather than outgoing
interfaces so all packets received on interfaces with policy-based routing
enabled are considered for policy-based routing. We can also add ip local
policy route-map to the router to have all local traffic policed.

http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm

----- Original Message -----
  From: John Matus
  To: nhatquang@thiennam.org ; kenbar3@gmail.com ; ccielab@groupstudy.com
  Sent: Saturday, April 16, 2005 11:48 AM
  Subject: Re: policy routing woes (w/ correction)

  i want to route all ip traffic and if there is no match then i don't want to
  policy route anything, hence my initial statement of:

  route-map policy deny 20

  how would you build this route-map?

>From: "Jim Nguyen" <nhatquang@thiennam.org>
>To: "John Matus"
><john_matus@hotmail.com>,<kenbar3@gmail.com>,<ccielab@groupstudy.com>
>Subject: Re: policy routing woes (w/ correction)
>Date: Sat, 16 Apr 2005 11:18:48 +0700
>
>for me, you missed 2 things! what kind of traffic do you want to apply
>Route Policy to?
>And how does the router treat all other packets which donot fall into the
>traffic class?
> ----- Original Message -----
> From: John Matus
> To: kenbar3@gmail.com ; ccielab@groupstudy.com
> Sent: Saturday, April 16, 2005 10:17 AM
> Subject: RE: policy routing woes (w/ correction)
>
>
> still denied.......here is the debug with the route-map policy PERMIT
20
>
> 02:20:54.115: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100, policy
>match
> *Mar 1 02:20:54.115: IP: route map policy, item 20, permit
> *Mar 1 02:20:54.115: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy rejected -- normal forwarding
> *Mar 1 02:20:54.235: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy match
> *Mar 1 02:20:54.235: IP: route map policy, item 20, permit
> *Mar 1 02:20:54.235: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy rejected -- normal forwarding
> *Mar 1 02:20:54.351: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy match
> *Mar 1 02:20:54.351: IP: route map policy, item 20, permit
>
> >From: "Ken Bartlinski" <kenbar3@gmail.com>
> >To: "'John Matus'" <john_matus@hotmail.com>,<ccielab@groupstudy.com>
> >Subject: RE: policy routing woes (w/ correction)
> >Date: Fri, 15 Apr 2005 23:10:18 -0400
> >
> >John,
> >
> >Try changing your statement from "route-map policy deny 20" to
>"route-map
> >policy permit 20". I believe you are blocking a lot more than you
>intend to
> >with this statement.
> >
> >Ken
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> >John
> >Matus
> >Sent: Friday, April 15, 2005 9:59 PM
> >To: ccielab@groupstudy.com
> >Subject: policy routing woes (w/ correction)
> >
> >ok......the topology.....
> >
> >R1----------------------R2-----------------------R3--------130.1.3.0
> >---- ------
> > ------ ---------R4-----------------
> >
> >
> >R1 has 2 paths to R3, through R2 and R4. i'm using eigrp so the paths
>are
> >equal cost at the moment. i decided to use policy routing to perfer
>the
> >path thru R2 over R4 to get to the 130.1.3.0 subnet on r3.
> >
> >R1
> >int s0/0
> >no ip route-cache
> >
> >ip local policy route-map policy
> >access-list 1 permit 130.1.3.0 0.0.0.255
> >
> >route-map policy permit 10
> >match ip add 1
> >set ip next-hop 150.1.124.2
> >route-map policy deny 20
> >
> >
> >
> >my debug show that the policy routing fails but i have no idea WHY
><cry>
> >here is the debug:
> >
> >Mar 1 01:38:53.475: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy
> >
> >match
> >*Mar 1 01:38:53.475: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.475: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.595: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy match
> >*Mar 1 01:38:53.595: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.595: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.711: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy match
> >*Mar 1 01:38:53.711: IP: route map policy, item 20, deny
> >r1#
> >*Mar 1 01:38:53.711: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.827: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy match
> >*Mar 1 01:38:53.827: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.827: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.943: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy match
> >*Mar 1 01:38:53.943: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.947: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy rejected -- normal f
> >
> >
> >what am i doing wrong???????
> >
> >_________________________________________________________________
> >Dont just search. Find. Check out the new MSN Search!
> >http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
>
>_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from McAfee.
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

  _________________________________________________________________
  Dont just search. Find. Check out the new MSN Search!
  http://search.msn.click-url.com/go/onm00200636ave/direct/01/

  _______________________________________________________________________
  Subscription information may be found at:
  http://www.groupstudy.com/list/CCIELab.html

• Next message: simon hart: "RE: policy routing woes (w/ correction)"
• Previous message: Ricky Martin: "Some problems in the router"
• Maybe in reply to: John Matus: "policy routing woes (w/ correction)"
• Next in thread: simon hart: "RE: policy routing woes (w/ correction)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:58 GMT-3