RE: policy routing woes (w/ correction)

From: simon hart (simon.hart@btinternet.com)
Date: Sat Apr 16 2005 - 04:24:13 GMT-3

• Next message: Jake Secrist: "RE: Some problems in the router (2nd problem)"
• Previous message: Jim Nguyen: "Re: policy routing woes (w/ correction)"
• Maybe in reply to: John Matus: "policy routing woes (w/ correction)"
• Next in thread: John Matus: "Re: policy routing woes (w/ correction)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jim,

I think you will find from John's previous post he has not put the policy on
any interface.

You are right with regard to the deny statement, not required

You are right with respect to the policy should be applied to the incoming
interface, if you wish to policy route the incoming traffic. However it
seems that John wishes to policy route local traffic (ie pings etc.). If
both is required then incoming interface policy and local policy will need
to be configured.
I think the reason the local policy maybe failing is that it is picking up
the ip address of the R2 link for the source of the ping packet. Without
seeing the rest of the config it is a bit hard to determine.

I would suggest doing an extended ping and choosing a different source
interface, this will then probably work.

HTH

Simon

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Jim
Nguyen
Sent: 16 April 2005 07:44
To: John Matus; kenbar3@gmail.com; ccielab@groupstudy.com
Subject: Re: policy routing woes (w/ correction)

You donot need to add that statement ( route-map policy deny 20) to the
policy
because the router will treat all other packets that are no match base on
its routing table as usual. In this case, you want to apply route-policy all
traffic from R1 to 130.1.3.0/24 ( the match condition) through R2, so the
access-list used for match condition shoud be

access-list 150 permit ip any 130.1.3.0 0 0.0.0.255

and the route-map:

route-map policy permit 10
 match ip add 150
 set ip next-hop 150.1.124.2

then apply this route-map to incoming interfaces on R1 rather than outgoing
interfaces so all packets received on interfaces with policy-based routing
enabled are considered for policy-based routing. We can also add ip local
policy route-map to the router to have all local traffic policed.

http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm

----- Original Message -----
  From: John Matus
  To: nhatquang@thiennam.org ; kenbar3@gmail.com ; ccielab@groupstudy.com
  Sent: Saturday, April 16, 2005 11:48 AM
  Subject: Re: policy routing woes (w/ correction)

  i want to route all ip traffic and if there is no match then i don't want
to
  policy route anything, hence my initial statement of:

  route-map policy deny 20

  how would you build this route-map?

>From: "Jim Nguyen" <nhatquang@thiennam.org>
>To: "John Matus"
><john_matus@hotmail.com>,<kenbar3@gmail.com>,<ccielab@groupstudy.com>
>Subject: Re: policy routing woes (w/ correction)
>Date: Sat, 16 Apr 2005 11:18:48 +0700
>
>for me, you missed 2 things! what kind of traffic do you want to apply
>Route Policy to?
>And how does the router treat all other packets which donot fall into the
>traffic class?
> ----- Original Message -----
> From: John Matus
> To: kenbar3@gmail.com ; ccielab@groupstudy.com
> Sent: Saturday, April 16, 2005 10:17 AM
> Subject: RE: policy routing woes (w/ correction)
>
>
> still denied.......here is the debug with the route-map policy PERMIT
20
>
> 02:20:54.115: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100, policy
>match
> *Mar 1 02:20:54.115: IP: route map policy, item 20, permit
> *Mar 1 02:20:54.115: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy rejected -- normal forwarding
> *Mar 1 02:20:54.235: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy match
> *Mar 1 02:20:54.235: IP: route map policy, item 20, permit
> *Mar 1 02:20:54.235: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy rejected -- normal forwarding
> *Mar 1 02:20:54.351: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> policy match
> *Mar 1 02:20:54.351: IP: route map policy, item 20, permit
>
> >From: "Ken Bartlinski" <kenbar3@gmail.com>
> >To: "'John Matus'" <john_matus@hotmail.com>,<ccielab@groupstudy.com>
> >Subject: RE: policy routing woes (w/ correction)
> >Date: Fri, 15 Apr 2005 23:10:18 -0400
> >
> >John,
> >
> >Try changing your statement from "route-map policy deny 20" to
>"route-map
> >policy permit 20". I believe you are blocking a lot more than you
>intend to
> >with this statement.
> >
> >Ken
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> >John
> >Matus
> >Sent: Friday, April 15, 2005 9:59 PM
> >To: ccielab@groupstudy.com
> >Subject: policy routing woes (w/ correction)
> >
> >ok......the topology.....
> >
> >R1----------------------R2-----------------------R3--------130.1.3.0
> >---- ------
> > ------ ---------R4-----------------
> >
> >
> >R1 has 2 paths to R3, through R2 and R4. i'm using eigrp so the
paths
>are
> >equal cost at the moment. i decided to use policy routing to perfer
>the
> >path thru R2 over R4 to get to the 130.1.3.0 subnet on r3.
> >
> >R1
> >int s0/0
> >no ip route-cache
> >
> >ip local policy route-map policy
> >access-list 1 permit 130.1.3.0 0.0.0.255
> >
> >route-map policy permit 10
> >match ip add 1
> >set ip next-hop 150.1.124.2
> >route-map policy deny 20
> >
> >
> >
> >my debug show that the policy routing fails but i have no idea WHY
><cry>
> >here is the debug:
> >
> >Mar 1 01:38:53.475: IP: s=130.1.124.1 (local), d=130.1.3.3, len 100,
> >policy
> >
> >match
> >*Mar 1 01:38:53.475: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.475: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.595: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy match
> >*Mar 1 01:38:53.595: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.595: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.711: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy match
> >*Mar 1 01:38:53.711: IP: route map policy, item 20, deny
> >r1#
> >*Mar 1 01:38:53.711: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.827: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy match
> >*Mar 1 01:38:53.827: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.827: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy rejected -- normal forwarding
> >*Mar 1 01:38:53.943: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy match
> >*Mar 1 01:38:53.943: IP: route map policy, item 20, deny
> >*Mar 1 01:38:53.947: IP: s=130.1.124.1 (local), d=130.1.3.3, len
100,
> >policy rejected -- normal f
> >
> >
> >what am i doing wrong???????
> >
> >_________________________________________________________________
> >Dont just search. Find. Check out the new MSN Search!
> >http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
>
>_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from
McAfee.
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>

• Next message: Jake Secrist: "RE: Some problems in the router (2nd problem)"
• Previous message: Jim Nguyen: "Re: policy routing woes (w/ correction)"
• Maybe in reply to: John Matus: "policy routing woes (w/ correction)"
• Next in thread: John Matus: "Re: policy routing woes (w/ correction)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:58 GMT-3