From: ccie2be (ccie2be@nyc.rr.com)
Date: Sat Jul 09 2005 - 19:05:55 GMT-3
Hey Varthis,
Thanks for posting that.
Are the first 2 acl entries really needed? It seems to me those entries
would only be needed for the return traffic. But, since all the traceroutes
packets coming from R1 are of the form in the 3rd acl entry, it should work
without the first 2 entries.
What do you think?
TIA, Tim
-----Original Message-----
From: Varthis Vassilantonakis [mailto:vvas@altec.gr]
Sent: Saturday, July 09, 2005 4:51 PM
To: ccie2be
Subject: Re: Traceroute and policy based routing
Hi Tim,
Here is the config of R2:
R2:
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any port-unreachable
access-list 100 permit udp any any gt 30000
!
route-map test permit 10
match ip address 100
set ip next-hop <R4>
!
int ethernet 0
ip policy route-map test
!
You don't need to configure anything on the other routers. The
traceroute will go from R1 to R2 to R4 and finally to R5.
HTH
Varthis
ccie2be wrote:
>Hi Varthis,
>
>Any chance you could post the working configs. I've been following this
>thread with great interest and hope to see how you tested and the output of
>your traceroutes.
>
>TIA, Tim
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Varthis Vassilantonakis
>Sent: Saturday, July 09, 2005 11:19 AM
>To: Robin Johnson; ccielab@groupstudy.com
>Subject: RE: Traceroute and policy based routing
>
>Cheers Rob,
>
>I eventually made this work.
>As you said, policy routing has to be applied on the interface, and local
>policy is not needed.
>The tricky thing was the udp ports (gt 30000) that I needed to permit in my
>acl.
>
>Thanks again,
>
>Varthis
>
>________________________________
>
>Ap|: Robin Johnson [mailto:Rob.Johnson@dxi.net]
>Apostok^: Sab 9/7/2005 4:33 ll
>Pqor: Varthis Vassilantonakis; ccielab@groupstudy.com
>H]la: RE: Traceroute and policy based routing
>
>
>
>Ive just lab this up
>check out the link and then add a new acl and debug the acl whilst
>tracerouting
>Everything should become crystal:-)
>http://www.cisco.com/warp/public/63/ping_traceroute.html#traceroute
>
>Hint (your missing an important protocol in yr acl) as well as policy map
on
>the interface
>
>Side not to Sila - Packets are policy routed that are generated locally if
>you use the ip local policy command!
>
>HTH
>Rob
>
>
>
>-----Original Message-----
>From: Varthis Vassilantonakis [mailto:vvas@altec.gr]
>Sent: 09 July 2005 11:45
>To: ccielab@groupstudy.com
>Subject: Traceroute and policy based routing
>
>
>Hello group,
>
>One quite tricky question.
>
>In the IEWB Lab 18 Q12.1 there is an example on how we should configure a
>router to response with its Loopback address when any other router issue a
>traceroute to it.
>
>What if we want to do something slightly different.
>What I want is to traceroute from R1 to R5.
>R2 has 2 possible ways to reach R5. These are R3 and R4. See the diagram
>below:
>
>R1 ------- R2 ------------------R3-----------------
> | |
> | |
> | |
> R4--------------------------------------R5
>
>I want this traceroute to go through R4 and not through R3.
>
>My configuration is the following:
>
>R2:
>
>ip local policy route-map test
>!
>route-map test permit 10
>match ip address 100
>set ip next-hop <R4-address connected to R2>
>!
>access-list 100 permit icmp any any time-exceeded
>access-list 100 permit icmp any any port-unreachable
>
>Local policy routing is configured because traceroute is locally generated
>by the router each time.
>
>However, I can not get this to work.
>
>Any ideas ?
>
>TIA
>
>Varthis
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3