From: Venkatesh Venkatesh (kvpalani@gmail.com)
Date: Tue Aug 29 2006 - 15:38:21 ART
did the command "debug ip policy " help you to trobuleshoot ?
BTW ...I hope you are not trying to ping/traceroute directly from the switch
as you wld know this is local traffic and wont follow PBR unless you specify
local
ip route-caceh policy is just to make it fast switched rather than process
switched, even CEF is possible when you have the CEF turned on along with
PBR.
HTH,
- Venkatesh
On 8/30/06, Tim Gregory <tgregory@lincoln.ac.uk> wrote:
>
> The next hop is the other end of the tunnel interface (10.254.253.1),
> (directly attached /30 network) and its always up.
>
> The network I want to policy route is only advertised down the tunnel,
> <distribute list prevents it going to any other adjacency> but the problem
> is I can't stop traffic from breaking away from the default, ie, traffic
> from this one net, I want to send down the tunnel..
>
> Tim
>
> ________________________________
>
> From: Joe Freeman [mailto:joe.freeman@CenturyTel.com]
> Sent: Tue 29/08/2006 16:55
> To: Max Bozeman; tgregory@lincoln.ac.uk; ccielab@groupstudy.com
> Subject: RE: SVI PBR
>
>
>
> How are you learning the route to 10.254.253.1?
>
> If it's directly attached (i.e. the local tunnel interface is
> 10.254.253.2/30) then make sure your tunnel is in fact up.
>
> If it's unnumbered to a loopback, and the10.254.253.1 is on the
> loopback, look into how you're advertising that in your routing
> protocol(s).
>
> Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Max Bozeman
> Sent: Tuesday, August 29, 2006 10:48 AM
> To: tgregory@lincoln.ac.uk; ccielab@groupstudy.com
> Subject: RE: SVI PBR
>
> Have never tried this on a switch, but if the tunnel is terminated on
> the switch, then here are a couple of suggestions:
>
> 1. If you are trying to send all IP traffic down the tunnel, then use a
> standard access-list.
>
> 2. Instead of setting next-hop, set the interface to the tunnel
> interface.
>
> having said that without seeing the full config (and possibly labbing
> it) I couldn't tell you why yours is not working.
>
>
>
>
> --- On Tue 08/29, Tim Gregory < tgregory@lincoln.ac.uk > wrote:
> From: Tim Gregory [mailto: tgregory@lincoln.ac.uk]
> To: ccielab@groupstudy.com
> Date: Tue, 29 Aug 2006 15:56:36 +0100
> Subject: SVI PBR
>
> Hi Guys..<br><br>When you configure PBR on a SVI, does it behave
> normally?<br><br>Basically I've got a scenario where I need to take some
> traffic coming<br>from a particular subnet and force it down a gre
> tunnel, so I've<br>configured the interface like this..<br><br>interface
> Vlan24<br> ip address 10.1.24.129 255.255.255.128<br> ip helper-address
> 194.80.56.107<br> ip route-cache policy<br> ip policy route-map
> force-tunnel<br><br>route-map force-tunnel permit 10<br> match ip
> address route2blue<br> set ip next-hop 10.254.253.1<br><br>ip
> access-list extended route2blue<br> permit icmp 10.1.24.128 0.0.0.127
> any<br> permit ip 10.1.24.128 0.0.0.127 any<br><br><br><br><br>But
> traffic still follows the normal ip routing table path, I can't
> for<br>the life of my figure out why its not being routed down the next
> hop of<br>10.254.253.1.... Im sure its something very basic
> :[<br><br>Thanks...<br><br>_____________________________________________
> __________________________<br>Subscription
> information may be found at:
> <br>http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________
> Join Excite! - http://www.excite.com
> The most personalized portal on the Web!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:59 ART