From: Tim Gregory (tgregory@lincoln.ac.uk)
Date: Tue Aug 29 2006 - 15:40:45 ART
Hi,
No i'm not pinging directly from the switch or to the switch, as I know
PBR does not affect locally originated traffic... I'll try debug ip
policy...
Thanks
Tim
________________________________
From: Venkatesh Venkatesh [mailto:kvpalani@gmail.com]
Sent: 29 August 2006 19:38
To: Tim Gregory
Cc: Joe Freeman; Max Bozeman; ccielab@groupstudy.com
Subject: Re: SVI PBR
did the command "debug ip policy " help you to trobuleshoot ?
BTW ...I hope you are not trying to ping/traceroute directly from the
switch as you wld know this is local traffic and wont follow PBR unless
you specify local
ip route-caceh policy is just to make it fast switched rather than
process switched, even CEF is possible when you have the CEF turned on
along with PBR.
HTH,
- Venkatesh
On 8/30/06, Tim Gregory <tgregory@lincoln.ac.uk> wrote:
The next hop is the other end of the tunnel interface
(10.254.253.1), (directly attached /30 network) and its always up.
The network I want to policy route is only advertised down the
tunnel, <distribute list prevents it going to any other adjacency> but
the problem is I can't stop traffic from breaking away from the default,
ie, traffic from this one net, I want to send down the tunnel..
Tim
________________________________
From: Joe Freeman [mailto:joe.freeman@CenturyTel.com]
Sent: Tue 29/08/2006 16:55
To: Max Bozeman; tgregory@lincoln.ac.uk; ccielab@groupstudy.com
Subject: RE: SVI PBR
How are you learning the route to 10.254.253.1?
If it's directly attached (i.e. the local tunnel interface is
10.254.253.2/30) then make sure your tunnel is in fact up.
If it's unnumbered to a loopback, and the10.254.253.1 is on the
loopback, look into how you're advertising that in your routing
protocol(s).
Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On
Behalf Of
Max Bozeman
Sent: Tuesday, August 29, 2006 10:48 AM
To: tgregory@lincoln.ac.uk; ccielab@groupstudy.com
Subject: RE: SVI PBR
Have never tried this on a switch, but if the tunnel is
terminated on
the switch, then here are a couple of suggestions:
1. If you are trying to send all IP traffic down the tunnel,
then use a
standard access-list.
2. Instead of setting next-hop, set the interface to the tunnel
interface.
having said that without seeing the full config (and possibly
labbing
it) I couldn't tell you why yours is not working.
--- On Tue 08/29, Tim Gregory < tgregory@lincoln.ac.uk > wrote:
From: Tim Gregory [mailto: tgregory@lincoln.ac.uk ]
To: ccielab@groupstudy.com
Date: Tue, 29 Aug 2006 15:56:36 +0100
Subject: SVI PBR
Hi Guys..<br><br>When you configure PBR on a SVI, does it behave
normally?<br><br>Basically I've got a scenario where I need to
take some
traffic coming<br>from a particular subnet and force it down a
gre
tunnel, so I've<br>configured the interface like
this..<br><br>interface
Vlan24<br> ip address 10.1.24.129 255.255.255.128<br> ip
helper-address
194.80.56.107<br> ip route-cache policy<br> ip policy route-map
force-tunnel<br><br>route-map force-tunnel permit 10<br> match
ip
address route2blue<br> set ip next-hop 10.254.253.1<br><br>ip
access-list extended route2blue<br> permit icmp 10.1.24.128
0.0.0.127
any<br> permit ip 10.1.24.128 0.0.0.127
any<br><br><br><br><br>But
traffic still follows the normal ip routing table path, I can't
for<br>the life of my figure out why its not being routed down
the next
hop of<br>10.254.253.1.... Im sure its something very basic
:[<br><br>Thanks...<br><br>_____________________________________________
__________________________<br>Subscription
information may be found at:
<br> http://www.groupstudy.com/list/CCIELab.html
<http://www.groupstudy.com/list/CCIELab.html> <br>
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:59 ART