From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Mon Sep 11 2006 - 15:45:05 ART
Hi,
Say you have this:
R4 ----- r1 ---- sw2
And you need to drop all Icmp using PBR in R1 from Sw2 lo0
The config would look like this
R1#show run | in access-list 123
access-list 123 permit icmp host 150.1.8.8 any
R1(config)#do show run | b route-map DROPFROMSW2 permit
route-map DROPFROMSW2 permit 10
match ip address 123
set interface Null0
If you debug ip policy
You get
At R1:
IP: s=150.1.8.8 (FastEthernet0/0), d=150.1.4.4 (Null0), len 100, policy
routed
IP: FastEthernet0/0 to Null0 150.1.4.4
IP: s=150.1.8.8 (FastEthernet0/0), d=150.1.4.4, len 100, policy match
IP: route map DROPFROMSW2, item 10, permit
At Sw2
2d18h: ICMP: dst (150.1.8.8) host unreachable rcv from 192.168.12.1.U
At R4
R4#show ip route 150.1.8.8 | b from
Last update from 192.168.14.1 on Serial0/0, 00:14:19 ago
Routing Descriptor Blocks:
* 192.168.14.1, from 150.1.1.1, 00:14:19 ago, via Serial0/0
Route metric is 66, traffic share count is 1
HTH
Victor.-
-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de 2nd
CCIE
Enviado el: Lunes, 11 de Septiembre de 2006 01:55 p.m.
Para: ccielab@groupstudy.com; security@groupstudy.com
Asunto: policy based routing
Folks ;
I am trying to configure PBR on my router , i want to drop the traffic
coming from certain network ..this does not happen because i get the
following error
1 01:31:26.737: IP: s=30.30.30.10 (Ethernet0/0), d=30.30.12.5, len 100, FI
B policy rejected(explicit route) - normal forwarding
the policy is applied on the Ethernet0/0 (30.30.30.5) where i am
receiving packets from 30.30.30.10
does anyone know why the policy is rejected (explicit route ??) thing
---------------------------------
All-new Yahoo! Mail - Fire up a more powerful email and get things done
faster.
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART