Re: question about route-maps.....
From: Peter Kingston (kingstonp.ccie@gmail.com)
Date: Tue Jul 10 2007 - 09:15:36 ART
Hey Jeff,
Using the configuration below in a route-map has the following
ramifications:
set ip default next-hop
When the destination route exists in the routing table, normal forwarding is
used�do not policy route the packet.
I believe you should just use:
set ip next-hop
Regards,
Peter
Studiny for my CCIE
On 7/10/07, Biggs, Jeff (M/CIO/BIE) <JBiggs@usaid.gov> wrote:
>
> Still no match......
>
>
>
>
> interface Vlan3
> description Connection to SA26-ATM-LAN
> ip address 12.34.56.78 255.255.255.240
> no ip redirects
> ip route-cache policy
> ip policy route-map WCCP
> end
>
>
> access-list 151 permit tcp host 10.10.10.56 eq www any
> access-list 151 deny tcp host 10.10.10.56 eq telnet any
>
>
> route-map WCCP permit 10
> match ip address 151
> set ip default next-hop 11.11.11.201
> !
> route-map WCCP permit 20
>
>
>
> Jeffrey Biggs
> Sr. Network Engineer
> M/CIO/BIE
> CCNP, CCDA
> 240-646-5003
> jbiggs@usaid.gov
>
> This e-mail is intended for the addressee only. If you are not the
> intended recipient, please be aware that the unauthorised use or disclosure
> of the information it contains, or the unauthorised copying or
> re-transmission of the e-mail are strictly prohibited. Such action may
> result in legal proceedings. If the e-mail has been sent to you in error,
> please accept our apologies, advise the sender as soon as possible and then
> delete the message. Under the Freedom of Information Act 2000 / Data
> Protection Act 1998, the contents of this e-mail, whether it is marked
> confidential or otherwise, may be disclosed.
>
>
> -----Original Message-----
> From: Sudha R (sudhr) [mailto:sudhr@cisco.com]
> Sent: Tuesday, July 10, 2007 7:48 AM
> To: Biggs, Jeff (M/CIO/BIE)
> Subject: RE: question about route-maps.....
>
> Ok..So this is the problem..
> Try using numbered ACL say ACL 100 and try the same.. We shud first get
> this working..
> Send Ping from this source and do debug ip packet and see the packet trace
> in router..and see ACL hits..
>
> -----Original Message-----
> From: Biggs, Jeff (M/CIO/BIE) [mailto:JBiggs@usaid.gov]
> Sent: Tuesday, July 10, 2007 5:12 PM
> To: Sudha R (sudhr)
> Subject: RE: question about route-maps.....
>
> The ACL are not matching (my first problem). I am not sure why they would
> not match since all I am trying to hook on is http traffic.
>
> Jeffrey Biggs
> Sr. Network Engineer
> M/CIO/BIE
> CCNP, CCDA
> 240-646-5003
> jbiggs@usaid.gov
>
> This e-mail is intended for the addressee only. If you are not the
> intended recipient, please be aware that the unauthorised use or disclosure
> of the information it contains, or the unauthorised copying or
> re-transmission of the e-mail are strictly prohibited. Such action may
> result in legal proceedings. If the e-mail has been sent to you in error,
> please accept our apologies, advise the sender as soon as possible and then
> delete the message. Under the Freedom of Information Act 2000 / Data
> Protection Act 1998, the contents of this e-mail, whether it is marked
> confidential or otherwise, may be disclosed.
>
> -----Original Message-----
> From: Sudha R (sudhr) [mailto:sudhr@cisco.com]
> Sent: Tuesday, July 10, 2007 7:39 AM
> To: Biggs, Jeff (M/CIO/BIE)
> Subject: RE: question about route-maps.....
>
> Hi,
> Do you see match in ACL counters? Can you try using set ip default
> next-hop? and let me know.
>
> Regards.
> Sudha.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Biggs, Jeff (M/CIO/BIE)
> Sent: Tuesday, July 10, 2007 4:56 PM
> To: ccielab@groupstudy.com
> Subject: question about route-maps.....
>
> What I thought was a simple solution has become a bit blurred...
>
>
>
> I have a 6500 that I am trying to simply redirect an inbound packet to
> another next-hop IP address. The 6500 is IOS based with a
> SUP720/PFC3/MFSC3 running adventerprisek9-122-18 SXF8. On VLAN A I have a
> policy to match on packets from a source IP and to set the next hop IP to a
> device on a VLAN that is directly connected out the other side of the 6500
> (VLAN B)
>
>
>
>
>
> VLAN A------>6500-------->VLAN B
>
>
>
>
>
> Sample config:
>
>
>
>
>
> interface VlanB
>
> description Connection to firewall-LAN
>
> ip address 11.11.11.199 255.255.255.240
>
> no ip redirects
>
>
>
> interface VlanA
>
> description Connection to SA26-ATM-LAN
>
> ip address 12.23.45.67 255.255.255.240
>
> no ip redirects
>
> ip policy route-map NEXT-HOP
>
>
>
> ip access-list extended NEXT-HOP
>
> permit ip host 10.10.10.56 any
>
>
>
> route-map NEXT-HOP permit 10
>
> match ip address NEXT-HOP
>
> set ip next-hop 11.11.11.201
>
>
>
> route-map NEXT-HOP permit 20
>
>
>
>
>
>
>
> Am I missing something here? This should be a simple setup, but as I have
> found in this business, nothing is simple.
>
>
>
>
>
>
>
> Jeffrey Biggs
>
> Sr. Network Engineer
>
> M/CIO/BIE
>
> CCNP, CCDA
>
> 240-646-5003
>
> jbiggs@usaid.gov <mailto:jbiggs@usaid.gov>
>
>
>
> This e-mail is intended for the addressee only. If you are not the
> intended recipient, please be aware that the unauthorised use or disclosure
> of the information it contains, or the unauthorised copying or
> re-transmission of the e-mail are strictly prohibited. Such action may
> result in legal proceedings. If the e-mail has been sent to you in error,
> please accept our apologies, advise the sender as soon as possible and then
> delete the message. Under the Freedom of Information Act 2000 / Data
> Protection Act 1998, the contents of this e-mail, whether it is marked
> confidential or otherwise, may be disclosed.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Sat Aug 18 2007 - 08:17:40 ART