From: Biggs, Jeff \(M/CIO/BIE\) (JBiggs@usaid.gov)
Date: Tue Jul 10 2007 - 10:14:08 ART
That is good info.....I have a 6500 here to lab up with a couple of routers, so I am going to see what is up here and see what is different.
Thanks ALL for the info.
Jeffrey Biggs
Sr. Network Engineer
M/CIO/BIE
CCNP, CCDA
240-646-5003
jbiggs@usaid.gov
This e-mail is intended for the addressee only. If you are not the intended recipient, please be aware that the unauthorised use or disclosure of the information it contains, or the unauthorised copying or re-transmission of the e-mail are strictly prohibited. Such action may result in legal proceedings. If the e-mail has been sent to you in error, please accept our apologies, advise the sender as soon as possible and then delete the message. Under the Freedom of Information Act 2000 / Data Protection Act 1998, the contents of this e-mail, whether it is marked confidential or otherwise, may be disclosed.
-----Original Message-----
From: Antonio Soares [mailto:amsoares@netcabo.pt]
Sent: Tuesday, July 10, 2007 9:04 AM
To: Biggs, Jeff (M/CIO/BIE); 'Sudha R (sudhr)'
Cc: ccielab@groupstudy.com
Subject: RE: question about route-maps.....
It works fine on a 3560 with sdm prefer routing:
+++++++++++++++++++
!
interface Vlan10
ip address 10.10.10.254 255.255.255.0
ip policy route-map PBR
!
interface Vlan20
ip address 20.20.20.254 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
access-list 10 permit 10.10.10.0 0.0.0.255 log
!
route-map PBR permit 10
match ip address 10
set ip next-hop 20.20.20.2
!
route-map PBR permit 1000
!
+++++++++++++++++++
SW1#
00:06:27: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3, len 100, policy match
00:06:27: IP: route map PBR, item 10, permit
00:06:27: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3 (Vlan20), len 100, policy
routed
00:06:27: IP: Vlan10 to Vlan20 20.20.20.2
SW1#
00:06:29: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3, len 100, policy match
00:06:29: IP: route map PBR, item 10, permit
00:06:29: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3 (Vlan20), len 100, policy
routed
00:06:29: IP: Vlan10 to Vlan20 20.20.20.2
SW1#
00:06:31: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3, len 100, policy match
00:06:31: IP: route map PBR, item 10, permit
00:06:31: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3 (Vlan20), len 100, policy
routed
00:06:31: IP: Vlan10 to Vlan20 20.20.20.2
SW1#
00:06:33: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3, len 100, policy match
00:06:33: IP: route map PBR, item 10, permit
00:06:33: IP: s=10.10.10.1 (Vlan10), d=3.3.3.3 (Vlan20), len 100, policy
routed
00:06:33: IP: Vlan10 to Vlan20 20.20.20.2
SW1#
+++++++++++++++++++
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Biggs, Jeff (M/CIO/BIE)
Sent: terga-feira, 10 de Julho de 2007 12:56
To: Sudha R (sudhr)
Cc: ccielab@groupstudy.com
Subject: RE: question about route-maps.....
Still no match......
interface Vlan3
description Connection to SA26-ATM-LAN
ip address 12.34.56.78 255.255.255.240
no ip redirects
ip route-cache policy
ip policy route-map WCCP
end
access-list 151 permit tcp host 10.10.10.56 eq www any
access-list 151 deny tcp host 10.10.10.56 eq telnet any
route-map WCCP permit 10
match ip address 151
set ip default next-hop 11.11.11.201
!
route-map WCCP permit 20
Jeffrey Biggs
Sr. Network Engineer
M/CIO/BIE
CCNP, CCDA
240-646-5003
jbiggs@usaid.gov
This e-mail is intended for the addressee only. If you are not the intended
recipient, please be aware that the unauthorised use or disclosure of the
information it contains, or the unauthorised copying or re-transmission of
the e-mail are strictly prohibited. Such action may result in legal
proceedings. If the e-mail has been sent to you in error, please accept our
apologies, advise the sender as soon as possible and then delete the
message. Under the Freedom of Information Act 2000 / Data Protection Act
1998, the contents of this e-mail, whether it is marked confidential or
otherwise, may be disclosed.
-----Original Message-----
From: Sudha R (sudhr) [mailto:sudhr@cisco.com]
Sent: Tuesday, July 10, 2007 7:48 AM
To: Biggs, Jeff (M/CIO/BIE)
Subject: RE: question about route-maps.....
Ok..So this is the problem..
Try using numbered ACL say ACL 100 and try the same.. We shud first get this
working..
Send Ping from this source and do debug ip packet and see the packet trace
in router..and see ACL hits..
-----Original Message-----
From: Biggs, Jeff (M/CIO/BIE) [mailto:JBiggs@usaid.gov]
Sent: Tuesday, July 10, 2007 5:12 PM
To: Sudha R (sudhr)
Subject: RE: question about route-maps.....
The ACL are not matching (my first problem). I am not sure why they would
not match since all I am trying to hook on is http traffic.
Jeffrey Biggs
Sr. Network Engineer
M/CIO/BIE
CCNP, CCDA
240-646-5003
jbiggs@usaid.gov
This e-mail is intended for the addressee only. If you are not the intended
recipient, please be aware that the unauthorised use or disclosure of the
information it contains, or the unauthorised copying or re-transmission of
the e-mail are strictly prohibited. Such action may result in legal
proceedings. If the e-mail has been sent to you in error, please accept our
apologies, advise the sender as soon as possible and then delete the
message. Under the Freedom of Information Act 2000 / Data Protection Act
1998, the contents of this e-mail, whether it is marked confidential or
otherwise, may be disclosed.
-----Original Message-----
From: Sudha R (sudhr) [mailto:sudhr@cisco.com]
Sent: Tuesday, July 10, 2007 7:39 AM
To: Biggs, Jeff (M/CIO/BIE)
Subject: RE: question about route-maps.....
Hi,
Do you see match in ACL counters? Can you try using set ip default
next-hop? and let me know.
Regards.
Sudha.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Biggs, Jeff (M/CIO/BIE)
Sent: Tuesday, July 10, 2007 4:56 PM
To: ccielab@groupstudy.com
Subject: question about route-maps.....
What I thought was a simple solution has become a bit blurred...
I have a 6500 that I am trying to simply redirect an inbound packet to
another next-hop IP address. The 6500 is IOS based with a
SUP720/PFC3/MFSC3 running adventerprisek9-122-18 SXF8. On VLAN A I have a
policy to match on packets from a source IP and to set the next hop IP to a
device on a VLAN that is directly connected out the other side of the 6500
(VLAN B)
VLAN A------>6500-------->VLAN B
Sample config:
interface VlanB
description Connection to firewall-LAN
ip address 11.11.11.199 255.255.255.240
no ip redirects
interface VlanA
description Connection to SA26-ATM-LAN
ip address 12.23.45.67 255.255.255.240
no ip redirects
ip policy route-map NEXT-HOP
ip access-list extended NEXT-HOP
permit ip host 10.10.10.56 any
route-map NEXT-HOP permit 10
match ip address NEXT-HOP
set ip next-hop 11.11.11.201
route-map NEXT-HOP permit 20
Am I missing something here? This should be a simple setup, but as I have
found in this business, nothing is simple.
Jeffrey Biggs
Sr. Network Engineer
M/CIO/BIE
CCNP, CCDA
240-646-5003
jbiggs@usaid.gov <mailto:jbiggs@usaid.gov>
This e-mail is intended for the addressee only. If you are not the intended
recipient, please be aware that the unauthorised use or disclosure of the
information it contains, or the unauthorised copying or re-transmission of
the e-mail are strictly prohibited. Such action may result in legal
proceedings. If the e-mail has been sent to you in error, please accept our
apologies, advise the sender as soon as possible and then delete the
message. Under the Freedom of Information Act 2000 / Data Protection Act
1998, the contents of this e-mail, whether it is marked confidential or
otherwise, may be disclosed.
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART