Re: Need to undestand local policy

Hi Sonu,

I think this is due to that you dont have a directly connected subnet of the
IP address what you are redirecting. It is why policy is failing.

Try to change the next hop to one of the ips in a directly connected subnet
& see whether its gonna work.

Thanks
Sara

On Sun, Jun 27, 2010 at 12:04 PM, Sonu Khandelwal (sokhande) <
sokhande_at_cisco.com> wrote:

> Hi Sarad,
> Thanks for help. I had applied policy in global mode only. Here is debugs
> information.
>
> R2#sh run | i ip local
> ip local policy route-map xxx
> R2#
>
> R2#deb ip poli
> R2#deb ip policy
> Policy routing debugging is on
> R2#
>
>
> R2#ping 172.16.253.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 172.16.253.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/12 ms
> R2#
> *Jun 27 06:21:47.493: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy match
> *Jun 27 06:21:47.493: IP: route map xxx, item 10, permit
> *Jun 27 06:21:47.493: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy rejected -- normal forwarding
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy match
> *Jun 27 06:21:47.497: IP: route map xxx, item 10, permit
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy rejected -- normal forwarding
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy match
> *Jun 27 06:21:47.497: IP: route map xxx, item 10, permit
> R2#
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy rejected -- normal forwarding
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy match
> *Jun 27 06:21:47.497: IP: route map xxx, item 10, permit
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy rejected -- normal forwarding
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy match
> *Jun 27 06:21:47.497: IP: route map xxx, item 10, permit
> *Jun 27 06:21:47.497: IP: s=172.16.253.2 (local), d=172.16.253.1, len 100,
> policy rejected -- normal forwarding
> R2#
> *Jun 27 06:22:35.909: %SEC-6-IPACCESSLOGS: list 6 permitted 172.16.253.2 5
> packets
> R2#
> R2#
>
> R2#sh route-map xxx
> route-map xxx, permit, sequence 10
> Match clauses:
> ip address (access-lists): 6
> Set clauses:
>
> ip next-hop 19.19.19.1
> Policy routing matches: 60 packets, 9924 bytes
> R2#show access
> R2#show access-li
> R2#show access-lists 6
>
> Standard IP access list 6
> 10 permit any log (60 matches)
> R2#
>
> Thanks,
> Sonu
>
> ------------------------------
> *From:* Sarad [mailto:tosara_at_gmail.com]
> *Sent:* Sunday, June 27, 2010 11:57 AM
> *To:* Sonu Khandelwal (sokhande)
> *Cc:* Yemi Oshunkoya; ccielab_at_groupstudy.com
>
> *Subject:* Re: Need to undestand local policy
>
> Hi Sokhande,
>
> you need to apply the policy in the global configuration mode as follows
>
> ip local policy route-map XXX
>
> Then use "debug ip policy" command to check whether your traffic is policy
> routed.
>
> Thanks
> Sara
>
> On Sun, Jun 27, 2010 at 11:33 AM, Sonu Khandelwal (sokhande) <
> sokhande_at_cisco.com> wrote:
>
>> Hi Yemi,
>> Yes, ping also working fine.
>>
>> R2#sh ip eig nei
>> EIGRP-IPv4 neighbors for process 1
>> H Address Interface Hold Uptime SRTT RTO Q
>> Seq
>> (sec) (ms) Cnt
>> Num
>> 0 172.16.253.1 Et0/0 11 02:03:33 15 200 0
>> 20
>> R2#ping 172.16.253.1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 172.16.253.1, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
>> R2#
>>
>> Thanks,
>> Sonu
>>
>> -----Original Message-----
>> From: Yemi Oshunkoya [mailto:yzmar4real_at_hotmail.com]
>> Sent: Sunday, June 27, 2010 10:15 AM
>> To: Sonu Khandelwal (sokhande); ccielab_at_groupstudy.com
>> Subject: Re: Need to undestand local policy
>>
>> Hi sokhande,
>> Pls discard my last mail, you don't need to apply it on an interface.
>> Can u try doing a ping and see if that gets policy routed?
>> Sent from my BlackBerry wireless device from MTN
>>
>> -----Original Message-----
>> From: yzmar4real_at_hotmail.com
>> Date: Sun, 27 Jun 2010 04:24:25
>> To: <sokhande_at_cisco.com>; <ccielab_at_groupstudy.com>
>> Reply-To: yzmar4real_at_hotmail.com
>> Subject: Re: Need to undestand local policy
>>
>> U didn't apply your policy on any interface. :) Sent from my BlackBerry
>> wireless device from MTN
>>
>> -----Original Message-----
>> From: sokhande_at_cisco.com
>> Date: Sun, 27 Jun 2010 04:02:28
>> To: <ccielab_at_groupstudy.com>
>> Subject: Need to undestand local policy
>>
>> Hi All,
>> I am trying to understand local policy. As per my understanding any packet
>> which is generated by router will get treatment based on local policy. ospf
>> hello/ eigrp hello/ routing updates will all be considered as locally
>> generated packets.
>>
>> I have created a simple scenerio and this seems to be not working for me.
>>
>> R1----R2
>>
>> R1 and R2 are connected back to back using E0/0 interface and are running
>> eigrp between them. I am doing a local policy on R2 such that its next hop
>> gets changed to some junk ip address and no neighborship gets built between
>> these interface. This seems to be not working and I see that policy is not
>> even being hit.
>>
>> configs of R1:
>>
>> interface Ethernet0/0
>> ip address 172.16.253.1 255.255.255.0
>> end
>>
>> sh run | b router eigrp
>> router eigrp 1
>> network 172.16.0.0
>>
>> configs of R2:
>>
>> R2#sh run | b router eigrp
>> router eigrp 1
>> network 172.16.0.0
>>
>> R2#
>> R2#sh run int e0/0
>> Building configuration...
>>
>> Current configuration : 68 bytes
>> !
>> interface Ethernet0/0
>> ip address 172.16.253.2 255.255.255.0
>> end
>>
>> !
>> route-map xxx permit 10
>> match ip address 6
>> set ip next-hop 19.19.19.1 (some junk ip address) !
>> !
>> R2#sh ip access-lists 6
>> Standard IP access list 6
>> 10 permit any log (33 matches)
>>
>> show commands on R1 and R2.
>>
>> Neighborship is still built and I am not able to understand this behavior.
>>
>> R2#sh ip eigrp neighbors
>> EIGRP-IPv4 neighbors for process 1
>> H Address Interface Hold Uptime SRTT RTO Q
>> Seq
>> (sec) (ms) Cnt
>> Num 0 172.16.253.1 Et0/0 11 08:43:32 20 200
>> 0 15 R2# 0 ccle ip eig nei erbu-script
>> 06/27 9:21am
>>
>> R2#cle ip eig nei
>> *Jun 27 03:51:09.257: %DUAL-5-NBRCHANGE: EIGRP-IPv4(0) 1: Neighbor
>> 172.16.253.1
>>
>>
>> (Ethernet0/0) is down: manually cleared
>> R2#cle ip eig nei
>> *Jun 27 03:51:11.001: %DUAL-5-NBRCHANGE: EIGRP-IPv4(0) 1: Neighbor
>> 172.16.253.1
>>
>>
>> (Ethernet0/0) is up: new adjacency
>> R2#sh ip eigrp neighbors
>> EIGRP-IPv4 neighbors for process 1
>> H Address Interface Hold Uptime SRTT RTO Q
>> Seq
>> (sec) (ms) Cnt
>> Num 0 172.16.253.1 Et0/0 11 00:00:03 15 200
>> 0 20
>>
>> Can you please help me here?
>>
>> Thanks a lot in advance,
>> Sonu
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 27 2010 - 12:17:56 ART