- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: local policy route-map not working for me posted 11/08/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Thanks for the reply.  Jian, you mentioned that my original prefix-list
was not correct (ip prefix-list 10 seq 5 permit  I
thought I was supposed to match the destination IP subnet with the
prefix-list? It should've matched the source of the trace packets?



From: Jian Gu [mailto:guxiaojian@xxxxxxxxx]
Sent: Wednesday, November 08, 2006 10:07 AM
To: Michael Zuo
Cc: Hafizur Rahman (Europe); ccielab@xxxxxxxxxxxxxx
Subject: Re: local policy route-map not working for me

Small correction, for traceroute you do need to match UDP, your
configuration works with ping.

On 11/8/06, Jian Gu < guxiaojian@xxxxxxxxx <mailto:guxiaojian@xxxxxxxxx>
> wrote:

This configuration should work (and it works in my setup), the reason
your original configuration did not work is not because it is a prefix
list, it is because your prefix list was not configured correctly. When
Cisco IOS router does a ping it will consult its unicast routing table
and use the IP address of outgoing interface's IP address as Ping
packet's source IP address.

On 11/7/06, Michael Zuo < mzuo@xxxxxxxxxxx <mailto:mzuo@xxxxxxxxxxx> >

Still does not work, I change the configuration to:

ip access-list extended PING
permit icmp any host
route-map PING permit 10
match ip address PING
set ip next-hop


R6(config-ext-nacl)#do trace

Type escape sequence to abort.
Tracing the route to

  1 4 msec 0 msec 4 msec
  2 32 msec *  28 msec

Any ideas on how I can debug?


-----Original Message-----
From: Hafizur Rahman (Europe) [mailto:hafizur.rahman@xxxxxxxxxxxxx]
Sent: Monday, November 06, 2006 11:37 PM
To: Michael Zuo; ccielab@xxxxxxxxxxxxxx
Subject: RE: local policy route-map not working for me

Hi Michael

Try using extended ACl instead of prefix list

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Michael Zuo
Sent: 07 November 2006 07:09
To: ccielab@xxxxxxxxxxxxxx
Subject: local policy route-map not working for me

Hi All,

I am having a problem with my local policy routing and can not figure
out why it is not working:



R3, R4 and R6 forms a triangle



Between R3, R4:

Between R3, R6:

Between R4, R6:

R4 also have IP address

OSPF is configured in a way that ping from R6 to would go thru
R3 first (R3 touches area 0)

I am trying to use policy routing to route ICMP from R6 directly over
the connection between R4 and R6 which is not in OSPF




router ospf 1


network area 3

network area 3

ip local policy route-map PING


ip prefix-list 10 seq 5 permit



route-map PING permit 10

match ip address prefix-list 10

set ip next-hop



R6(config)#do trace

Type escape sequence to abort.

Tracing the route to

  1 0 msec 0 msec 4 msec

  2 28 msec *  28 msec


R6#sh ip loc pol

Local policy routing is enabled, using route map PING

route-map PING, permit, sequence 10

  Match clauses:

    ip address prefix-lists: 10

  Set clauses:

    ip next-hop

  Policy routing matches: 5 packets, 320 bytes

Which means R6 still go thru R3 first before getting to R4!! Also, the
packet count in "sh ip loc pol" does not increase

Am I missing something obvious?  How do I debug further?

Thanks a bunch!!

Subscription information may be found at:

Dimension Data - providing global IP based solutions and services
for over 20 years supported locally from a single point of contact.

This email is confidential. If you are not the intended recipient
then you must not copy it, forward it, use it for any purpose, or
disclose it to another person.

Please also note that the author of this email is not authorised
to; make any offers capable of acceptance unless expressly stated
in a validly dated and attached document which shall be subject to
the terms and conditions stated therein or, conclude any contract
on behalf of Dimension Data by email.

Although Dimension Data has taken reasonable precautions to ensure
no viruses are present in this email, the company cannot accept
responsibility for any loss or damage arising from the use of this
email or attachments.

Subscription information may be found at: