GroupStudy.com GroupStudy.com - A virtual community of network engineers
Home BookStore StudyNotes Links Archives StudyRooms HelpWanted Discounts Login
RE: local policy route-map not working for me posted 11/08/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next] 
Thanks for the reply.  Jian, you mentioned that my original prefix-list
was not correct (ip prefix-list 10 seq 5 permit 142.1.0.0/24).  I
thought I was supposed to match the destination IP subnet with the
prefix-list? It should've matched the source of the trace packets?



thanks



________________________________

From: Jian Gu [mailto:guxiaojian@xxxxxxxxx]
Sent: Wednesday, November 08, 2006 10:07 AM
To: Michael Zuo
Cc: Hafizur Rahman (Europe); ccielab@xxxxxxxxxxxxxx
Subject: Re: local policy route-map not working for me



Small correction, for traceroute you do need to match UDP, your
configuration works with ping.

On 11/8/06, Jian Gu < guxiaojian@xxxxxxxxx <mailto:guxiaojian@xxxxxxxxx>
> wrote:

This configuration should work (and it works in my setup), the reason
your original configuration did not work is not because it is a prefix
list, it is because your prefix list was not configured correctly. When
Cisco IOS router does a ping it will consult its unicast routing table
and use the IP address of outgoing interface's IP address as Ping
packet's source IP address.



On 11/7/06, Michael Zuo < mzuo@xxxxxxxxxxx <mailto:mzuo@xxxxxxxxxxx> >
wrote:

Still does not work, I change the configuration to:

ip access-list extended PING
permit icmp any host 142.1.0.4
!
route-map PING permit 10
match ip address PING
set ip next-hop 142.1.46.4

still:


R6(config-ext-nacl)#do trace 142.1.0.4

Type escape sequence to abort.
Tracing the route to 142.1.0.4

  1 204.12.1.3 4 msec 0 msec 4 msec
  2 142.1.0.4 32 msec *  28 msec

Any ideas on how I can debug?

Thanks...

-----Original Message-----
From: Hafizur Rahman (Europe) [mailto:hafizur.rahman@xxxxxxxxxxxxx]
Sent: Monday, November 06, 2006 11:37 PM
To: Michael Zuo; ccielab@xxxxxxxxxxxxxx
Subject: RE: local policy route-map not working for me

Hi Michael

Try using extended ACl instead of prefix list

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Michael Zuo
Sent: 07 November 2006 07:09
To: ccielab@xxxxxxxxxxxxxx
Subject: local policy route-map not working for me

Hi All,



I am having a problem with my local policy routing and can not figure
out why it is not working:



Topology:

=======

R3, R4 and R6 forms a triangle



Networks:

=======

Between R3, R4: 142.1.34.0/24

Between R3, R6: 204.12.1.0/24

Between R4, R6: 142.1.46.0/24



R4 also have IP address 142.1.0.4



OSPF is configured in a way that ping from R6 to 142.1.0.4 would go thru
R3 first (R3 touches area 0)



I am trying to use policy routing to route ICMP from R6 directly over
the connection between R4 and R6 which is not in OSPF



Configuration

=======



R6:



router ospf 1

log-adjacency-changes

network 54.1.3.6 0.0.0.0 area 3

network 204.12.1.6 0.0.0.0 area 3



ip local policy route-map PING

!



ip prefix-list 10 seq 5 permit 142.1.0.0/24

!

!

route-map PING permit 10

match ip address prefix-list 10

set ip next-hop 142.1.46.4



Result

=====



R6(config)#do trace 142.1.0.4



Type escape sequence to abort.

Tracing the route to 142.1.0.4



  1 204.12.1.3 0 msec 0 msec 4 msec

  2 142.1.0.4 28 msec *  28 msec

R6(config)#



R6#sh ip loc pol

Local policy routing is enabled, using route map PING

route-map PING, permit, sequence 10

  Match clauses:

    ip address prefix-lists: 10

  Set clauses:

    ip next-hop 142.1.46.4

  Policy routing matches: 5 packets, 320 bytes









Which means R6 still go thru R3 first before getting to R4!! Also, the
packet count in "sh ip loc pol" does not increase





Am I missing something obvious?  How do I debug further?







Thanks a bunch!!

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html


-----------------------------------------
Dimension Data - providing global IP based solutions and services
for over 20 years supported locally from a single point of contact.

This email is confidential. If you are not the intended recipient
then you must not copy it, forward it, use it for any purpose, or
disclose it to another person.

Please also note that the author of this email is not authorised
to; make any offers capable of acceptance unless expressly stated
in a validly dated and attached document which shall be subject to
the terms and conditions stated therein or, conclude any contract
on behalf of Dimension Data by email.

Although Dimension Data has taken reasonable precautions to ensure
no viruses are present in this email, the company cannot accept
responsibility for any loss or damage arising from the use of this
email or attachments.

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html