From: Ivan (ivan@iip.net)
Date: Wed Nov 08 2006 - 06:27:21 ART
Route-map for local-policy doesn't need to have anything at all... See example
below.
R1#sh run | i local polic
ip local policy route-map LP
R1#sh route-map
route-map DR, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map LP, permit, sequence 10
Match clauses:
Set clauses:
interface Loopback1
Policy routing matches: 39 packets, 3405 bytes
R1#sh run int lo1
Building configuration...
Current configuration : 86 bytes
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
ip policy route-map DR
end
R1#ping 10.23.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.23.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/70/76 ms
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#route-map DR
R1(config-route-map)#set interface null0
R1(config-route-map)#^Z
R1#conf t
*Nov 8 12:41:17.827: %SYS-5-CONFIG_I: Configured from console by cping
10.23.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.23.20.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
On Tuesday 07 November 2006 22:53, Michael Zuo wrote:
> Aha!! Thanks for the help, the "permit icmp ... " was the problem...
>
>
> However, I do still have the question: how come I can not use ip
> prefix-list for the "match" statement in "ip local route-map"?
>
> thanks
>
> -----Original Message-----
> From: David Prall [mailto:dcp@dcptech.com]
> Sent: Tuesday, November 07, 2006 11:43 AM
> To: Michael Zuo; 'Hafizur Rahman (Europe)'; ccielab@groupstudy.com
> Subject: RE: local policy route-map not working for me
>
> Traceroute uses a udp packet to port 33434 with a TTL set to the current
> hop
> count.
>
> http://www.cisco.com/warp/public/105/traceroute.shtml
>
> You can do a debug ip policy
>
> David
>
> --
> David C Prall dcp@dcptech.com http://dcp.dcptech.com
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf Of Michael Zuo
> > Sent: Tuesday, November 07, 2006 2:15 PM
> > To: Hafizur Rahman (Europe); ccielab@groupstudy.com
> > Subject: RE: local policy route-map not working for me
> >
> > Still does not work, I change the configuration to:
> >
> > ip access-list extended PING
> > permit icmp any host 142.1.0.4
> > !
> > route-map PING permit 10
> > match ip address PING
> > set ip next-hop 142.1.46.4
> >
> > still:
> >
> >
> > R6(config-ext-nacl)#do trace 142.1.0.4
> >
> > Type escape sequence to abort.
> > Tracing the route to 142.1.0.4
> >
> > 1 204.12.1.3 4 msec 0 msec 4 msec
> > 2 142.1.0.4 32 msec * 28 msec
> >
> > Any ideas on how I can debug?
> >
> > Thanks...
> >
> > -----Original Message-----
> > From: Hafizur Rahman (Europe) [mailto:hafizur.rahman@uk.didata.com]
> > Sent: Monday, November 06, 2006 11:37 PM
> > To: Michael Zuo; ccielab@groupstudy.com
> > Subject: RE: local policy route-map not working for me
> >
> > Hi Michael
> >
> > Try using extended ACl instead of prefix list
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf Of
> > Michael Zuo
> > Sent: 07 November 2006 07:09
> > To: ccielab@groupstudy.com
> > Subject: local policy route-map not working for me
> >
> > Hi All,
> >
> >
> >
> > I am having a problem with my local policy routing and can not figure
> > out why it is not working:
> >
> >
> >
> > Topology:
> >
> > =======
> >
> > R3, R4 and R6 forms a triangle
> >
> >
> >
> > Networks:
> >
> > =======
> >
> > Between R3, R4: 142.1.34.0/24
> >
> > Between R3, R6: 204.12.1.0/24
> >
> > Between R4, R6: 142.1.46.0/24
> >
> >
> >
> > R4 also have IP address 142.1.0.4
> >
> >
> >
> > OSPF is configured in a way that ping from R6 to 142.1.0.4
> > would go thru
> > R3 first (R3 touches area 0)
> >
> >
> >
> > I am trying to use policy routing to route ICMP from R6 directly over
> > the connection between R4 and R6 which is not in OSPF
> >
> >
> >
> > Configuration
> >
> > =======
> >
> >
> >
> > R6:
> >
> >
> >
> > router ospf 1
> >
> > log-adjacency-changes
> >
> > network 54.1.3.6 0.0.0.0 area 3
> >
> > network 204.12.1.6 0.0.0.0 area 3
> >
> >
> >
> > ip local policy route-map PING
> >
> > !
> >
> >
> >
> > ip prefix-list 10 seq 5 permit 142.1.0.0/24
> >
> > !
> >
> > !
> >
> > route-map PING permit 10
> >
> > match ip address prefix-list 10
> >
> > set ip next-hop 142.1.46.4
> >
> >
> >
> > Result
> >
> > =====
> >
> >
> >
> > R6(config)#do trace 142.1.0.4
> >
> >
> >
> > Type escape sequence to abort.
> >
> > Tracing the route to 142.1.0.4
> >
> >
> >
> > 1 204.12.1.3 0 msec 0 msec 4 msec
> >
> > 2 142.1.0.4 28 msec * 28 msec
> >
> > R6(config)#
> >
> >
> >
> > R6#sh ip loc pol
> >
> > Local policy routing is enabled, using route map PING
> >
> > route-map PING, permit, sequence 10
> >
> > Match clauses:
> >
> > ip address prefix-lists: 10
> >
> > Set clauses:
> >
> > ip next-hop 142.1.46.4
> >
> > Policy routing matches: 5 packets, 320 bytes
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Which means R6 still go thru R3 first before getting to R4!! Also, the
> > packet count in "sh ip loc pol" does not increase
> >
> >
> >
> >
> >
> > Am I missing something obvious? How do I debug further?
> >
> >
> >
> >
> >
> >
> >
> > Thanks a bunch!!
> >
> > ______________________________________________________________
> > _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > -----------------------------------------
> > Dimension Data - providing global IP based solutions and services
> > for over 20 years supported locally from a single point of contact.
> >
> > This email is confidential. If you are not the intended recipient
> > then you must not copy it, forward it, use it for any purpose, or
> > disclose it to another person.
> >
> > Please also note that the author of this email is not authorised
> > to; make any offers capable of acceptance unless expressly stated
> > in a validly dated and attached document which shall be subject to
> > the terms and conditions stated therein or, conclude any contract
> > on behalf of Dimension Data by email.
> >
> > Although Dimension Data has taken reasonable precautions to ensure
> > no viruses are present in this email, the company cannot accept
> > responsibility for any loss or damage arising from the use of this
> > email or attachments.
> >
> > ______________________________________________________________
> > _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART