Options
PBR Questions.
HI GUYS/GALS
IM using pbr and creating a acl to pass interesting traffic one way and all other traffic another way, If I was permit the interesting traffic one way and want all other traffic another way, SHOULDN'T MY EXTENDED ACL HAVE A PERMIT IP ANY ANY STATEMENT BELOW MY INTERESTING TRAFFIC ENTRY. i KNW DUMB QUESTION BUT THANKS IN ADVANCE..
EXAMPLE..
IP ACCESS-LIST EXTENDED 101
PERMIT TCP ANY ANY ECQ FTP
PERMIT IP ANY ANY
THEN IM A CREATE A ROUTE MAP OBVIOUSLY TO MAKE THE TRAFFIC GO ONE WAY AND THE NON MATCHED ANOTHER, DO I HAVE TO EXPLICITY SAY IN MY MAP THAT THE NOT MATCH TRAFFIC GO ANOTHER WAY OR WILL THE TRAFFIC KNOW TO GO THE OTHER WAY B-C ITS NOT BEING MATCH
cheers..
IM using pbr and creating a acl to pass interesting traffic one way and all other traffic another way, If I was permit the interesting traffic one way and want all other traffic another way, SHOULDN'T MY EXTENDED ACL HAVE A PERMIT IP ANY ANY STATEMENT BELOW MY INTERESTING TRAFFIC ENTRY. i KNW DUMB QUESTION BUT THANKS IN ADVANCE..
EXAMPLE..
IP ACCESS-LIST EXTENDED 101
PERMIT TCP ANY ANY ECQ FTP
PERMIT IP ANY ANY
THEN IM A CREATE A ROUTE MAP OBVIOUSLY TO MAKE THE TRAFFIC GO ONE WAY AND THE NON MATCHED ANOTHER, DO I HAVE TO EXPLICITY SAY IN MY MAP THAT THE NOT MATCH TRAFFIC GO ANOTHER WAY OR WILL THE TRAFFIC KNOW TO GO THE OTHER WAY B-C ITS NOT BEING MATCH
cheers..
Practice, Practice, and more Practice make Perfection.....
Comments
-
Options
Monkerz
Member Posts: 842
No, only the interesting traffic will be identified in the ACL.
Your first route map statement will match the ACL and set the next hop. The second route map statement will only have a command to set next hop.
The second route map statement will permit all other traffic. -
Options
ColbyG
Member Posts: 1,264
You're permitting traffic to be be PBRed, so you don't want that permit any at the bottom. -
Options
Tommy2727
Member Posts: 48 ■■□□□□□□□□
thanks all did gns3 lab and dont need any any
cheersPractice, Practice, and more Practice make Perfection..... -
Options
Panzer919
Member Posts: 462
The PBR statement should read something like this
ip access-list extended PBR
permit tcp any any eq ftp ftp-data
!
route-map PBR-FTP permit 10
match ip address PBR
set ip next-hop (next hop IP)
!
route-map PBR-FTP permit 20
!
Then apply this on the aggregate interface so that the policy can be enforced.
The 10 list sets the next hop for any matching traffic, the 20 list matches anything else and will follow your routing scheme.Cisco Brat Blog
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison -
OptionsColbyG
Member Posts: 1,264
Been a little while since I played with PBR, but I don't think you'll need a permit at the bottom of the route-map. Anything denied by the ACL/route-map should be routed normally, not dropped. Worth labbing it to test, but I'm 90% sure that's how it works.
-
OptionsPanzer919
Member Posts: 462
Been a little while since I played with PBR, but I don't think you'll need a permit at the bottom of the route-map. Anything denied by the ACL/route-map should be routed normally, not dropped. Worth labbing it to test, but I'm 90% sure that's how it works.
It is like an ACL, if there is no match the packet will be dropped. I even doublechecked and this confirmed itCisco Brat Blog
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison -
OptionsColbyG
Member Posts: 1,264
It sounds like you're referring to route-map behavior, not PBR behavior specifically. From your link, page 182:Step 4 If the route map has a deny statement, normal forwarding is used, as specified
in the route/forwarding table. The set statements will not be applied to the
packet.
Step 5 At the end of all the route map instances, an implicit route map will deny
all packets. If the packet has not found a match in the previous route map
instances, the packet will hit the implicit deny route map instance. When this
occurs, the packet will be forwarded by the router following the normal route
table
According to your link, I'm right.:) -
OptionsPanzer919
Member Posts: 462
It sounds like you're referring to route-map behavior, not PBR behavior specifically. From your link, page 182:
According to your link, I'm right.:)
My bad, I re-read the thread and seen where I missed that - my fault for reading this and working at the same timeCisco Brat Blog
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison
