Options

Help with a lab... PBR

Danielh22185Danielh22185 Member Posts: 1,195 ■■■■□□□□□□
in CCNP
I am going through what should be a VERY simple lab around the subject of Policy Based Routing. This is the lab 5-1 in the Cisco Student lab manual. Anywho I can't seem to find why its not working for me. I am on the last step to send a traceroute from R4 to the LAN segment of R1. It doesn't appear that the policy is working, nothing appears to be triggering. I have the debugging on to confirm the action of the policy filtering and the traceroute from R4 is not using the policy either. I am still scratching my head on this not sure why it isn't working.

Output from the trace from R4:
R4#traceroute 192.168.1.1 source 192.168.4.129Type escape sequence to abort.
Tracing the route to 192.168.1.1 1
172.16.34.3 8 msec 16 msec 8 msec 2
172.16.23.2 16 msec 12 msec 0 msec 3
172.16.12.1 12 msec * 12 msec

Attached are the configs.
R1# sh runBuilding configuration...


Current configuration : 1254 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface Loopback1
 description R1 LAN
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 description R1 --> R2
 bandwidth 128
 ip address 172.16.12.1 255.255.255.248
 clock rate 128000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 description R1 --> R3
 bandwidth 64
 ip address 172.16.13.1 255.255.255.248
!
router eigrp 1
 network 172.16.12.0 0.0.0.7
 network 172.16.13.0 0.0.0.7
 network 192.168.1.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


R1#




===================================


R2#sh run
Building configuration...


Current configuration : 1255 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface Loopback2
 description R2 LAN
 ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 description R2 --> R1
 bandwidth 128
 ip address 172.16.12.2 255.255.255.248
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 description R2 --> R3
 bandwidth 128
 ip address 172.16.23.2 255.255.255.248
 clock rate 128000
!
router eigrp 1
 network 172.16.12.0 0.0.0.7
 network 172.16.23.0 0.0.0.7
 network 192.168.2.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


R2#






===============================


R3#sh run
Building configuration...


Current configuration : 1708 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface Loopback3
 description R3 LAN
 ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 description R3 --> R1
 bandwidth 64
 ip address 172.16.13.3 255.255.255.248
 clock rate 64000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 description R3 --> R2
 bandwidth 128
 ip address 172.16.23.3 255.255.255.248
 ip policy route-map R3-to-R1
!
interface Serial0/2
 no ip address
 shutdown
!
interface Serial0/3
 description R3 --> R4
 bandwidth 64
 ip address 172.16.34.3 255.255.255.248
 clock rate 64000
!
router eigrp 1
 network 172.16.13.0 0.0.0.7
 network 172.16.23.0 0.0.0.7
 network 172.16.34.0 0.0.0.7
 network 192.168.3.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip access-list standard PBR-ACL
 remark ACL matches R4 LAN B traffic
 permit 192.168.4.128 0.0.0.127
!
access-list 1 permit 192.168.4.0 0.0.0.255
!
!
!
route-map R3-to-R1 permit 10
 match ip address PBR-ACL
 set ip next-hop 172.16.13.1
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end




=====================================


R4#sh run
Building configuration...


Current configuration : 1243 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface Loopback4
 description R4 LAN A
 ip address 192.168.4.1 255.255.255.128
!
interface Loopback5
 description R4 LAN B
 ip address 192.168.4.129 255.255.255.128
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 description R4 --> R3
 bandwidth 64
 ip address 172.16.34.4 255.255.255.248
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
!
router eigrp 1
 network 172.16.34.0 0.0.0.7
 network 192.168.4.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
· Share on FacebookShare on Twitter

Comments

  • Options
    FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
    Apply "ip policy route-map R3-to-R1" to s0/3 not s0/1

    The reason you want to apply this to the s0/3 interface is because you want the router to identify the traffic as it comes in from router 4. That way the traffic matches the route map statement.
    · Share on FacebookShare on Twitter
  • Options
    Danielh22185Danielh22185 Member Posts: 1,195 ■■■■□□□□□□
    FloOz wrote: »
    Apply "ip policy route-map R3-to-R1" to s0/3 not s0/1

    The reason you want to apply this to the s0/3 interface is because you want the router to identify the traffic as it comes in from router 4. That way the traffic matches the route map statement.

    oh man....

    I feel silly. I totally forgot that my interface numbers were different from the lab topology in the lab book. I thought this whole time I was applying it to the R3 network interface connecting to R4. Thanks! That makes perfect sense just a simple overlook I need to be more careful of as I feel this would be a typical cisco question to hunt for.

    Now it works perfectly:

    R3#debug ip policy 1
    Policy routing debugging is on for access list 1
    R3#
    *Mar 1 00:02:53.071: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.083: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.083: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.083: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.115: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    R3#
    *Mar 1 00:02:56.115: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    R3#
    *Mar 1 00:03:32.711: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, len 28, FIB policy match
    *Mar 1 00:03:32.715: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
    *Mar 1 00:03:32.755: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, len 28, FIB policy match
    *Mar 1 00:03:32.759: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
    R3#
    *Mar 1 00:03:35.747: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, len 28, FIB policy match
    *Mar 1 00:03:35.751: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed


    R4#traceroute 192.168.1.1 so 192.168.4.129


    Type escape sequence to abort.
    Tracing the route to 192.168.1.1


    1 172.16.34.3 24 msec 16 msec 0 msec
    2 172.16.13.1 44 msec * 12 msec


    Thanks FloOz!!!
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    · Share on FacebookShare on Twitter
  • Options
    Danielh22185Danielh22185 Member Posts: 1,195 ■■■■□□□□□□
    I like to test the people I manage at work too with lab scenarios for fun. I think I will include this one.
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    · Share on FacebookShare on Twitter
  • Options
    FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
    Yup its always the little things that can throw something completely off :)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.