+ Reply to Thread
Results 1 to 5 of 5
  1. Senior Member Danielh22185's Avatar
    Join Date
    Apr 2012
    Location
    DFW Area
    Posts
    1,158

    Certifications
    CCNP R&S, CCNA, CCENT
    #1

    Default Help with a lab... PBR

    I am going through what should be a VERY simple lab around the subject of Policy Based Routing. This is the lab 5-1 in the Cisco Student lab manual. Anywho I can't seem to find why its not working for me. I am on the last step to send a traceroute from R4 to the LAN segment of R1. It doesn't appear that the policy is working, nothing appears to be triggering. I have the debugging on to confirm the action of the policy filtering and the traceroute from R4 is not using the policy either. I am still scratching my head on this not sure why it isn't working.

    Output from the trace from R4:
    R4#traceroute 192.168.1.1 source 192.168.4.129Type escape sequence to abort.
    Tracing the route to 192.168.1.1 1
    172.16.34.3 8 msec 16 msec 8 msec 2
    172.16.23.2 16 msec 12 msec 0 msec 3
    172.16.12.1 12 msec * 12 msec

    Attached are the configs.

    Code:
    R1# sh runBuilding configuration...
    
    
    Current configuration : 1254 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 10
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    archive
     log config
      hidekeys
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback1
     description R1 LAN
     ip address 192.168.1.1 255.255.255.0
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/0
     description R1 --> R2
     bandwidth 128
     ip address 172.16.12.1 255.255.255.248
     clock rate 128000
    !
    interface FastEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/1
     description R1 --> R3
     bandwidth 64
     ip address 172.16.13.1 255.255.255.248
    !
    router eigrp 1
     network 172.16.12.0 0.0.0.7
     network 172.16.13.0 0.0.0.7
     network 192.168.1.0
     no auto-summary
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line aux 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line vty 0 4
     login
    !
    !
    end
    
    
    R1#
    
    
    
    
    ===================================
    
    
    R2#sh run
    Building configuration...
    
    
    Current configuration : 1255 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R2
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 10
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    archive
     log config
      hidekeys
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback2
     description R2 LAN
     ip address 192.168.2.1 255.255.255.0
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/0
     description R2 --> R1
     bandwidth 128
     ip address 172.16.12.2 255.255.255.248
    !
    interface FastEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/1
     description R2 --> R3
     bandwidth 128
     ip address 172.16.23.2 255.255.255.248
     clock rate 128000
    !
    router eigrp 1
     network 172.16.12.0 0.0.0.7
     network 172.16.23.0 0.0.0.7
     network 192.168.2.0
     no auto-summary
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line aux 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line vty 0 4
     login
    !
    !
    end
    
    
    R2#
    
    
    
    
    
    
    ===============================
    
    
    R3#sh run
    Building configuration...
    
    
    Current configuration : 1708 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R3
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 10
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    archive
     log config
      hidekeys
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback3
     description R3 LAN
     ip address 192.168.3.1 255.255.255.0
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/0
     description R3 --> R1
     bandwidth 64
     ip address 172.16.13.3 255.255.255.248
     clock rate 64000
    !
    interface FastEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/1
     description R3 --> R2
     bandwidth 128
     ip address 172.16.23.3 255.255.255.248
     ip policy route-map R3-to-R1
    !
    interface Serial0/2
     no ip address
     shutdown
    !
    interface Serial0/3
     description R3 --> R4
     bandwidth 64
     ip address 172.16.34.3 255.255.255.248
     clock rate 64000
    !
    router eigrp 1
     network 172.16.13.0 0.0.0.7
     network 172.16.23.0 0.0.0.7
     network 172.16.34.0 0.0.0.7
     network 192.168.3.0
     no auto-summary
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    ip access-list standard PBR-ACL
     remark ACL matches R4 LAN B traffic
     permit 192.168.4.128 0.0.0.127
    !
    access-list 1 permit 192.168.4.0 0.0.0.255
    !
    !
    !
    route-map R3-to-R1 permit 10
     match ip address PBR-ACL
     set ip next-hop 172.16.13.1
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line aux 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line vty 0 4
     login
    !
    !
    end
    
    
    
    
    =====================================
    
    
    R4#sh run
    Building configuration...
    
    
    Current configuration : 1243 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R4
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 10
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip domain name lab.local
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    archive
     log config
      hidekeys
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback4
     description R4 LAN A
     ip address 192.168.4.1 255.255.255.128
    !
    interface Loopback5
     description R4 LAN B
     ip address 192.168.4.129 255.255.255.128
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/0
     description R4 --> R3
     bandwidth 64
     ip address 172.16.34.4 255.255.255.248
    !
    interface FastEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/1
     no ip address
     shutdown
    !
    router eigrp 1
     network 172.16.34.0 0.0.0.7
     network 192.168.4.0
     no auto-summary
    !
    ip forward-protocol nd
    !
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line aux 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous
    line vty 0 4
     login
    !
    !
    end
    Attached Images Attached Images
    Last edited by Danielh22185; 08-21-2013 at 09:00 PM.
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    Reply With Quote Quote  

  2. SS -->
  3. Network Consultant FloOz's Avatar
    Join Date
    Dec 2011
    Posts
    1,588

    Certifications
    B.S. CSIT; CompTIA A+, Network+; CCNA, DA; CCNP R&S; CCDP
    #2
    Apply "ip policy route-map R3-to-R1" to s0/3 not s0/1

    The reason you want to apply this to the s0/3 interface is because you want the router to identify the traffic as it comes in from router 4. That way the traffic matches the route map statement.
    Last edited by FloOz; 08-21-2013 at 09:15 PM.
    Reply With Quote Quote  

  4. Senior Member Danielh22185's Avatar
    Join Date
    Apr 2012
    Location
    DFW Area
    Posts
    1,158

    Certifications
    CCNP R&S, CCNA, CCENT
    #3
    Quote Originally Posted by FloOz View Post
    Apply "ip policy route-map R3-to-R1" to s0/3 not s0/1

    The reason you want to apply this to the s0/3 interface is because you want the router to identify the traffic as it comes in from router 4. That way the traffic matches the route map statement.
    oh man....

    I feel silly. I totally forgot that my interface numbers were different from the lab topology in the lab book. I thought this whole time I was applying it to the R3 network interface connecting to R4. Thanks! That makes perfect sense just a simple overlook I need to be more careful of as I feel this would be a typical cisco question to hunt for.

    Now it works perfectly:

    R3#debug ip policy 1
    Policy routing debugging is on for access list 1
    R3#
    *Mar 1 00:02:53.071: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.083: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.083: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.083: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    *Mar 1 00:02:53.115: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    R3#
    *Mar 1 00:02:56.115: IP: s=192.168.4.1 (Serial0/3), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal forwarding
    R3#
    *Mar 1 00:03:32.711: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, len 28, FIB policy match
    *Mar 1 00:03:32.715: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
    *Mar 1 00:03:32.755: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, len 28, FIB policy match
    *Mar 1 00:03:32.759: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
    R3#
    *Mar 1 00:03:35.747: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, len 28, FIB policy match
    *Mar 1 00:03:35.751: IP: s=192.168.4.129 (Serial0/3), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed


    R4#traceroute 192.168.1.1 so 192.168.4.129


    Type escape sequence to abort.
    Tracing the route to 192.168.1.1


    1 172.16.34.3 24 msec 16 msec 0 msec
    2 172.16.13.1 44 msec * 12 msec


    Thanks FloOz!!!
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    Reply With Quote Quote  

  5. Senior Member Danielh22185's Avatar
    Join Date
    Apr 2012
    Location
    DFW Area
    Posts
    1,158

    Certifications
    CCNP R&S, CCNA, CCENT
    #4
    I like to test the people I manage at work too with lab scenarios for fun. I think I will include this one.
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    Reply With Quote Quote  

  6. Network Consultant FloOz's Avatar
    Join Date
    Dec 2011
    Posts
    1,588

    Certifications
    B.S. CSIT; CompTIA A+, Network+; CCNA, DA; CCNP R&S; CCDP
    #5
    Yup its always the little things that can throw something completely off
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks