Policy-Based Routing (PBR) overrides a router’s natural destination-based forwarding logic. PBR intercepts the packet after de-encapsulation on the incoming interface, before the router performs the CEF table lookup. PBR then chooses how to forward the packet using criteria other than the usual matching of the packet’s destination address with the CEF table.
PBR chooses how to forward the packet by using matching logic defined through a route map, which in turn typically refers to an IP access control list (ACL). That same route map also defines the forwarding instructions - the next-hop IP address or outgoing interface - for packets matched by the route map.
To match packets with a route map enabled for PBR, you use the familiar route-map match command. However, you have two match command options to use:
* match ip address
* match length <min> <max>
The match ip address command can reference standard and extended ACLs. Any item matchable by an ACL can be matched in the route map. The match length command allows you to specify a range of lengths, in bytes.
When a route map clause (with a permit action) matches a packet, the set command defines the action to take regarding how to forward the packet. The four set command options define either the outgoing interface or the next-hop IP address, just like routes in the IP routing table.
After the route map has been configured with all the clauses to match packets and to set an outgoing interface or next-hop address, the only remaining step requires the ip policy route-map <name> command to enable PBR for packets entering an interface.
PBR chooses how to forward the packet by using matching logic defined through a route map, which in turn typically refers to an IP access control list (ACL). That same route map also defines the forwarding instructions - the next-hop IP address or outgoing interface - for packets matched by the route map.
To match packets with a route map enabled for PBR, you use the familiar route-map match command. However, you have two match command options to use:
* match ip address
* match length <min> <max>
The match ip address command can reference standard and extended ACLs. Any item matchable by an ACL can be matched in the route map. The match length command allows you to specify a range of lengths, in bytes.
When a route map clause (with a permit action) matches a packet, the set command defines the action to take regarding how to forward the packet. The four set command options define either the outgoing interface or the next-hop IP address, just like routes in the IP routing table.
After the route map has been configured with all the clauses to match packets and to set an outgoing interface or next-hop address, the only remaining step requires the ip policy route-map <name> command to enable PBR for packets entering an interface.
R1#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R1(config)#interface
loop 1
R1(config-if)#
*Jul 9 09:35:14.699: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Loopback1, changed state to up
R1(config-if)#ip
address 192.168.1.1 255.255.255.0
R1(config-if)#
R1(config-if)#interface
serial 2/0
R1(config-if)#ip
address 172.16.12.1 255.255.255.248
R1(config-if)#bandwidth
128
R1(config-if)#no
shut
R1(config-if)#
*Jul 9 09:37:21.015: %LINK-3-UPDOWN: Interface
Serial2/0, changed state to up
R1(config-if)#
*Jul 9 09:37:22.023: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/0, changed state to up
R1(config-if)#
R1(config-if)#interface
serial 2/3
R1(config-if)#ip
address 172.16.13.1 255.255.255.248
R1(config-if)#bandwidth
64
R1(config-if)#no
shut
R1(config-if)#
*Jul 9 09:37:44.867: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/0, changed state to down
R1(config-if)#
*Jul 9 09:37:46.315: %LINK-3-UPDOWN: Interface
Serial2/3, changed state to up
R1(config-if)#
*Jul 9 09:37:47.323: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/3, changed state to up
R1(config-if)#end
R1#
R2#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R2(config)#interface
loop 2
R2(config-if)#
*Jul 9 09:38:46.451: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Loopback2, changed state to up
R2(config-if)#ip
address 192.168.2.1 255.255.255.0
R2(config-if)#
R2(config-if)#interface
serial 2/0
R2(config-if)#ip
address 172.16.12.2 255.255.255.248
R2(config-if)#bandwidth
128
R2(config-if)#no
shut
R2(config-if)#
*Jul 9 09:39:18.755: %LINK-3-UPDOWN: Interface
Serial2/0, changed state to up
R2(config-if)#
*Jul 9 09:39:19.763: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/0, changed state to up
R2(config-if)#do
ping 172.16.12.1
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/21/28 ms
R2(config-if)#
R2(config-if)#interface
serial 2/1
R2(config-if)#ip
address 172.16.23.2 255.255.255.248
R2(config-if)#bandwidth
128
R2(config-if)#no
shut
R2(config-if)#
*Jul 9 09:39:52.887: %LINK-3-UPDOWN: Interface
Serial2/1, changed state to up
R2(config-if)#
*Jul 9 09:39:53.895: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/1, changed state to up
R2(config-if)#end
R2#
R3#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R3(config)#interface
loop 3
R3(config-if)#
*Jul 9 09:40:39.783: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Loopback3, changed state to up
R3(config-if)#ip
address 192.168.3.1 255.255.255.0
R3(config-if)#
R3(config-if)#interface
serial 2/3
R3(config-if)#ip
address 172.16.13.3 255.255.255.248
R3(config-if)#bandwidth
64
R3(config-if)#no
shut
R3(config-if)#
*Jul 9 09:41:23.067: %LINK-3-UPDOWN: Interface
Serial2/3, changed state to up
R3(config-if)#
*Jul 9 09:41:24.075: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/3, changed state to up
R3(config-if)#do
ping 172.16.13.1
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 20/23/28 ms
R3(config-if)#
R3(config-if)#interface
serial 2/1
R3(config-if)#ip
address 172.16.23.3 255.255.255.248
R3(config-if)#bandwidth
128
R3(config-if)#no
shut
R3(config-if)#
*Jul 9 09:41:58.835: %LINK-3-UPDOWN: Interface
Serial2/1, changed state to up
R3(config-if)#
*Jul 9 09:41:59.843: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/1, changed state to up
R3(config-if)#do
ping 172.16.23.2
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/27/52 ms
R3(config-if)#
R3(config-if)#interface
serial 2/2
R3(config-if)#ip
address 172.16.34.3 255.255.255.248
R3(config-if)#bandwidth
64
R3(config-if)#no
shut
R3(config-if)#
*Jul 9 09:42:48.315: %LINK-3-UPDOWN: Interface
Serial2/2, changed state to up
R3(config-if)#
*Jul 9 09:42:49.323: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/2, changed state to up
R3(config-if)#end
R3#
R4#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R4(config)#interface
loop 4
R4(config-if)#
*Jul 9 09:43:17.795: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Loopback4, changed state to up
R4(config-if)#ip
address 192.168.4.1 255.255.255.128
R4(config-if)#
R4(config-if)#interface
loop 5
R4(config-if)#
*Jul 9 09:43:50.491: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Loopback5, changed state to up
R4(config-if)#ip
address 192.168.4.129 255.255.255.128
R4(config-if)#
R4(config-if)#interface
serial 2/2
R4(config-if)#ip
address 172.16.34.4 255.255.255.248
R4(config-if)#bandwidth
64
R4(config-if)#no
shut
R4(config-if)#
*Jul 9 09:44:27.103: %LINK-3-UPDOWN: Interface
Serial2/2, changed state to up
R4(config-if)#
*Jul 9 09:44:28.111: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial2/2, changed state to up
R4(config-if)#do
ping 172.16.34.3
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/21/28 ms
R4(config-if)#end
R4#
R1#show
ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset
administratively down down
FastEthernet1/0 unassigned YES unset
administratively down down
FastEthernet1/1 unassigned YES unset
administratively down down
Serial2/0 172.16.12.1 YES manual up up
Serial2/1 unassigned YES unset
administratively down down
Serial2/2 unassigned YES unset
administratively down down
Serial2/3 172.16.13.1 YES manual up up
Loopback1 192.168.1.1 YES manual up up
R1#
R1#show
protocols
Global
values:
Internet Protocol routing is enabled
FastEthernet0/0
is administratively down, line protocol is down
FastEthernet1/0
is administratively down, line protocol is down
FastEthernet1/1
is administratively down, line protocol is down
Serial2/0
is up, line protocol is up
Internet address is 172.16.12.1/29
Serial2/1
is administratively down, line protocol is down
Serial2/2
is administratively down, line protocol is down
Serial2/3
is up, line protocol is up
Internet address is 172.16.13.1/29
Loopback1
is up, line protocol is up
Internet address is 192.168.1.1/24
R2#show
ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset
administratively down down
FastEthernet1/0 unassigned YES unset
administratively down down
FastEthernet1/1 unassigned YES unset
administratively down down
Serial2/0 172.16.12.2 YES manual up up
Serial2/1 172.16.23.2 YES manual up up
Serial2/2 unassigned YES unset
administratively down down
Serial2/3 unassigned YES unset
administratively down down
Loopback2 192.168.2.1 YES manual up up
R2#
R2#show
protocols
Global
values:
Internet Protocol routing is enabled
FastEthernet0/0
is administratively down, line protocol is down
FastEthernet1/0
is administratively down, line protocol is down
FastEthernet1/1
is administratively down, line protocol is down
Serial2/0
is up, line protocol is up
Internet address is 172.16.12.2/29
Serial2/1
is up, line protocol is up
Internet address is 172.16.23.2/29
Serial2/2
is administratively down, line protocol is down
Serial2/3
is administratively down, line protocol is down
Loopback2
is up, line protocol is up
Internet address is 192.168.2.1/24
R3#show
ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset
administratively down down
FastEthernet1/0 unassigned YES unset
administratively down down
FastEthernet1/1 unassigned YES unset
administratively down down
Serial2/0 unassigned YES unset
administratively down down
Serial2/1 172.16.23.3 YES manual up up
Serial2/2 172.16.34.3 YES manual up up
Serial2/3 172.16.13.3 YES manual up up
Loopback3 192.168.3.1 YES manual up up
R3#
R3#show
protocols
Global
values:
Internet Protocol routing is enabled
FastEthernet0/0
is administratively down, line protocol is down
FastEthernet1/0
is administratively down, line protocol is down
FastEthernet1/1
is administratively down, line protocol is down
Serial2/0
is administratively down, line protocol is down
Serial2/1
is up, line protocol is up
Internet address is 172.16.23.3/29
Serial2/2
is up, line protocol is up
Internet address is 172.16.34.3/29
Serial2/3
is up, line protocol is up
Internet address is 172.16.13.3/29
Loopback3
is up, line protocol is up
Internet address is 192.168.3.1/24
R4#show
ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset
administratively down down
FastEthernet1/0 unassigned YES unset
administratively down down
FastEthernet1/1 unassigned YES unset
administratively down down
Serial2/0 unassigned YES unset
administratively down down
Serial2/1 unassigned YES unset
administratively down down
Serial2/2 172.16.34.4 YES manual up up
Serial2/3 unassigned YES unset
administratively down down
Loopback4 192.168.4.1 YES manual up up
Loopback5 192.168.4.129 YES manual up up
R4#
R4#show
protocols
Global
values:
Internet Protocol routing is enabled
FastEthernet0/0
is administratively down, line protocol is down
FastEthernet1/0
is administratively down, line protocol is down
FastEthernet1/1
is administratively down, line protocol is down
Serial2/0
is administratively down, line protocol is down
Serial2/1
is administratively down, line protocol is down
Serial2/2
is up, line protocol is up
Internet address is 172.16.34.4/29
Serial2/3
is administratively down, line protocol is down
Loopback4
is up, line protocol is up
Internet address is 192.168.4.1/25
Loopback5
is up, line protocol is up
Internet address is 192.168.4.129/25
R1#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R1(config)#router
eigrp 1
R1(config-router)#network
192.168.1.0
R1(config-router)#network
172.16.12.0 0.0.0.7
R1(config-router)#network
172.16.13.0 0.0.0.7
R1(config-router)#no
auto-summary
R1(config-router)#end
R1#
*Jul 9 09:50:38.831: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.12.2 (Serial2/0) is up: new adjacency
R1#
*Jul 9 09:51:47.479: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.13.3 (Serial2/3) is up: new adjacency
R2#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R2(config)#router
eigrp 1
R2(config-router)#network
192.168.2.0
R2(config-router)#network
172.16.12.0 0.0.0.7
R2(config-router)#
*Jul 9 09:50:48.755: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.12.1 (Serial2/0) is up: new adjacency
R2(config-router)#network
172.16.23.0 0.0.0.7
R2(config-router)#no
auto-summary
R2(config-router)#end
R2#
*Jul 9 09:52:06.027: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.23.3 (Serial2/1) is up: new adjacency
R3#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R3(config)#router
eigrp 1
R3(config-router)#network
192.168.3.0
R3(config-router)#network
172.16.13.0 0.0.0.7
R3(config-router)#
*Jul 9 09:51:57.087: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.13.1 (Serial2/3) is up: new adjacency
R3(config-router)#network
172.16.23.0 0.0.0.7
R3(config-router)#
*Jul 9 09:52:05.727: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.23.2 (Serial2/1) is up: new adjacency
R3(config-router)#network
172.16.34.0 0.0.0.7
R3(config-router)#no
auto-summary
R3(config-router)#end
R3#
*Jul 9 09:53:36.015: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.34.4 (Serial2/2) is up: new adjacency
R4#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R4(config)#router
eigrp 1
R4(config-router)#network
192.168.4.0
R4(config-router)#network
172.16.34.0 0.0.0.7
R4(config-router)#
*Jul 9 09:53:26.351: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.34.3 (Serial2/2) is up: new adjacency
R4(config-router)#no
auto-summary
R4(config-router)#end
R4#
R1#show
ip eigrp neighbors
EIGRP-IPv4
Neighbors for AS(1)
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.13.3 Se2/3 14 00:02:39 26
156 0 14
0 172.16.12.2 Se2/0 14 00:03:47 24
144 0 13
R2#show
ip eigrp neighbors
EIGRP-IPv4
Neighbors for AS(1)
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.23.3 Se2/1 14 00:02:47 28
168 0 15
0 172.16.12.1 Se2/0 12 00:04:04 28
168 0 13
R3#show
ip eigrp neighbors
EIGRP-IPv4
Neighbors for AS(1)
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.34.4 Se2/2 11 00:01:31 48
288 0 3
1 172.16.23.2 Se2/1 13 00:03:01 25
150 0 12
0 172.16.13.1 Se2/3 12 00:03:10 27
162 0 14
R4#show
ip eigrp neighbors
EIGRP-IPv4
Neighbors for AS(1)
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.34.3 Se2/2 10 00:01:48 50
300 0 13
R1#tclsh
R1(tcl)#foreach
address {
+>(tcl)#172.16.12.1
+>(tcl)#172.16.12.2
+>(tcl)#172.16.13.1
+>(tcl)#172.16.13.3
+>(tcl)#172.16.23.2
+>(tcl)#172.16.23.3
+>(tcl)#172.16.34.3
+>(tcl)#172.16.34.4
+>(tcl)#192.168.1.1
+>(tcl)#192.168.2.1
+>(tcl)#192.168.3.1
+>(tcl)#192.168.4.1
+>(tcl)#192.168.4.129
+>(tcl)#}
{ ping $address }
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 20/22/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/10/16 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.4, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/25/32 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/8/16 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/12/16 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/25/28 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.129, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/24/32 ms
R1(tcl)#
R2#tclsh
R2(tcl)#foreach
address {
+>(tcl)#172.16.12.1
+>(tcl)#172.16.12.2
+>(tcl)#172.16.13.1
+>(tcl)#172.16.13.3
+>(tcl)#172.16.23.2
+>(tcl)#172.16.23.3
+>(tcl)#172.16.34.3
+>(tcl)#172.16.34.4
+>(tcl)#192.168.1.1
+>(tcl)#192.168.2.1
+>(tcl)#192.168.3.1
+>(tcl)#192.168.4.1
+>(tcl)#192.168.4.129
+>(tcl)#}
{ ping $address }
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/24/44 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 28/36/40 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/24/36 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/20/28 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/19/20 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/10/20 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/11/20 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.4, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/19/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/16/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/11/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/18/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.129, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms
R2(tcl)#
R3#tclsh
R3(tcl)#foreach
address {
+>(tcl)#172.16.12.1
+>(tcl)#172.16.12.2
+>(tcl)#172.16.13.1
+>(tcl)#172.16.13.3
+>(tcl)#172.16.23.2
+>(tcl)#172.16.23.3
+>(tcl)#172.16.34.3
+>(tcl)#172.16.34.4
+>(tcl)#192.168.1.1
+>(tcl)#192.168.2.1
+>(tcl)#192.168.3.1
+>(tcl)#192.168.4.1
+>(tcl)#192.168.4.129
+>(tcl)#}
{ ping $address }
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/27/32 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/28/32 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/17/20 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 32/38/44 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 32/40/44 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.4, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/11/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/17/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/18/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.129, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/10/16 ms
R3(tcl)#
R4#tclsh
R4(tcl)#foreach
address {
+>(tcl)#172.16.12.1
+>(tcl)#172.16.12.2
+>(tcl)#172.16.13.1
+>(tcl)#172.16.13.3
+>(tcl)#172.16.23.2
+>(tcl)#172.16.23.3
+>(tcl)#172.16.34.3
+>(tcl)#172.16.34.4
+>(tcl)#192.168.1.1
+>(tcl)#192.168.2.1
+>(tcl)#192.168.3.1
+>(tcl)#192.168.4.1
+>(tcl)#192.168.4.129
+>(tcl)#}
{ ping $address }
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 44/49/52 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.12.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 48/50/56 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 28/33/52 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.13.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/16/20 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/31/68 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.23.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/16/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/17/24 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 172.16.34.4, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 20/32/44 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/24/32 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/24/32 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 192.168.4.129, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R4(tcl)#
R1#show
ip route
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
172.16.0.0/16 is variably subnetted, 6
subnets, 2 masks
C 172.16.12.0/29 is directly connected,
Serial2/0
L 172.16.12.1/32 is directly connected,
Serial2/0
C 172.16.13.0/29 is directly connected,
Serial2/3
L 172.16.13.1/32 is directly connected,
Serial2/3
D 172.16.23.0/29 [90/21024000] via
172.16.12.2, 00:04:09, Serial2/0
D 172.16.34.0/29 [90/41024000] via
172.16.13.3, 00:01:12, Serial2/3
192.168.1.0/24 is variably subnetted, 2
subnets, 2 masks
C 192.168.1.0/24 is directly connected,
Loopback1
L 192.168.1.1/32 is directly connected,
Loopback1
D 192.168.2.0/24 [90/20640000] via
172.16.12.2, 00:04:09, Serial2/0
D 192.168.3.0/24 [90/21152000] via
172.16.12.2, 00:04:08, Serial2/0
192.168.4.0/25 is subnetted, 2 subnets
D 192.168.4.0 [90/41152000] via
172.16.13.3, 00:01:12, Serial2/3
D 192.168.4.128 [90/41152000] via
172.16.13.3, 00:01:12, Serial2/3
R4#traceroute
192.168.1.1 source 192.168.4.1 // PATH VIA R2 HAS A BETTER METRIC VIA THE 128K LINK
Type
escape sequence to abort.
Tracing
the route to 192.168.1.1
VRF info:
(vrf in name/id, vrf out name/id)
1 172.16.34.3 16 msec 12 msec 20 msec
2 172.16.23.2 20 msec 60 msec 20 msec
3 172.16.12.1 72 msec 52 msec 48 msec
R4#
R4#traceroute
192.168.1.1 source loop 5 // PATH VIA R2 HAS A BETTER METRIC VIA THE 128K LINK
Type
escape sequence to abort.
Tracing
the route to 192.168.1.1
VRF info:
(vrf in name/id, vrf out name/id)
1 172.16.34.3 16 msec 20 msec 24 msec
2 172.16.23.2 20 msec 36 msec 40 msec
3 172.16.12.1 76 msec 56 msec 12 msec
R3#show
ip route
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
172.16.0.0/16 is variably subnetted, 7
subnets, 2 masks
D 172.16.12.0/29 [90/21024000] via
172.16.23.2, 00:04:38, Serial2/1
C 172.16.13.0/29 is directly connected,
Serial2/3
L 172.16.13.3/32 is directly connected,
Serial2/3
C 172.16.23.0/29 is directly connected,
Serial2/1
L 172.16.23.3/32 is directly connected,
Serial2/1
C 172.16.34.0/29 is directly connected,
Serial2/2
L 172.16.34.3/32 is directly connected,
Serial2/2
D 192.168.1.0/24 [90/21152000] via
172.16.23.2, 00:04:37, Serial2/1
D 192.168.2.0/24 [90/20640000] via
172.16.23.2, 00:04:26, Serial2/1
192.168.3.0/24 is variably subnetted, 2
subnets, 2 masks
C 192.168.3.0/24 is directly connected,
Loopback3
L 192.168.3.1/32 is directly connected,
Loopback3
192.168.4.0/25 is subnetted, 2 subnets
D 192.168.4.0 [90/40640000] via
172.16.34.4, 00:04:16, Serial2/2
D 192.168.4.128 [90/40640000] via
172.16.34.4, 00:04:16, Serial2/2
R3#show
interface serial 2/1
Serial2/1
is up, line protocol is up
Hardware is M4T
Internet address is 172.16.23.3/29
MTU 1500 bytes, BW 128 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload
1/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:03, output 00:00:01, output
hang never
Last clearing of "show interface"
counters never
Input queue: 0/75/0/0
(size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0
packets/sec
1953 packets input, 182264 bytes, 0 no
buffer
Received 237 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun,
0 ignored, 0 abort
1934 packets output, 180003 bytes, 0
underruns
0 output errors, 0 collisions, 1 interface
resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers
swapped out
2 carrier transitions DCD=up
DSR=up DTR=up RTS=up
CTS=up
R3#show
interface serial 2/3
Serial2/3
is up, line protocol is up
Hardware is M4T
Internet address is 172.16.13.3/29
MTU 1500 bytes, BW 64 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload
1/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:00, output 00:00:00, output
hang never
Last clearing of "show interface"
counters never
Input queue: 0/75/0/0
(size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0
packets/sec
793 packets input, 60550 bytes, 0 no
buffer
Received 240 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun,
0 ignored, 0 abort
766 packets output, 59104 bytes, 0
underruns
0 output errors, 0 collisions, 1 interface
resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers
swapped out
2 carrier transitions DCD=up
DSR=up DTR=up RTS=up
CTS=up
R3#show
ip eigrp topology 192.168.1.0 // METRIC TO REACH R1 LAN VIA R2 IS BETTER (LOWER METRIC)
EIGRP-IPv4
Topology Entry for AS(1)/ID(192.168.3.1) for 192.168.1.0/24
State is Passive, Query origin flag is 1, 1
Successor(s), FD is 21152000
Descriptor Blocks:
172.16.23.2 (Serial2/1), from 172.16.23.2,
Send flag is 0x0
Composite metric is (21152000/20640000), route
is Internal
Vector metric:
Minimum bandwidth is 128 Kbit
Total delay is 45000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Originating router is 192.168.1.1
172.16.13.1 (Serial2/3), from 172.16.13.1,
Send flag is 0x0
Composite metric is (40640000/128256), route
is Internal
Vector metric:
Minimum bandwidth is 64 Kbit
Total delay is 25000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Originating router is 192.168.1.1
R3#conf t
Enter
configuration commands, one per line.
End with CNTL/Z.
R3(config)#ip
access-list standard PBR-ACL
R3(config-std-nacl)#permit
192.168.4.128 0.0.0.127
R3(config-std-nacl)#exit
R3(config)#route-map
?
WORD
Route map tag
R3(config)#route-map
R3-R1 permit ?
<0-65535> Sequence to insert to/delete from existing
route-map entry
<cr>
R3(config)#route-map
R3-R1 permit // PBR OVERRIDES NORMAL ROUTE SELECTION
R3(config-route-map)#?
Route Map
configuration commands:
continue
Continue on a different entry within the route-map
default
Set a command to its defaults
description
Route-map comment
exit
Exit from route-map configuration mode
help
Description of the interactive help system
match
Match values from routing table
no
Negate a command or set its defaults
set
Set values in destination routing protocol
R3(config-route-map)#match
?
as-path Match BGP AS path list
clns CLNS information
community Match BGP community list
extcommunity Match BGP/VPN extended community list
interface Match first hop interface of route
ip IP specific information
ipv6 IPv6 specific information
length Packet length
local-preference Local preference for route
mdt-group Match routes corresponding to MDT
group
metric Match metric of route
mpls-label Match routes which have MPLS labels
policy-list Match IP policy list
route-type Match route-type of route
rpki Match RPKI state of route
source-protocol Match source-protocol of route
tag Match tag of route
R3(config-route-map)#match
ip ?
address Match address of route or match
packet
next-hop Match next-hop address of route
redistribution-source route redistribution source (EIGRP only)
route-source Match advertising source address of
route
R3(config-route-map)#match
ip address ?
<1-199> IP access-list number
<1300-2699> IP access-list number (expanded range)
WORD
IP access-list name
prefix-list
Match entries of prefix-lists
R3(config-route-map)#match
ip address PBR-ACL
R3(config-route-map)#set
?
as-path Prepend string for a BGP AS-path
attribute
automatic-tag Automatically compute TAG value
clns OSI summary address
comm-list set BGP community list (for deletion)
community BGP community attribute
dampening Set BGP route flap dampening
parameters
default Set default information
extcomm-list Set BGP/VPN extended community list (for
deletion)
extcommunity BGP extended community attribute
global Set to global routing table
interface Output interface
ip IP specific information
ipv6 IPv6 specific information
level Where to import route
local-preference BGP local preference path attribute
metric Metric value for destination
routing protocol
metric-type Type of metric for destination routing
protocol
mpls-label Set MPLS label for prefix
origin BGP origin code
tag Tag value for destination
routing protocol
traffic-index BGP traffic classification number for
accounting
vrf Define VRF name
weight BGP weight for routing table
R3(config-route-map)#set
ip ?
address
Specify IP address
default
Set default information
df
Set DF bit
global
global routing table
next-hop
Next hop address
precedence
Set precedence field
qos-group
Set QOS Group ID
tos
Set type of service field
vrf
VRF name
R3(config-route-map)#set
ip next-hop ?
A.B.C.D IP address of next hop
dynamic application dynamically sets next
hop
encapsulate Encapsulation profile for VPN nexthop
peer-address Use peer address (for BGP only)
recursive Recursive next-hop
self Use self address (for BGP
only)
verify-availability Verify if nexthop is reachable
R3(config-route-map)#set
ip next-hop 172.16.31.1
R3(config-route-map)#exit
R3(config)#interface
serial 2/2
R3(config-if)#ip
policy ?
route-map
Policy route map
R3(config-if)#ip
policy route-map ?
WORD
Route map name
R3(config-if)#ip
policy route-map R3-R1
R3(config-if)#end
R3#
*Jul 9 10:39:30.683: PR-RP: Set Serial2/2
policy_routemap=R3-R1; cached_map=R3-R1
R3#
*Jul 9 10:39:32.375: %SYS-5-CONFIG_I: Configured
from console by console
R3#show
route-map // VERIFY CONFIGURED POLICY AND MATCHED PACKETS
route-map R3-R1, permit,
sequence 10 // ASSIGNS
SEQUENCE 10 BY DEFAULT
Match clauses:
ip address (access-lists): PBR-ACL-LANB
Set clauses:
ip next-hop 172.16.31.1
Policy routing matches: 0 packets, 0 bytes
R4#traceroute
192.168.1.1 source 192.168.4.1 // NORMAL PATH TAKEN: R3 > R2 > R1
Type
escape sequence to abort.
Tracing
the route to 192.168.1.1
VRF info:
(vrf in name/id, vrf out name/id)
1 172.16.34.3 8 msec 20 msec 20 msec
2 172.16.23.2 12 msec 28 msec 32 msec
3 172.16.12.1 64 msec 52 msec 52 msec
R3#debug ip policy // DEBUG PBR, USE ACL TO NARROW SCOPE AND AVOID ROUTER HIGH CPU
Policy
routing debugging is on
R3#
*Jul 9 10:39:55.675: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, policy rejected -- normal forwarding
*Jul 9 10:39:55.691: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, policy rejected -- normal forwarding
*Jul 9 10:39:55.719: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, policy rejected -- normal forwarding
*Jul 9 10:39:55.739: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal
forwarding
*Jul 9 10:39:55.783: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal
forwarding
*Jul 9 10:39:55.827: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1
R3#, len
28, FIB policy rejected(no match) - normal forwarding
*Jul 9 10:39:55.867: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal
forwarding
*Jul 9 10:39:55.919: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal
forwarding
*Jul 9 10:39:55.963: IP: s=192.168.4.1
(Serial2/2), d=192.168.1.1, len 28, FIB policy rejected(no match) - normal
forwarding
R4#traceroute
192.168.1.1 source loop 5 // PATH TAKEN: R3 > R1 SINCE IT MATCHES PBR POLICY
Type
escape sequence to abort.
Tracing
the route to 192.168.1.1
VRF info:
(vrf in name/id, vrf out name/id)
1 172.16.34.3 20 msec 20 msec 20 msec
2 172.16.13.1 28 msec 28 msec 60 msec
R3#
*Jul 9 10:40:16.983: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, policy match
*Jul 9 10:40:16.987: IP: route map R3-R1, item 10,
permit
*Jul 9 10:40:16.987: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1 (Serial2/3), len 28, policy routed
*Jul 9 10:40:16.991: IP: Serial2/2 to Serial2/3
172.16.13.1
*Jul 9 10:40:17.023: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, policy match
*Jul 9 10:40:17.027: IP: route map R3-R1, item 10,
permit
*Jul 9 10:40:17.027: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1 (Serial2/3), len 28, policy routed
*Jul 9 10:40:17.027: IP: Serial2/2 to Serial2/3
172.16.13.1
*Jul 9 10:40:17.043: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, policy match
*Jul 9 10:40:17.047: IP: route map R3-R1, item 10,
permit
*Jul 9 10:40:17.047: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1 (Serial2/3), len 28, policy routed
*Jul 9 10:40:17.051: IP: Serial2/2 to Serial2/3
172.16.13.1
*Jul 9 10:40:17.063: IP: s=192.168.4.12
R3#9
(Serial2/2), d=192.168.1.1, len 28, FIB policy match
*Jul 9 10:40:17.067: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, PBR Counted
*Jul 9 10:40:17.067: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
*Jul 9 10:40:17.107: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, FIB policy match
*Jul 9 10:40:17.107: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, PBR Counted
*Jul 9 10:40:17.111: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
*Jul 9 10:40:17.151: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, FIB policy match
*Jul 9 10:40:17.151: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, len 28, PBR Counted
*Jul 9 10:40:17.155: IP: s=192.168.4.129
(Serial2/2), d=192.168.1.1, g=172.16.13.1, len 28, FIB policy routed
R3#show
route-map
route-map
R3-R1, permit, sequence 10
Match clauses:
ip address (access-lists): PBR-ACL
Set clauses:
ip next-hop 172.16.31.1
Nexthop
tracking current: 0.0.0.0
172.16.31.1,
fib_nh:0,oce:0,status:0
Policy routing matches: 9
packets, 288 bytes
No comments:
Post a Comment