Scenario:
After getting rid of the ring that ruled them all things have changed in Middle Earth. The hobbits have become network engineers and are interconnecting every creature in their fantasy world. OSPF is the routing protocol of choice but the hobbits have some problems since all traffic is sent down the same path. Do you think you can help them out by teaching them Policy Based Routing?
Goal:
- All IP addresses have been preconfigured for you.
- OSPF has been preconfigured for you for full connectivity.
- Do not make any changes to OSPF.
- Make changes on router Bilbo so traffic from 1.1.1.0 towards router Meriadoc is sent down the serial link.
- Make changes on router Bilbo so traffic from 192.168.12.1 towards 33.33.33.33 is sent down the serial link.
- Make changes on router Bilbo so packets that are greater than 200 bytes are sent down the serial link.
- Make changes on router Bilbo so traffic from 192.168.12.2 towards 3.3.3.3 is sent down the serial link.
It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the routing protocols for CCNP.
Would you like to be a master of routing too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?
I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of routing.
You will learn all the secrets about routing, policy based routing (PBR), route-maps and more.
Does this sound interesting to you? Take a look here and let me show you how to Master CCNP ROUTE
IOS:
c3640-jk9s-mz.124-16.bin
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
You can do it on the interface level using the ‘ip policy’ command.
Hi,
For:
Make changes on router Bilbo so traffic from 192.168.12.2 towards 3.3.3.3 are sent down the serial link:
Where can I apply the policy route-map on BILBO so it can take effect?.
Thanks.
In response to Rene and Alex.
Packets generated by the router are not policy routed. If you want to policy route traffic generated by the router, you must enable it. To enable local PBR, use the following global configuration command.
‘ip local policy route-map’
Thanks for sharing this, this is important to keep in mind in case you test things.
There’s a big difference between traffic that flows "through" the router and traffic "generated" by the router itself and how the router deals with it. Traffic generated by the router is indeed not policy-routed so you need that command 🙂
Same thing applies to access-lists btw, traffic generated by your own router will not hit your access-lists on your interfaces.
I don’t know how you recommend going about mastering these labs, but I find them very useful to have the video running, and to pause before you give an answer to exhaust every way I think something could be done prior to following your lead. I found this lab excellent. I’ve been working through 5-6 labs/day along with other studies.
I believe this is a good way to "master" the labs. If you just watch the video you might get a good understanding but it’s MUCH better when you try to wrap your head around it yourself. If you struggle on a topic and finally finish it you’ll learn a valuable lesson and it will be easier to remember.
Watching the video and pausing it, doing the lab step-by-step is a good idea because it will prevent you from going down a rabbit hole that might not exist 🙂
have fun!
can have few more PBR LABs Rene
I cannot get passed the first step. For some reason it keeps inserting 2 ip adresses for the next hop even though I only enter one IP:
Bilbo#sho route-map
route-map ONE, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
[u]ip next-hop 192.168.24.2 192.168.24.4[/u]
Policy routing matches: 21 packets, 1260 bytes
Bilbo#sho access-lists
Standard IP access list 1
10 permit 1.1.1.0, wildcard bits 0.0.0.255 (78 matches)
as a result the policy tries to push traffic to .2 which then drops it. I cannot see when I am going wrong.
*Mar 1 00:51:06.179: IP: s=1.1.1.1 (FastEthernet0/0), d=3.3.3.3, len 28, policy match
*Mar 1 00:51:06.179: IP: route map ONE, item 10, permit
*Mar 1 00:51:06.179: IP: s=1.1.1.1 (FastEthernet0/0), d=3.3.3.3 (Serial2/0), len 28, policy routed
*Mar 1 00:51:06.183: IP: FastEthernet0/0 to Serial2/0 192.168.24.2
Bilbo(config)#
Bilbo#show run int fa0/0
Building configuration…
Current configuration : 122 bytes
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip policy route-map ONE
duplex auto
speed auto
Bilbo#sho ver
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(16a), RELEASE SOFTWARE (fc2)
I think if you use the "set" command for a route-map that it will only "add" something. Get rid of the entire set line and then enter the correct IP address.
I am getting this error and i don’t see where i made the mistake
Mar 1 00:03:08.795: IP: s=192.168.12.1 (FastEthernet0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) – normal forwarding.
I see that source is wrong but see my configuration, i did the same you did in the video.
Can you please point me where i got mistake. Here my Conf
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip policy route-map Name
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.23.2 255.255.255.0
duplex auto
speed auto
!
interface Serial2/0
ip address 192.168.24.2 255.255.255.0
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
no ip http server
no ip http secure-server
!
!
!
access-list 101 permit ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255
!
route-map Name permit 15
match ip address 101
set ip next-hop 192.168.24.4
!
!
!
control-plane
Hi Risaaq
Mar 1 00:03:08.795: IP: s=[b]192.168.12.1[/b] (FastEthernet0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) – normal forwarding.
access-list 101 permit ip [b]1.1.1.0 0.0.0.255[/b] 3.3.3.0 0.0.0.255
Correct ur access-list
access-list 101 permit ip 192.168.12.0 0.0.0.255 3.3.3.0 0.0.00.255
or
access-list 101 permit ip host 192.168.12.1 3.3.3.0 0.0.00.255
your configuration is correct no need to change anything
but when u ping from frodo ping like this
Frodo(config)#do ping 3.3.3.3 so l0
because here u specified your pings from source l0 which is 1.1.1.1
but in normal pings
it will be specified from int f0/0 of router frodo
anyway u r correct just specify the source
………Im noticing a number of these labs state they are pre configured (ip addresses, routing protocols, interfaces etc) and most of them are missing incorrect information of the start up config. Are you going to update these labs or will i be better of configuring the entire lab myself????
I love doing labs here!
"After getting rid of the ring that ruled them all things have changed in Middle Earth. The hobbits have become network engineers"
😀 HAHAH! That’s just awesome.
I don’t understand what is wrong.
Bilbo#sh ip access 100
Extended IP access list 100
10 permit ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255 log
Bilbo#sh rou
route-map questao1, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.24.4
Policy routing matches: 0 packets, 0 bytes
Bilbo#sh ip policy
Interface Route map
Fa0/0 questao1
Bilbo#
Is everything OK about configuration but the route-map debug says:
Bilbo#
*Mar 1 00:27:21.627: IP: s=1.1.1.1 (FastEthernet0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) – normal forwarding
R1 never get the right route.
is it a bug?
In your Route-map after you putt a match command you need a “Set” command: “SET IP NEXT_HOP 192.168.24.4”
Then it will work correctly.
Cheers
Even I have same problem, even thought it matches my ACL, traffic is not routing thru defined next-hop
ip access-list extended Redirect
permit ip host 1.1.1.1 host 33.33.33.33 log
!
route-map SetNextHop permit 10
match ip address Redirect
set ip next-hop 192.168.24.4
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip policy route-map SetNextHop
########################################
Frodo#traceroute 33.33.33.33 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 192.168.12.2 20 msec 20 msec 20 msec
2 192.168.23.3 44 msec 36 msec 44 msec
3 192.168.35.5 40 msec * 80 msec
########################################
*Mar 1 00:38:46.243: IP: s=1.1.1.1 (FastEthernet0/0), d=33.33.33.33, len 28, FIB policy rejected(no match) – normal forwarding
Bilbo#
*Mar 1 00:38:49.231: IP: s=1.1.1.1 (FastEthernet0/0), d=33.33.33.33, len 28, FIB policy rejected(no match) – normal forwarding
Bizzare
I see hits on ACL but not PBR
Extended IP access list 102
10 permit ip 1.1.1.0 0.0.0.255 any log[b] (3 matches)[/b]
route-map redirect, permit, sequence 10
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 192.168.24.4
[b] Policy routing matches: 0 packets, 0 bytes[/b]
[quote=roovind]Bizzare
I see hits on ACL but not PBR
Extended IP access list 102
10 permit ip 1.1.1.0 0.0.0.255 any log[b] (3 matches)[/b]
[/quote]
I think the issue is the [b]log[/b] option at the end of your access-list. It looks like this is writing the match to your sys log, as opposed to actually permitting the traffic for your route-map. Try it without the log option.
This lab worked perfectly for me.
Many thanks for leaving this comment, Josh.
I have been working on this for a few hours. I first tried it with “log-input”, then “log”, neither would work. Cut & paste from Rene’s configs, worked fine. Could not understand. It works without the “log” option. No idea why.
Hi Rene
Cant we just use the set command to s2/0 instead of specifying the next hop to 24.4. I tried doing this and got the same results..
please suggest.
Only if the interface is point to point. It works for PPP, MLPPP, FR P2P subinterface, and HDLC, but not for multipoint FR. I would recommend using next-hop IP in case your L2 network changes. For example, what if you had an Ethernet link instead in the future? This way the route-map stays the same and you just migrate link-level settings.
I´s very good job
I did the first step and notice that PBR kicks in even though I didn’t put in an access-list which I accidentally forgot to insert .
If there is not access-list to math to, then the packets should thke the path/route which is in the routing table.
I even check CEF and its default path is 192.168.23.0 but without me entering an access-list it still going through 192.168.24.0.
If I remove the rout-map config from the interface of cause it will go through 192.168.23.0 but the point is without a route-map matching an ACL it should take path 192.168.23.0.
I should this to a network specialist in my place of work and he agreed with me, but at the same time he said he has never tried or lab PBR and forgot to add an ACL.
Below is all I entered:
route-map NAME permit 10
match ip address 100
set ip next-hop 192.168.24.4
int fa0/0
ip policy route-map NAME