- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- PBR Question
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2008 05:23 PM
тАО06-10-2008 05:23 PM
PBR Question
I've searched the forums and can't find a good example of PBR.
All I want to do is create a simple Policy where traffic from VLAN3 (subnet 192.168.2.0) goes out WAN2 (ppp 2 or atm 2.1).
I have
created a standard access list
ip access-list standard Student
permit 192.168.2.0 0.0.0.255
!
and created a route-map
route-map Student_Staff permit 10
match ip address Student
set interface ppp 2
ProCurveSR7102dl#show route-map
route-map Student_Staff, permit, sequence 10
Match clauses:
ip address (access-lists): Student
Set clauses:
interface: ppp 2
BGP Filtering matches: 0 routes
Policy routing matches: 0 packets 0 bytes
Redistribution Filtering matches: 0 routes
However, this doesnt work.
Anybody help?
Thanks in Advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2008 06:23 PM
тАО06-10-2008 06:23 PM
Re: PBR Question
It was to add ip policy route-map Student_Staff to the ehternet interface (which makes sense).
I have done this. And have traffic flowing (Good news). However, it is still going out the wrong internet connection.?
WEhat is the set interface meant to be? Is it ppp or atm or do i use the WAN's static IP address?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2008 05:05 PM
тАО06-11-2008 05:05 PM
Re: PBR Question
Still having no luck on this.
If I remove the match command all traffic is still flowing out ppp 1. I think it must come back to the Private access policy on ethernet 1.
There is really no guides for PBR anywhere or good examples. Can anyone help.
The useful bits of the config are pasted below:
!
ip subnet-zero
ip classless
ip domain-proxy
ip routing
!
!
!
!
interface eth 0/1
ip address 192.168.10.254 255.255.255.0
ip policy route-map Student_Staff
access-policy Private
no shutdown
!
!
interface eth 0/2
no ip address
shutdown
!
!
!
interface adsl 1/1
description "ATCGC"
no shutdown
interface adsl 2/1
description "Webshield"
no shutdown
!
!
interface atm 1 point-to-point
description OnTheNet
no shutdown
bind 1 adsl 1/1 atm 1
!
interface atm 1.1 point-to-point
no shutdown
pvc 8/35
no ip address
!
!
interface atm 2 point-to-point
description WebShield
no shutdown
bind 3 adsl 2/1 atm 2
!
interface atm 2.1 point-to-point
no shutdown
pvc 8/35
no ip address
!
interface ppp 1
ip address negotiated
access-policy Public
crypto map VPN
no fair-queue
ppp chap hostname
ppp chap password
no shutdown
bind 2 atm 1.1 ppp 1
!
interface ppp 2
description Webshield
ip address negotiated no-default
access-policy Student_Staff
no fair-queue
ppp pap sent-username
no shutdown
bind 4 atm 2.1 ppp 2
!
!
!
!
!
route-map Student_Staff permit 10
description "Staff to WAN1 and Students to WAN2"
match ip address Student
set interface atm 2
!
!
!
!
ip access-list standard Student
permit 192.168.2.0 0.0.0.255
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended self
remark Traffic to ProCurve SR
permit ip any any log
!
ip access-list extended VPN-10-vpn-selectors
permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
!
ip access-list extended web-acl-13
permit ip any any
!
ip access-list extended web-acl-9
remark DC01 RDP
permit tcp any host 121.50.211.62 eq 5022 log
!
ip access-list extended wizard-pfwd-1
remark Mail IN
permit tcp any host 121.50.211.62 eq smtp log
!
ip access-list extended wizard-pfwd-2
remark Webmail
permit tcp any host 121.50.211.62 eq www log
!
ip access-list extended wizard-pfwd-3
remark tassws01 RDP
permit tcp any host 121.50.211.62 eq 5020 log
!
ip access-list extended wizard-pfwd-4
remark tassds01 RDP
permit tcp any host 121.50.211.62 eq 5021 log
!
ip policy-class Private
allow list VPN-10-vpn-selectors stateless
allow list self self
nat source list wizard-ics interface ppp 1 overload
!
ip policy-class Public
allow reverse list VPN-10-vpn-selectors stateless
nat destination list wizard-pfwd-1 address 192.168.11.23
nat destination list wizard-pfwd-2 address 192.168.11.23
nat destination list wizard-pfwd-3 address 192.168.11.27 port 3389
nat destination list wizard-pfwd-4 address 192.168.11.28 port 3389
nat destination list web-acl-9 address 192.168.11.21 port 3389
!
ip policy-class "Student Public"
! Implicit discard
!
ip policy-class Student_Staff
allow list web-acl-13
!
!
!
ip route 192.168.1.0 255.255.255.0 192.168.10.1
ip route 192.168.2.0 255.255.255.0 192.168.10.1
ip route 192.168.11.0 255.255.255.0 192.168.10.1
!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2008 03:48 AM
тАО06-12-2008 03:48 AM
Re: PBR Question
!
ip policy-class Private
allow list VPN-10-vpn-selectors stateless
allow list self self
nat source list Student interface ppp 2 overload
nat source list wizard-ics interface ppp 1 overload
!
The ordering is important, it will match the more specific Student ACL first, then anything else will be sent out via ppp 1.
If this doesn't work, with the route maps it looks like you might need to use the 'set default interface ppp 2' option. I've haven't needed to use PBR myself yet.
If you're still not having any luck, can you attach a copy of the 'show tech'? Make sure to remove any username/passwords first.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 10:52 PM
тАО06-13-2008 10:52 PM
Re: PBR Question
If I just use a 'normal' config (without trying to split the connection) and I change the nat to ppp 2 it doesn't work. If its pp 1 it does.
Is there someway from inside the router to select a ppp interface and specifically test. I.e. pinging out through ppp 2 etc
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2008 11:29 PM
тАО06-13-2008 11:29 PM
Re: PBR Question
ip address negotiated no-default
Try removing the no-default part. I'm not sure if will only let you do that for one connection though. Otherwise add a static default route, ip route 0.0.0.0/0