- Posts: 14
- Thank you received: 0
CCNP Question
19 years 1 day ago #11375
by randy
CCNP Question was created by randy
I'm currently working towards my CCNP cert. Right now I'm studying routing policies. However, I am having trouble with a lab that I am working on. If anyone can spot an error in my configuration please let me know. It seems that my configuration is working opposite of the way it is inteneded to.
Shown below is a pic of my setup:
Shown below is the route map configuration on the cincitec router:
cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config-if)#ip policy route-map routeftp
cincitec(config-if)#ip policy route-map routetelnet
cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#access-list 102 permit tcp any any eq 21
cincitec(config)#access-list 103 permit tcp any any eq 23
cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routeftp permit 30
cincitec(config)#match ip address 102
cincitec(config)#set ip next-hop 172.16.1.1
cincitec(config)#route-map routeftp permit 40
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 50
cincitec(config)#match ip address 103
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 60
cincitec(config)#set ip next-hop 172.16.1.1
Shown below is the sh route-map routehttp output, sh route-map routetelnet output and the debug ip policy output on the cincitec router:
cincitec#debug ip policy
Policy routing debugging is on
cincitec#
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255, len 243, policy match
*Mar IP: route map routehttp, item 20, permit *Mar 1 00:47:32.299: IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255 (Serial0/1), len 243, policy routed
*Mar IP: Ethernet0/0 to Serial0/1 172.16.2.1
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 48, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 48, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 532, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 532, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1500, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1500, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1500, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1500, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1323, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1323, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 40, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 40, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 40, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 40, FIB policy routed
cincitec#
cincitec#sh route-map routehttp
route-map routehttp, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 172.16.1.1
Policy routing matches: 0 packets, 0 bytes route-map routehttp, permit, sequence 20
Match clauses:
Set clauses:
ip next-hop 172.16.2.1
Policy routing matches: 27 packets, 19344 bytes cincitec#
cincitec#
###########################################
cincitec#debug ip policy
Policy routing debugging is on
cincitec#
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255, len 78, policy match
*Mar IP: route map routetelnet, item 40, permit
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255 (Serial0/2), len 78, policy routed
*Mar IP: Ethernet0/0 to Serial0/2 172.16.1.1
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 48, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 61, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 61, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 48, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 48, FIB policy routed
cincitec#
cincitec#sh route-map routetelnet
route-map routetelnet, permit, sequence 30
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 172.16.2.1
Policy routing matches: 0 packets, 0 bytes route-map routetelnet, permit, sequence 40
Match clauses:
Set clauses:
ip next-hop 172.16.1.1
Policy routing matches: 101 packets, 8325 bytes
cincitec#
Shown below is a pic of my setup:
Shown below is the route map configuration on the cincitec router:
cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config-if)#ip policy route-map routeftp
cincitec(config-if)#ip policy route-map routetelnet
cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#access-list 102 permit tcp any any eq 21
cincitec(config)#access-list 103 permit tcp any any eq 23
cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routeftp permit 30
cincitec(config)#match ip address 102
cincitec(config)#set ip next-hop 172.16.1.1
cincitec(config)#route-map routeftp permit 40
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 50
cincitec(config)#match ip address 103
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 60
cincitec(config)#set ip next-hop 172.16.1.1
Shown below is the sh route-map routehttp output, sh route-map routetelnet output and the debug ip policy output on the cincitec router:
cincitec#debug ip policy
Policy routing debugging is on
cincitec#
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255, len 243, policy match
*Mar IP: route map routehttp, item 20, permit *Mar 1 00:47:32.299: IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255 (Serial0/1), len 243, policy routed
*Mar IP: Ethernet0/0 to Serial0/1 172.16.2.1
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 48, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 48, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 532, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 532, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1500, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1500, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1500, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1500, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1323, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1323, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 40, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 40, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 40, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 40, FIB policy routed
cincitec#
cincitec#sh route-map routehttp
route-map routehttp, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 172.16.1.1
Policy routing matches: 0 packets, 0 bytes route-map routehttp, permit, sequence 20
Match clauses:
Set clauses:
ip next-hop 172.16.2.1
Policy routing matches: 27 packets, 19344 bytes cincitec#
cincitec#
###########################################
cincitec#debug ip policy
Policy routing debugging is on
cincitec#
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255, len 78, policy match
*Mar IP: route map routetelnet, item 40, permit
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255 (Serial0/2), len 78, policy routed
*Mar IP: Ethernet0/0 to Serial0/2 172.16.1.1
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 48, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 61, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 61, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 48, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 48, FIB policy routed
cincitec#
cincitec#sh route-map routetelnet
route-map routetelnet, permit, sequence 30
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 172.16.2.1
Policy routing matches: 0 packets, 0 bytes route-map routetelnet, permit, sequence 40
Match clauses:
Set clauses:
ip next-hop 172.16.1.1
Policy routing matches: 101 packets, 8325 bytes
cincitec#
19 years 23 hours ago #11392
by jwj
-Jeremy-
Replied by jwj on topic Re: CCNP Question
You've probably already done this, but have you applied the route maps to the appropriate interfaces?
-Jeremy-
19 years 21 hours ago #11394
by randy
Hmm, not sure if I'm missing a step or two. But, shown below is what I have configured on the cincitec router. When I access the web server on host a from host b the route map seems to do the opposite of what I want. The http traffic is supposed to exit th s0/2 interface but instead it goes through the s0/1 interface. And the opposite happens when I telnet from host b to host a.
cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config-if)#ip policy route-map routeftp
cincitec(config-if)#ip policy route-map routetelnet
cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#access-list 102 permit tcp any any eq 21
cincitec(config)#access-list 103 permit tcp any any eq 23
cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routeftp permit 30
cincitec(config)#match ip address 102
cincitec(config)#set ip next-hop 172.16.1.1
cincitec(config)#route-map routeftp permit 40
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 50
cincitec(config)#match ip address 103
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 60
cincitec(config)#set ip next-hop 172.16.1.1
Replied by randy on topic Re: CCNP Question
Hmm, not sure if I'm missing a step or two. But, shown below is what I have configured on the cincitec router. When I access the web server on host a from host b the route map seems to do the opposite of what I want. The http traffic is supposed to exit th s0/2 interface but instead it goes through the s0/1 interface. And the opposite happens when I telnet from host b to host a.
cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config-if)#ip policy route-map routeftp
cincitec(config-if)#ip policy route-map routetelnet
cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#access-list 102 permit tcp any any eq 21
cincitec(config)#access-list 103 permit tcp any any eq 23
cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routeftp permit 30
cincitec(config)#match ip address 102
cincitec(config)#set ip next-hop 172.16.1.1
cincitec(config)#route-map routeftp permit 40
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 50
cincitec(config)#match ip address 103
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 60
cincitec(config)#set ip next-hop 172.16.1.1
19 years 19 hours ago #11397
by jwj
-Jeremy-
Replied by jwj on topic Re: CCNP Question
On your route maps, you have both 172.16.1.1 and 172.16.2.1 as the next hop IP addresses. If you wanted your http traffic to exit s0/1, wouldn't you just want it to be pointed to 172.16.2.1? As for the telnet, if you want it to exit s0/2, then shouldn't the route map's next hop be 172.16.1.1 only?
-Jeremy-
19 years 19 hours ago #11398
by randy
I want the http traffic to exit the s0/2 interface and I want the telnet traffic to exit the s0/1 interface. It seems to be working, but it's working in reverse. The http traffic is being routed through the s0/1 interface and the telnet traffic is being routed out the s0/2 interface. I'm not sure about the hi-lighted statement shown below.
cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
Replied by randy on topic Re: CCNP Question
I want the http traffic to exit the s0/2 interface and I want the telnet traffic to exit the s0/1 interface. It seems to be working, but it's working in reverse. The http traffic is being routed through the s0/1 interface and the telnet traffic is being routed out the s0/2 interface. I'm not sure about the hi-lighted statement shown below.
cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
Time to create page: 0.132 seconds