Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: CCNP Question

CCNP Question 11 years 3 weeks ago #11375

  • randy
  • randy's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0
I'm currently working towards my CCNP cert. Right now I'm studying routing policies. However, I am having trouble with a lab that I am working on. If anyone can spot an error in my configuration please let me know. It seems that my configuration is working opposite of the way it is inteneded to.


Shown below is a pic of my setup:



Shown below is the route map configuration on the cincitec router:

cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config-if)#ip policy route-map routeftp
cincitec(config-if)#ip policy route-map routetelnet

cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#access-list 102 permit tcp any any eq 21
cincitec(config)#access-list 103 permit tcp any any eq 23

cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1

cincitec(config)#route-map routeftp permit 30
cincitec(config)#match ip address 102
cincitec(config)#set ip next-hop 172.16.1.1
cincitec(config)#route-map routeftp permit 40
cincitec(config)#set ip next-hop 172.16.2.1

cincitec(config)#route-map routetelnet permit 50
cincitec(config)#match ip address 103
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 60
cincitec(config)#set ip next-hop 172.16.1.1

Shown below is the sh route-map routehttp output, sh route-map routetelnet output and the debug ip policy output on the cincitec router:

cincitec#debug ip policy
Policy routing debugging is on
cincitec#
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255, len 243, policy match
*Mar IP: route map routehttp, item 20, permit *Mar 1 00:47:32.299: IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255 (Serial0/1), len 243, policy routed
*Mar IP: Ethernet0/0 to Serial0/1 172.16.2.1
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 48, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 48, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 532, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 532, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1500, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1500, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1500, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1500, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 1323, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 1323, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 40, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 40, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 40, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.2.1, len 40, FIB policy routed
cincitec#

cincitec#sh route-map routehttp
route-map routehttp, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 172.16.1.1
Policy routing matches: 0 packets, 0 bytes route-map routehttp, permit, sequence 20
Match clauses:
Set clauses:
ip next-hop 172.16.2.1
Policy routing matches: 27 packets, 19344 bytes cincitec#
cincitec#

###########################################

cincitec#debug ip policy
Policy routing debugging is on
cincitec#
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255, len 78, policy match
*Mar IP: route map routetelnet, item 40, permit
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.10.255 (Serial0/2), len 78, policy routed
*Mar IP: Ethernet0/0 to Serial0/2 172.16.1.1
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 48, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 61, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 61, FIB policy routed
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, len 48, FIB policy match
*Mar IP: s=192.168.10.2 (Ethernet0/0), d=192.168.20.2, g=172.16.1.1, len 48, FIB policy routed
cincitec#

cincitec#sh route-map routetelnet
route-map routetelnet, permit, sequence 30
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 172.16.2.1
Policy routing matches: 0 packets, 0 bytes route-map routetelnet, permit, sequence 40
Match clauses:
Set clauses:
ip next-hop 172.16.1.1
Policy routing matches: 101 packets, 8325 bytes
cincitec#
The administrator has disabled public write access.

Re: CCNP Question 11 years 2 weeks ago #11392

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
You've probably already done this, but have you applied the route maps to the appropriate interfaces?
-Jeremy-
The administrator has disabled public write access.

Re: CCNP Question 11 years 2 weeks ago #11394

  • randy
  • randy's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0

Hmm, not sure if I'm missing a step or two. But, shown below is what I have configured on the cincitec router. When I access the web server on host a from host b the route map seems to do the opposite of what I want. The http traffic is supposed to exit th s0/2 interface but instead it goes through the s0/1 interface. And the opposite happens when I telnet from host b to host a.


cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp
cincitec(config-if)#ip policy route-map routeftp
cincitec(config-if)#ip policy route-map routetelnet

cincitec(config)#access-list 101 permit tcp any any eq 80
cincitec(config)#access-list 102 permit tcp any any eq 21
cincitec(config)#access-list 103 permit tcp any any eq 23

cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1

cincitec(config)#route-map routeftp permit 30
cincitec(config)#match ip address 102
cincitec(config)#set ip next-hop 172.16.1.1
cincitec(config)#route-map routeftp permit 40
cincitec(config)#set ip next-hop 172.16.2.1

cincitec(config)#route-map routetelnet permit 50
cincitec(config)#match ip address 103
cincitec(config)#set ip next-hop 172.16.2.1
cincitec(config)#route-map routetelnet permit 60
cincitec(config)#set ip next-hop 172.16.1.1
The administrator has disabled public write access.

Re: CCNP Question 11 years 2 weeks ago #11397

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
On your route maps, you have both 172.16.1.1 and 172.16.2.1 as the next hop IP addresses. If you wanted your http traffic to exit s0/1, wouldn't you just want it to be pointed to 172.16.2.1? As for the telnet, if you want it to exit s0/2, then shouldn't the route map's next hop be 172.16.1.1 only?
-Jeremy-
The administrator has disabled public write access.

Re: CCNP Question 11 years 2 weeks ago #11398

  • randy
  • randy's Avatar
  • Offline
  • New Member
  • Posts: 14
  • Karma: 0

I want the http traffic to exit the s0/2 interface and I want the telnet traffic to exit the s0/1 interface. It seems to be working, but it's working in reverse. The http traffic is being routed through the s0/1 interface and the telnet traffic is being routed out the s0/2 interface. I'm not sure about the hi-lighted statement shown below.

cincitec(config)#int e0/0
cincitec(config-if)#ip address 192.168.10.1 255.255.255.0
cincitec(config-if)#ip policy route-map routehttp

cincitec(config)#access-list 101 permit tcp any any eq 80

cincitec(config)#route-map routehttp permit 10
cincitec(config-route-map)#match ip address 101
cincitec(config-route-map)#set ip next-hop 172.16.1.1
cincitec(config-route-map)#route-map routehttp permit 20
cincitec(config-route-map)#set ip next-hop 172.16.2.1
The administrator has disabled public write access.

Re: CCNP Question 11 years 2 weeks ago #11399

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
Oh woops, I was dyslexic there. Yeah, I'd try to get rid of the highlighted lines and see if it works correctly.
-Jeremy-
The administrator has disabled public write access.
Time to create page: 0.088 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup