[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cisco access list - multihomed question
I seem to have managed to nail it with the following:
Int e0/0
ip route-cache policy
ip policy route-map family
<snip
!
access-list 115 permit tcp a.b.c.d 0.0.0.31 any eq www ! cache-bypass
access-list 115 permit tcp f.g.h.i 0.0.0.31 any eq www ! cache-bypass
!
access-list 116 permit ip w.x.y.z 0.0.0.127 any ! the 'net that I want to reroute
!
access-list 117 permit ip host j.k.l.m any ! My web-cache
!
route-map family permit 10
match ip address 115
set ip next-hop q.r.s.t ! content-filter server
!
route-map family permit 20
match ip address 116
set interface Serial2/0:16 ! upstream for 're-routed' net
!
route-map family permit 30
match ip address 117
set interface Serial0/0 ! Default for all other traffic
Thanks to all who helped!
Longwe
p.s. please critique the above composition, check it for literary value, grammar, syntax and possibly logic flow ;-)
On Mon, 29 Oct 2001 17:54:03 +1000
Philip Smith <pfs at cisco.com> wrote:
> At 10:22 29/10/2001 +0300, Brian Longwe wrote:
>
> >I already have a working PBR for our filtered internet access service
> >which goes something like:
> >
> >route-map family permit 10
> > match ip address 115
> > set ip next-hop w.x.y.z
> >
> >access-list 115 permit tcp a.b.c.d 0.0.0.127 any eq www
> >access-list 115 deny tcp any any eq www
> >
> >This takes http (port 80) traffic from net a.b.c.d and routes it to
> >w.x.y.z <my content filter> and leaves all other traffic to be routed by
> >the FIB
>
> Looks fine, you probably don't need the second line, but it does no harm...
>
> >My catch is....
> >
> >I have discovered that each interface will only take a single "ip policy
> >route-map" statement.... this means that I must combine the logic for my
> >filtered service with the logic for this new policy.... which is proving
> >to be a little tricky....
>
> ...yes, but you can stack lots of bits together in the route-map... For
> example:
>
> route-map family permit 20
> match ip address 116
> set ip next-hop a.b.c.d
>
> etc... Is this what you are trying to do?
>
> >...hopefully nothing that a strong cup of coffee can't cure
>
> Yeah, well... :)
>
> philip
> --
>
>
> -----
> This is the afnog mailing list, managed by Majordomo 1.94.4
>
> To send a message to this list, e-mail afnog at afnog.org
> To send a request to majordomo, e-mail majordomo at afnog.org and put
> your request in the body of the message (i.e use "help" for help)
>
> This list is maintained by owner-afnog at afnog.org
>
>
-----
This is the afnog mailing list, managed by Majordomo 1.94.4
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org