Policy Based Routing advice

Andrey Khomyakov khomyakov.andrey at gmail.com
Thu Aug 12 15:54:20 UTC 2010

Hey all. I'm trying to setup a routing policy on a cat4503-E with Sup6-E and
for some reason I can't see it taking effect. I'm definitely sourcing
packets from (the test machine had address). For
some reason the packets still go out towards the default gateway instead of
what's specified in the route-map. The switch is running
cat4500e-ENTSERVICESK9-M), Version 12.2(52)SG, RELEASE SOFTWARE (fc1)
According to stats on the ACL and the route-map it's just not being hit for
some reason. Applying the ACL directly to the interface (as an access-group)
shows that the ACL is correct and I see hits, however, via the route map
it's not being hit. I don't know what those "2 matches" are, but there
definitely should be a lot more than 2. And in addition, I see the packets
arriving on the firewall that is the "default gateway".

Does anyone have any tips on why this might now work?

ip access-list standard acl_Students

route-map Students-Route-Map permit 10
 match ip address acl_Students
 set ip next-hop

interface GigabitEthernet2/6
no switchport
 ip address
 ip pim dense-mode
 ip policy route-map Students-Route-Map

interface GigabitEthernet2/14
no switchport
 ip address
 no ip redirects
 no ip mroute-cache
 flowcontrol send desired

cat4503#sh access-lists acl_Students
Standard IP access list acl_Students
    10 permit, wildcard bits (2 matches)

cat4503#sh route-map
route-map Students-Route-Map, permit, sequence 10
  Match clauses:
    ip address (access-lists): acl_Students
  Set clauses:
    ip next-hop
  Policy routing matches: 2 packets, 180 bytes

cat4503#sh ip route
Routing entry for, supernet
  Known via "static", distance 1, metric 0, candidate default path
  Redistributing via eigrp 179
  Advertised by eigrp 179
  Routing Descriptor Blocks:
      Route metric is 0, traffic share count is 1

Andrey Khomyakov
[khomyakov.andrey at gmail.com]

More information about the NANOG mailing list