[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cisco access list - multihomed question

To: Brian Longwe <blongwe at psg.com>
Subject: Re: Cisco access list - multihomed question
From: Philip Smith <pfs at cisco.com>
Date: Mon, 29 Oct 2001 17:54:03 +1000
Cc: afnog at afnog.org
Content-Type: text/plain; charset="us-ascii"; format=flowed
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: <afnog at afnog.org>
In-Reply-To: <20011029102227.29732e2f.blongwe at psg.com>
References: <00eb01c16044$495849d0$11b9f1cf at swiftkenya.com><20011028200951.0628cd0d.blongwe at psg.com><LNEHJBNJAPFNLEGJHCPEAELLCOAA.bgreene at cisco.com><20011029074420.530e75c4.blongwe at psg.com><001101c1603d$e4a78560$11b9f1cf at swiftkenya.com><20011029092610.159b8e6c.blongwe at psg.com><00eb01c16044$495849d0$11b9f1cf at swiftkenya.com>
Sender: owner-afnog at uol.co.ug

At 10:22 29/10/2001 +0300, Brian Longwe wrote:

>I already have a working PBR for our filtered internet access service 
>which goes something like:
>
>route-map family permit 10
>  match ip address 115
>  set ip next-hop w.x.y.z
>
>access-list 115 permit tcp a.b.c.d 0.0.0.127 any eq www
>access-list 115 deny tcp any any eq www
>
>This takes http (port 80) traffic from net a.b.c.d and routes it to 
>w.x.y.z <my content filter> and leaves all other traffic to be routed by 
>the FIB

Looks fine, you probably don't need the second line, but it does no harm...

>My catch is....
>
>I have discovered that each interface will only take a single "ip policy 
>route-map" statement.... this means that I must combine the logic for my 
>filtered service with the logic for this new policy.... which is proving 
>to be a little tricky....

...yes, but you can stack lots of bits together in the route-map... For 
example:

route-map family permit 20
  match ip address 116
  set ip next-hop a.b.c.d

etc... Is this what you are trying to do?

>...hopefully nothing that a strong cup of coffee can't cure

Yeah, well... :)

philip
--


-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- Re: Cisco access list - multihomed question
  - From: Brian Longwe <blongwe at psg.com>

References:
- Re: Cisco access list - multihomed question
  - From: "Michuki Mwangi" <michuki at swiftkenya.com>
- Re: Cisco access list - multihomed question
  - From: Brian Longwe <blongwe at psg.com>
- RE: Cisco access list - multihomed question
  - From: "Barry Raveendran Greene" <bgreene at cisco.com>
- Re: Cisco access list - multihomed question
  - From: Brian Longwe <blongwe at psg.com>
- Re: Cisco access list - multihomed question
  - From: "Michuki Mwangi" <michuki at swiftkenya.com>
- Re: Cisco access list - multihomed question
  - From: Brian Longwe <blongwe at psg.com>
- Re: Cisco access list - multihomed question
  - From: "Michuki Mwangi" <michuki at swiftkenya.com>
- Re: Cisco access list - multihomed question
  - From: Brian Longwe <blongwe at psg.com>

Prev by Date: Re: Cisco access list - multihomed question
Next by Date: Re: Cisco access list - multihomed question
Prev by thread: Re: Cisco access list - multihomed question
Next by thread: Re: Cisco access list - multihomed question
Index(es):
- Date
- Thread