[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cisco access list - multihomed question

I seem to have managed to nail it with the following:

Int e0/0
ip route-cache policy
ip policy route-map family
<snip
!
access-list 115 permit tcp a.b.c.d 0.0.0.31 any eq www ! cache-bypass
access-list 115 permit tcp f.g.h.i 0.0.0.31 any eq www ! cache-bypass
!
access-list 116 permit ip w.x.y.z 0.0.0.127 any ! the 'net that I want to reroute
!
access-list 117 permit ip host j.k.l.m any ! My web-cache
!
route-map family permit 10
 match ip address 115
 set ip next-hop q.r.s.t ! content-filter server
!
route-map family permit 20
 match ip address 116
 set interface Serial2/0:16 ! upstream for 're-routed' net
!
route-map family permit 30
 match ip address 117
 set interface Serial0/0 ! Default for all other traffic


Thanks to all who helped!

Longwe

p.s. please critique the above composition, check it for literary value, grammar, syntax and possibly logic flow ;-)

On Mon, 29 Oct 2001 17:54:03 +1000
Philip Smith <pfs at cisco.com> wrote:

> At 10:22 29/10/2001 +0300, Brian Longwe wrote:
> 
> >I already have a working PBR for our filtered internet access service 
> >which goes something like:
> >
> >route-map family permit 10
> >  match ip address 115
> >  set ip next-hop w.x.y.z
> >
> >access-list 115 permit tcp a.b.c.d 0.0.0.127 any eq www
> >access-list 115 deny tcp any any eq www
> >
> >This takes http (port 80) traffic from net a.b.c.d and routes it to 
> >w.x.y.z <my content filter> and leaves all other traffic to be routed by 
> >the FIB
> 
> Looks fine, you probably don't need the second line, but it does no harm...
> 
> >My catch is....
> >
> >I have discovered that each interface will only take a single "ip policy 
> >route-map" statement.... this means that I must combine the logic for my 
> >filtered service with the logic for this new policy.... which is proving 
> >to be a little tricky....
> 
> ...yes, but you can stack lots of bits together in the route-map... For 
> example:
> 
> route-map family permit 20
>   match ip address 116
>   set ip next-hop a.b.c.d
> 
> etc... Is this what you are trying to do?
> 
> >...hopefully nothing that a strong cup of coffee can't cure
> 
> Yeah, well... :)
> 
> philip
> --
> 
> 
> -----
> This is the afnog mailing list, managed by Majordomo 1.94.4
> 
> To send a message to this list, e-mail afnog at afnog.org
> To send a request to majordomo, e-mail majordomo at afnog.org and put
> your request in the body of the message (i.e use "help" for help)
> 
> This list is maintained by owner-afnog at afnog.org
> 
> 

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org