Policy based Routing not working in core switch

24 0 1 0

Issue Description:

We configured PBR for one LAN IP Address but once configured we are unable to access the Server Locally. We configured PBR for one LAN IP Address but once configured we are unable to access the Server Locally.


Handling process

called the customer to get more details about the issue:

1-    PBR to force server to go to firewall

2-    Once configured not even same subnet can communicate with the server

3- collect the topology 

c659c486acf446f5a402538e4d4fb670

4- All devices go to the proxy except the 10.x.x.13 server go to firewall

5- Traffic Path

         a) Voice server 10.x.x.13 to firewall 

         b) 10.x.x.11 server(has no pbr) is to the core switch

         c) Hence the icmp reply from the voice server comes to firewall but the request packet is missing on USG ; the traffic is dropped


Solution:

The PBR need adjustment --> any server in 10.x.x.y needs to talk to 10.x.x.13 should go to firewall; so i add Add this rule to acl 3001 (pbr matching access list)

 Rule 10  permit ip destination 10.40.5.13.0

Before

traffic classifier XXX operator or precedence 5

 if-match acl 3001

#

acl number 3001  

 rule 5 permit ip source 10.x.x.13 0 

#

#

traffic behavior xxx

 permit

 redirect ip-nexthop 10.40.x.10

#

traffic policy xxx match-order config

 classifier xxx behavior xxx

#

After

traffic classifier XXX operator or precedence 5

 if-match acl 3001

#

acl number 3001  

 rule 5 permit ip source 10.x.x.13 0 

 rule 10 permit ip destination 10.x.x.13 0

#

#

traffic behavior xxx

 permit

 redirect ip-nexthop 10.40.x.10

#

traffic policy xxx match-order config

 classifier xxx behavior xxx

#


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login