Choosing next hop for traffic specific
Hello,
I would like to know how I can use "set tag" in Route-map in order to lead traffic specific throug static route with "ip route".
I believe that I can do the following:
access-list 101 permit ip 192.168.120.0 0.0.0.255 any /* Filtering Lan Traffic Specific 1 */
access-list 102 permit ip 192.168.180.0 0.0.0.255 any /* Filtering Lan Traffic Specific 2 */
route-map XXXX permit 10 /* Tag 20 is related to Lan traffic specific 1 */
match ip address 101
set tag 20
route-map YYYY permit 20 /* Tag 30 is related to Lan traffic specific 2 */
match ip address 102
set tag 30
interface GigabitEthernet0/1.20 /* Applying route-map to Lan subinterface */
encapsulation dot1Q 20
ip address 192.168.120.1 255.255.255.0
ip policy route-map XXXX
interface GigabitEthernet0/1.21 /* Applying route-map to Lan subinterface */
encapsulation dot1Q 21
ip address 192.168.180.1 255.255.255.0
ip policy route-map YYYY
ip route 172.18.70.0 255.255.255.0 11.0.15.1 tag 20 /* traffic specific 1 is transmit to 172.18.0.70 through next hop 11.0.15.1 */
ip route 172.18.70.0 255.255.255.0 11.0.15.5 tag 30 /* traffic specific 2 is transmit to 172.18.0.70 through next hop 11.0.15.5 */
Is this correct ?, or is there another way to approach this issue?
Thanks for your answer in advance.
Hello Cadet,
Thanks for your feedback. Sorry, I was wrong. As you say, it looks correct. I did the mistake when I tested the ping from the Router-1 while the PRB applied to ingressing traffic and not to the generated traffic in the Router-1.
I have been doing this work remotely, because the sites are far each other.
Finally one person went to the remote site and verified, from de Lan1 and Lan2, that they was following the correct route.
Also, I was not sure about this routes:
ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21
Thanks for your advise.
The "ip route" in the Router-2, I have corrected too.
Thanks very much.
Best regards,
Sandro
Similar Messages
-
Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0
ASA 5505 Split tunneling stopped working when upgraded from 8.3(1) to 8.4(3).
When a user was connecting to the old 8.3(1) appliance they could access all of our subnets: 10.60.0.0/16, 10.89.0.0/16, 10.33.0.0/16, 10.1.0.0/16
but now they cannot and in the logs I can just see
6 Oct 31 2012 08:17:59 110003 10.60.30.111 1 10.89.30.41 0 Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0
any hints? i have tried almost everything. the running configuration is:
: Saved
ASA Version 8.4(3)
hostname asa
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
interface Vlan2
nameif outside
security-level 0
ip address 80.90.98.217 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.33.0.0_16
subnet 10.33.0.0 255.255.0.0
object network NETWORK_OBJ_10.60.0.0_16
subnet 10.60.0.0 255.255.0.0
object network NETWORK_OBJ_10.89.0.0_16
subnet 10.89.0.0 255.255.0.0
object network NETWORK_OBJ_10.1.0.0_16
subnet 10.1.0.0 255.255.0.0
object network tetPC
host 10.60.10.1
description test
object network NETWORK_OBJ_10.60.30.0_24
subnet 10.60.30.0 255.255.255.0
object network NETWORK_OBJ_10.60.30.64_26
subnet 10.60.30.64 255.255.255.192
object network SSH-server
host 10.60.20.6
object network SSH_public
object network ftp_public
host 80.90.98.218
object network rdp
host 10.60.10.4
object network ftp_server
host 10.60.20.2
object network ssh_public
host 80.90.98.218
object service FTP
service tcp destination eq 12
object network NETWORK_OBJ_10.60.20.3
host 10.60.20.3
object network NETWORK_OBJ_10.60.40.192_26
subnet 10.60.40.192 255.255.255.192
object network NETWORK_OBJ_10.60.10.10
host 10.60.10.10
object network NETWORK_OBJ_10.60.20.2
host 10.60.20.2
object network NETWORK_OBJ_10.60.20.21
host 10.60.20.21
object network NETWORK_OBJ_10.60.20.4
host 10.60.20.4
object network NETWORK_OBJ_10.60.20.5
host 10.60.20.5
object network NETWORK_OBJ_10.60.20.6
host 10.60.20.6
object network NETWORK_OBJ_10.60.20.7
host 10.60.20.7
object network NETWORK_OBJ_10.60.20.29
host 10.60.20.29
object service port_tomcat
service tcp source range 8080 8082
object network TBSF
subnet 172.16.252.0 255.255.255.0
object network MailServer
host 10.33.10.2
description Mail Server
object service HTTPS
service tcp source eq https
object network test
object network access_web_mail
host 10.60.50.251
object network downtown_Interface_host
host 10.60.50.1
description downtown Interface Host
object service Oracle_port
service tcp source eq sqlnet
object network NETWORK_OBJ_10.60.50.248_29
subnet 10.60.50.248 255.255.255.248
object network NETWORK_OBJ_10.60.50.1
host 10.60.50.1
object network NETWORK_OBJ_10.60.50.0_28
subnet 10.60.50.0 255.255.255.240
object network brisel
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.191.191.0_24
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.60.60.0_24
subnet 10.60.60.0 255.255.255.0
object-group service TCS_Service_Group
description This Group of available Services is for TCS Clients
service-object object port_tomcat
object-group service HTTPS_ACCESS tcp
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object 10.1.0.0 255.255.0.0
network-object 10.33.0.0 255.255.0.0
network-object 10.60.0.0 255.255.0.0
network-object 10.89.0.0 255.255.0.0
access-list outside_1_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0
access-list outside_2_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
access-list outside_3_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list OUTSIDE_IN extended permit icmp any any time-exceeded
access-list OUTSIDE_IN extended permit icmp any any unreachable
access-list OUTSIDE_IN extended permit icmp any any echo-reply
access-list OUTSIDE_IN extended permit icmp any any source-quench
access-list OUTSIDE_IN extended permit tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit icmp host 80.90.98.222 host 80.90.98.217
access-list OUTSIDE_IN extended permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh
access-list OAKDCAcl standard permit 10.60.0.0 255.255.0.0
access-list OAKDCAcl standard permit 10.33.0.0 255.255.0.0
access-list OAKDCAcl remark backoffice
access-list OAKDCAcl standard permit 10.89.0.0 255.255.0.0
access-list OAKDCAcl remark maint
access-list OAKDCAcl standard permit 10.1.0.0 255.255.0.0
access-list osgd standard permit host 10.60.20.4
access-list osgd standard permit host 10.60.20.5
access-list osgd standard permit host 10.60.20.7
access-list testOAK_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list snmp extended permit udp any eq snmptrap any
access-list snmp extended permit udp any any eq snmp
access-list downtown_splitTunnelAcl standard permit host 10.60.20.29
access-list webMailACL standard permit host 10.33.10.2
access-list HBSC standard permit host 10.60.30.107
access-list HBSC standard deny 10.33.0.0 255.255.0.0
access-list HBSC standard deny 10.89.0.0 255.255.0.0
access-list outside_4_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0
access-list OAK-remote_splitTunnelAcl standard permit 10.1.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.33.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.89.0.0 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
ip local pool mail_sddress_pool 10.60.50.251-10.60.50.255 mask 255.255.0.0
ip local pool test 10.60.50.1 mask 255.255.255.255
ip local pool ipad 10.60.30.90-10.60.30.99 mask 255.255.0.0
ip local pool TCS_pool 10.60.40.200-10.60.40.250 mask 255.255.255.0
ip local pool OSGD_POOL 10.60.50.2-10.60.50.10 mask 255.255.0.0
ip local pool OAK_pool 10.60.60.0-10.60.60.255 mask 255.255.0.0
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip audit name ThreatDetection attack action alarm
ip audit interface inside ThreatDetection
ip audit interface outside ThreatDetection
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo inside
icmp permit any echo outside
asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.33.0.0_16 NETWORK_OBJ_10.33.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.1.0.0_16 NETWORK_OBJ_10.1.0.0_16
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.0_24 NETWORK_OBJ_10.60.30.0_24
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.64_26 NETWORK_OBJ_10.60.30.64_26
nat (inside,outside) source static NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 destination static NETWORK_OBJ_10.60.40.192_26 NETWORK_OBJ_10.60.40.192_26 service any port_tomcat
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1
nat (inside,outside) source static MailServer MailServer destination static NETWORK_OBJ_10.60.50.248_29 NETWORK_OBJ_10.60.50.248_29
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.0_28 NETWORK_OBJ_10.60.50.0_28
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.191.191.0_24 NETWORK_OBJ_10.191.191.0_24
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 80.90.98.222 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.60.10.10 255.255.255.255 inside
http 10.33.30.33 255.255.255.255 inside
http 10.60.30.33 255.255.255.255 inside
snmp-server host inside 10.33.30.108 community ***** version 2c
snmp-server host inside 10.89.70.30 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set lux_trans_set esp-aes esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 84.51.31.173
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer 98.85.125.2
crypto map outside_map 2 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set peer 220.79.236.146
crypto map outside_map 3 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 159.146.232.122
crypto map outside_map 4 set ikev1 transform-set lux_trans_set
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 1
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
telnet 10.60.10.10 255.255.255.255 inside
telnet 10.60.10.1 255.255.255.255 inside
telnet 10.60.10.5 255.255.255.255 inside
telnet 10.60.30.33 255.255.255.255 inside
telnet 10.33.30.33 255.255.255.255 inside
telnet timeout 30
ssh 10.60.10.5 255.255.255.255 inside
ssh 10.60.10.10 255.255.255.255 inside
ssh 10.60.10.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd dns 155.2.10.20 155.2.10.50 interface inside
dhcpd auto_config outside interface inside
threat-detection basic-threat
threat-detection scanning-threat shun duration 3600
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
tftp-server inside 10.60.10.10 configs/config1
webvpn
group-policy testTG internal
group-policy testTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol l2tp-ipsec
group-policy TcsTG internal
group-policy TcsTG attributes
vpn-idle-timeout 20
vpn-session-timeout 120
vpn-tunnel-protocol ikev1
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
address-pools value TCS_pool
group-policy downtown_interfaceTG internal
group-policy downtown_interfaceTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value downtown_splitTunnelAcl
group-policy HBSCTG internal
group-policy HBSCTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value HBSC
group-policy OSGD internal
group-policy OSGD attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-lock value OSGD
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
group-policy OAKDC internal
group-policy OAKDC attributes
vpn-tunnel-protocol ikev1
group-lock value OAKDC
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAKDCAcl
intercept-dhcp 255.255.0.0 disable
address-pools value OAKPRD_pool
group-policy mailTG internal
group-policy mailTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value webMailACL
group-policy OAK-remote internal
group-policy OAK-remote attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAK-remote_splitTunnelAcl
vpn-group-policy OAKDC
service-type nas-prompt
tunnel-group DefaultRAGroup general-attributes
address-pool OAKPRD_pool
address-pool ipad
default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 84.51.31.173 type ipsec-l2l
tunnel-group 84.51.31.173 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 98.85.125.2 type ipsec-l2l
tunnel-group 98.85.125.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 220.79.236.146 type ipsec-l2l
tunnel-group 220.79.236.146 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAKDC type remote-access
tunnel-group OAKDC general-attributes
address-pool OAKPRD_pool
default-group-policy OAKDC
tunnel-group OAKDC ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TcsTG type remote-access
tunnel-group TcsTG general-attributes
address-pool TCS_pool
default-group-policy TcsTG
tunnel-group TcsTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group downtown_interfaceTG type remote-access
tunnel-group downtown_interfaceTG general-attributes
address-pool test
default-group-policy downtown_interfaceTG
tunnel-group downtown_interfaceTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TunnelGroup1 type remote-access
tunnel-group mailTG type remote-access
tunnel-group mailTG general-attributes
address-pool mail_sddress_pool
default-group-policy mailTG
tunnel-group mailTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group testTG type remote-access
tunnel-group testTG general-attributes
address-pool mail_sddress_pool
default-group-policy testTG
tunnel-group testTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OSGD type remote-access
tunnel-group OSGD general-attributes
address-pool OSGD_POOL
default-group-policy OSGD
tunnel-group OSGD ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group HBSCTG type remote-access
tunnel-group HBSCTG general-attributes
address-pool OSGD_POOL
default-group-policy HBSCTG
tunnel-group HBSCTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 159.146.232.122 type ipsec-l2l
tunnel-group 159.146.232.122 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAK-remote type remote-access
tunnel-group OAK-remote general-attributes
address-pool OAK_pool
default-group-policy OAK-remote
tunnel-group OAK-remote ipsec-attributes
ikev1 pre-shared-key *****
policy-map global_policy
prompt hostname context
no call-home reporting anonymous
hpm topN enable
: end
asdm history enableDear Darko,
The problem here is the overlapp issue with the Internal network.
Since the VPN pool is:
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
And the local network is:
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
So since you have some NAT rules telling the FW that 10.60.0.0/16 is connected to the inside, we need to change that and force it to know that 10.60.30.0/24 is actually reachable to the outside.
On the other hand, yes you could point to outside interface, but is not a good practice.
Thanks.
Portu.
In case you do not have any further questions, please mark this post as answered. -
Hi Everyone,
if sh ip route shows
Gateway of last resort is 172.24.250.3 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 172.24.250.3
S 172.16.0.0/12 [1/0] via 172.24.250.1
We need to see destination IP subnet 172.24.150.x uses which IP as next hop
need to confirm it will use 172.24.250.1 as next hop right?
it will only go to default route unless it has no specfic route ?
Regards
MaheshMahesh,
According to your example, yes, the 172.24.150.x should use 172.24.250.1.
HTH,
John
*** Please rate all useful posts *** -
Policy Based Routing - set ip next-hop
All,
I am trying to change the next hop for selective traffic to route via a WAN optimiser rather than follow the default route. I am trying to achieve this on a 4506 with IOS 12.2(20)EW.
I have configured an ACL intended to capture traffic from my desired subnet, to my desired subnet:
ip access-list extended INTER-STOR permit ip 192.168.XX.0 0.0.0.128 192.168.YY.0 0.0.0.128 log
I have then created the route map:
route-map WAN-OPT permit 10 match ip address INTER-STOR set interface Vlan1 set ip next-hop 192.168.XX.50
I have tested both with and without setting the interface. Neither make any difference.
I am then applying the route map policy to the vlan in which the traffic I wish to re-route is originating.
ip policy route-map WAN-OPT
I am finding however that this configuration doesn't work.
I have reviewed a number of documents and can not find any limitations based on the version of IOS I am using or my configuration.
This switch performs the routing for this environment, however there are no interfaces assigned to this vlan for anything other than testing on this switch. They are assigned on a stack on 3750's running as a VTP client. Again - testing from a port in the relevant vlan on this switch doing the routing (4500) does not change the results. The traffic continues to be routed the via the default route.
I'm not so sure that it is even the route map that has the problem as if I look at the access lists I can not see any hits being registered. I'm not sure whether this is a red-herring or not as I can't see what is wrong with the ACL or anything to suggest this ACL would not be supported.
If anybody can offer any guidance or suggestions it would be very much appreciated.
Thanks,Below is the "offical" explanation, I have bolded and underlined ESTENTIAL information:-
set ip next-hop
•Specifies the next hop for which to route the packet (the next hop must be adjacent). This behavior is identical to a next hop specified in the normal routing table.
set interface
•Sets output interface for the packet. This action specifies that the packet is forwarded out of the local interface. The interface must be a Layer 3 interface (no switchports), and the destination address in the packet must lie within the IP network assigned to that interface. If the destination address for the packet does not lie within that network, the packet is dropped.
set ip default next-hop
•Sets next hop to which to route the packet if there is no explicit route for this destination. Before forwarding the packet to the next hop, the switch looks up the packet's destination address in the unicast routing table. If a match is found, the packet is forwarded by way of the routing table. If no match is found, the packet is forwarded to the specified next hop.
set default interface
•Sets output interface for the packet if there is no explicit route for this destination. Before forwarding the packet to the next hop, the switch looks up the packet's destination address in the unicast routing table. If a match is found, the packet is forwarded via the routing table. If no match is found, the packet is forwarded to the specified output interface. If the destination address for the packet does not lie within that network, the packet is dropped.
HTH> -
BGP route-reflector next-hop issue
Hello,
I have a small GNS3 lab that is working with one exception: I cannot ping loopback0 on RRc2 and RRc3 from RRc1.
RRc1, RRc2 and RRc3 can all ping loopback0 on SmileyISP and RRc2 and RRc3 can ping each others loopback0
interfaces.
I am broken between the two route-reflectors: RRS1 and RRS2.
Given these conditions:
1) Do not configure any IGP.
2) No static routes
How do I get connectivity from RRc1's loopback0 interface to RRc2 loopback0 and RRc3 loopback0?
I used a route-map to set the next hop, but I am obviously doing something wrong.
I am providing relevant show command outputs, router configs, and the GNS3 topology.net config.
You will have to change the image and working directories to match your computer.
Not quite sure where I am going wrong.
Any help would be greatly appreciated.
Thanks.
-- Mark
RRc1#sh ip bgp
BGP table version is 53, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.25.5 0 100 0 100 i
*>i 10.1.12.0/24 10.1.26.2 0 100 0 i
*>i 10.1.13.0/24 10.1.12.1 0 100 0 i
*>i 10.1.14.0/24 10.1.12.1 0 100 0 i
*>i 10.1.15.0/24 10.1.12.1 0 100 0 i
*>i 10.1.25.0/24 10.1.26.2 0 100 0 i
* i 10.1.26.0/24 10.1.26.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*>i 172.16.2.0/24 10.1.12.1 0 100 0 i
*>i 172.16.3.0/24 10.1.12.1 0 100 0 i
RRc1#
RRc1#ping 172.16.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 0 percent (0/5)
RRc1#
RRc2#sh ip bgp
BGP table version is 31, local router ID is 172.16.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.15.5 0 100 0 100 i
* i 10.1.12.0/24 10.1.12.2 0 100 0 i
* i 10.1.13.0/24 10.1.13.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 10.1.14.0/24 10.1.13.1 0 100 0 i
*>i 10.1.15.0/24 10.1.13.1 0 100 0 i
* i 10.1.25.0/24 10.1.12.2 0 100 0 i
* i 10.1.26.0/24 10.1.12.2 0 100 0 i
* i 172.16.1.0/24 10.1.12.2 0 100 0 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
*>i 172.16.3.0/24 10.1.14.4 0 100 0 i
RRc2#
SmileyISP#sh run
Building configuration...
Current configuration : 988 bytes
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname SmileyISP
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.5 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.5 255.255.255.0
speed auto
duplex auto
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor 10.1.15.1 remote-as 200
neighbor 10.1.25.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS1#sh run
Building configuration...
Current configuration : 1594 bytes
! Last configuration change at 19:24:34 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.12.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.13.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
ip address 10.1.14.1 255.255.255.0
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 10.1.14.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.2 peer-group RouteReflectors
neighbor 10.1.13.3 peer-group RRClients
neighbor 10.1.14.4 peer-group RRClients
neighbor 10.1.15.5 remote-as 100
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS2#sh ru
Building configuration...
Current configuration : 1542 bytes
! Last configuration change at 19:42:06 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.26.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.12.0 mask 255.255.255.0
network 10.1.25.0 mask 255.255.255.0
network 10.1.26.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.1 peer-group RouteReflectors
neighbor 10.1.25.5 remote-as 100
neighbor 10.1.26.6 peer-group RRClients
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc1#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:43:57 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.26.6 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.26.0 mask 255.255.255.0
network 172.16.1.0 mask 255.255.255.0
neighbor 10.1.26.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc2#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:45:05 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.2.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.13.3 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
neighbor 10.1.13.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc3#wr term
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:31:12 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc3
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.3.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.14.4 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.14.0 mask 255.255.255.0
network 172.16.3.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
autostart = False
version = 0.8.6
[127.0.0.1:7202]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10200
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2005
aux = 2100
cnfg = configs\SmileyISP.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/0
f1/1 = RRS2 f1/1
x = -24.0
y = -259.0
z = 1.0
hx = -1.5
hy = -24.0
console = 2015
aux = 2101
cnfg = configs\RRc1.cfg
slot1 = PA-2FE-TX
f1/0 = RRS2 f2/0
x = -292.0
y = 200.0
z = 1.0
hx = -5.5
hy = -25.0
[127.0.0.1:7200]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10000
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2012
aux = 2102
cnfg = configs\RRS1.cfg
slot1 = PA-2FE-TX
f1/0 = SmileyISP f1/0
f1/1 = RRS2 f1/0
slot2 = PA-2FE-TX
f2/0 = RRc2 f1/0
f2/1 = RRc3 f1/0
x = 197.0
y = 6.0
z = 1.0
hx = 42.5
hy = -20.0
console = 2013
aux = 2103
cnfg = configs\RRS2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/1
f1/1 = SmileyISP f1/1
slot2 = PA-2FE-TX
f2/0 = RRc1 f1/0
x = -239.0
y = 9.0
z = 1.0
hx = 1.5
hy = -24.0
[127.0.0.1:7201]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10100
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2009
aux = 2104
cnfg = configs\RRc3.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/1
x = 337.0
y = 155.0
z = 1.0
hx = 17.5
hy = -25.0
console = 2008
aux = 2105
cnfg = configs\RRc2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/0
x = 149.0
y = 204.0
z = 1.0
hx = -13.5
hy = -23.0
[GNS3-DATA]
configs = configs
text = ".1"
x = 208.0
y = -23.0
text = "10.1.12.0/24"
x = -19.0
y = 5.0
text = ".1"
x = 153.0
y = 25.0
text = ".1"
x = 259.0
y = 33.0
text = "10.1.13.0/24"
x = 238.0
y = 84.0
rotate = 99
text = "10.1.25.0/24"
x = -188.0
y = -124.0
text = "l0: 172.16.2.1/24"
x = 125.0
y = 244.0
text = "l0:172.16.1.1/24"
x = -269.0
y = 240.0
text = "10.1.15.0/24"
x = 116.0
y = -127.0
text = "10.1.14.0/24"
x = 293.0
y = 53.0
rotate = 50
text = ".1"
x = 194.0
y = 68.0
text = "AS100"
x = -20.0
y = -342.0
text = ".2"
x = -148.0
y = 46.0
text = "AS200"
x = 33.0
y = 300.0
text = "l0: 1.1.1.1/24"
x = -42.0
y = -306.0
text = ".5"
x = 50.0
y = -213.0
text = ".2"
x = -248.0
y = 60.0
text = ".2"
x = -174.0
y = -52.0
text = ".5"
x = -54.0
y = -209.0
text = ".6"
x = -232.0
y = 189.0
text = "l0:172.16.3.1/24"
x = 299.0
y = 194.0
text = "10.1.26.0/24"
x = -274.0
y = 167.0
rotate = 290
text = ".3"
x = 208.0
y = 187.0
text = ".4"
x = 312.0
y = 155.0
type = ellipse
x = 50.0
y = -35.0
width = 385.0
height = 345.0
fill_color = "#ffff7f"
border_style = 2
z = -1.0
type = ellipse
x = -171.0
y = -346.0
width = 359.0
height = 200.0
fill_color = "#aaff7f"
border_style = 2
z = -1.0
type = ellipse
x = -407.0
y = -87.0
width = 883.0
height = 443.0
border_style = 2
z = -2.0
type = ellipse
x = -361.0
y = -29.0
width = 385.0
height = 326.0
fill_color = "#55aaff"
border_style = 2
z = -3.0BD,
Ahh...
OK. In the original article, the author states that the final piece with the route map
NEXTHOP was supposed to fix the reachability issue. Obviously it doesn't.
After reading your last post, I looked more carefully at the output from 'sh ip bgp'
on each of the client routers and I realized that several of the next hop addresses were
wrong for some of the prefixes.
1) I completely removed the 'neighbor RouteReflectors route-map NEXTHOP out'
from both RR's. Then I ran 'sh ip bgp' on the clients and noted a change in the next hop addresses. Still wrong, but it changed.
2) I then tried next-hop-self from the RR's to the clients, but it did not change from where
it was after I completed step 1. I am not sure why there was no change. (actually, see the very end of this post)
3) I then applied my version of the route map: route-map NEXTHOP permit 10
set ip next-hop peer-address
to the RR's with this: neighbor RRClients route-map NEXTHOP out
That fixed it. All three clients have as their next hop for all prefixes their respective
RR's (which is what they should have for this topology).
I have full connectivity everywhere, even loopback to loopback between all clients.
1) THANK YOU for pointing me in the right direction.
2) If I may ask, why did next hop self fail? More specifically, I saw no change at all
in the next hop for the advertised prefixes. Is it because next-hop-self should be used
for eBGP peers and all of the RR's and clients are all within the same AS? -
Hi All,
I want to discuss a problem that I am facing in the BGP scenario.
The problem is that I have 2 ISP connections from a service provider which is terminating on 6509 VSS and our companies 2 routers and ASA is also connected to 6509 VSS.
R5 is creating a eBGP peering with R3 (Primary ISP) and R4 (Secondary ISP) and in same way R6 is having eBGP peering with R3 and R4.
I am using 2 default routes 1st with default AD towards R3 (Pri ISP) and 2nd with a higher AD value towards R4 (Sec ISP).
After this I had changed Next-hop with the help of route-map.So, that the traffic will hit on ASAs interface from WAN side.
The route-map for R3 is having a set IP next-hop of ASAs IP address x.x.x.10 and the route-map for R4 is having a set IP next-hop of ASAs 2nd interface IP address y.y.y.10
So, now problem is when I use command on R5 to see which next-hop I am sending to customer(#sh ip bgp nei x.x.x.3 advertised-routes) than for R3 network it shows me the exact next-hop which I want of x.x.x.10 ASAs interfaces but when I use same command to check for R4 than the output is also same i.e. it is having the next-hop of ASAs IP x.x.x.10 even in my route-map I am having a entry to set next-hop for R4 is ASAs interface IP y.y.y.10
After this I used wireshark to capture packet and I also used debug but the output shows that next-hop is set for R4 is y.y.y.10
So, this is the problem i.e. in show output command it is showing wrong next-hop but in capturing it is acknowledging that it is using the next-hop mentioned in route-map.
This is my configuration on R5 and same is on R6 just IPs are like y.y.y.6
R5#
interface GigabitEthernet0/0
description TO Primary ISP
ip address x.x.x.5 255.255.255.248
duplex auto
speed auto
no shut
interface GigabitEthernet0/1
description To Secondary ISP
ip address y.y.y.5 255.255.255.248
duplex auto
speed auto
no shut
ip access-list standard BLOCK
deny any
route-map as_prepend_secondary permit 10
set ip next-hop y.y.y.10
route-map as_prepend_primary permit 10
set ip next-hop x.x.x.10
router bgp AAAAA
no synchronization
bgp log-neighbor-changes
network z.z.z.z mask 255.255.255.248
timers bgp 10 30
neighbor y.y.y.4 remote-as BBBBB
neighbor y.y.y.4 route-map as_prepend_secondary out
neighbor x.x.x.3 remote-as BBBBB
neighbor x.x.x.3 route-map as_prepend_primary out
distribute-list BLOCK in
no auto-summary
ip route x.x.x.0 255.255.255.0 x.x.x.3
ip route y.y.y.0 255.255.255.0 y.y.y.3 2
This is the output of Debug on R6
BGP: TX IPv4 Unicast Wkr global 7 Cur Processing.
BGP: TX IPv4 Unicast Wkr global 7 Cur Attr change from 0x0 to 0x68F081C8.
*Sep 15 13:16:15.056: BGP(0): y.y.y.4 NEXT_HOP is set to y.y.y.10 by policy for net y.y.y.128,
Thanks & Regards,
Rahul ChhabraTopology Diagram
-
Importance of specifiying MAC add of next hop L3 device in FWSM config
Hi,
With refrence of Cisco Secure Firewall Services Module (FWSM) of Cisco Press book it's mentioned that
"While configuring the transparent mode in FWSM, it is important to specify the MAC address and the CAM entries on the Layer 3 next hop device of FWSM."
This part of configuration is not very much clear to me please let me know the logic of this things
The following are two examples:
Layer 3 Device A (PFC) at the Outside Security Domain
! IP address of the next hop for the outside security domain
interface Vlan20
mac-address 0000.0000.0001
ip address 10.10.1.1 255.255.255.0
! Specify the IP address and MAC address at the first hop layer 3 interface
! of the inside security domain
arp 10.10.1.21 0000.0000.0001 ARPA
Layer 3 Device B at the Inside Security Domain
! IP address of the next hop for the inside security domain
interface Vlan21
mac-address 0000.0000.0021
ip address 10.10.1.21 255.255.255.0
! Specify the IP address and MAC address defined at the first hop interface
! of the outside security domain
arp 10.10.1.21 0000.0000.0002 ARPA
Regards
Ambivert SkillHello Mikis,
Fair enough, Just remember beggining on 8.3 how the ASA handles the packets it's different from 8.2 and older versions.
As you said now the ASA is going to check the proper Nat rules first and then the Acl's that is why when we want to allow traffic from outside to an inside server we need to poing the ACL to the private or un-nated Ip as the nat rule was taken in place first
Good post by the way,
Remember to rate all the community answers, for us that is more important than a thanks
Julio -
Hi,
could someone please advice how to change a next-hop for incoming SMTP traffic? I've successfully created PBR to redirect customer SMTP traffic to a different next-hop:
C6509#access-list 150 permit tcp 85.175.191.0 0.0.0.255 any eq smtp (customer LAN is 85.175.191.0/24; from customer to the internet)
C6509#access-list 160 permit tcp any 85.175.191.0 0.0.0.255 eq smtp (from the internet to customer LAN; doesn't work!)
C6509#route-map MAIL-Redirect permit 10
C6509#match ip address 150
C6509#set ip next-hop 20.10.10.10
C6509#route-map MAIL-Redirect permit 20
C6509#match ip address 160
C6509#set ip next-hop 20.10.10.10
C6509#interface Vlan100
C6509#ip address 85.175.191.1 255.255.255.0
C6509#ip policy route-map MAIL-Redirect
Redirect customer SMTP traffic from inside to the internet works as expected:
IP: s=85.175.191.111 (Vlan16), d=173.19.66.27, len 60, FIB policy match
IP: s=85.175.191.111 (Vlan16), d=173.19.66.27, len 60, PBR Counted
IP: s=85.175.191.111 (Vlan16), d=173.19.66.27, g=20.10.10.10, len 60, FIB policy routed
C6509#sh access-list 150
Extended IP access list 150
10 permit tcp 85.175.191.0 0.0.0.255 any eq smtp (17 matches)
But the other direction (SMTP traffic coming in from the internet to 85.175.191.0/24) seems not working:
C6509#sh access-list 160
Extended IP access list 160
10 permit tcp any 5.175.191.0 0.0.0.255 eq smtp
Any ideas?
Thanks,
ThomasI think it's because PBR must be configured in interface receiving traffic; try configuring PBR on the WAN interface (obviously you can split the route-map in the routemaps: one for incoming traffic (used on WAN inertf) and one for outgoing traffic (used on VLAN 100))
Let me know, bye,
enrico
PS: please rate if useful -
BGP Next-hop conflict with MPLS Label.
Hi, Experts
Equipment: Cisco ASR9922, IOS-XR 4.3.2
Issue: I have problem that my RR do the next-hop-self by using route-policy for client routers, the next-hop is changed as intended but the MPLS label doesn’t changed to reflect the new next-hop.
What I would like to achieve: I would like RR to set next-hop-self only for selected prefixes(172.168.0.0/24, 0.0.0.0/0) but maintain original next-hop for the rest, I do this by using route-policy.
Detail:
I have routers running MPLS infrastructure with ASR9922 as an RR. RN router is in neighbor-group RN and CPE-xx routers are in neighbor-group AN.
•- Every routers are in same BGP AS64549.
•- RN sends prefixes 0.0.0.0/0 and 172.168.0.0/24 to RR.
•- CPE-25 sends prefix 192.168.25.1/32 to RR.
Neighbor-group AN has the route-policy AN-OUT2 to set next-hop of prefix 172.168.0.0/24 and 0.0.0.0/0 to RR#loopback1 before send out update to CPE routers. Below is BGP and RPL configuration at RR.
router bgp 64549
nsr
bgp graceful-restart
ibgp policy out enforce-modifications
address-family vpnv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy ADD-PATH-iBGP
retain route-target all
neighbor-group AN
remote-as 64549
cluster-id 172.16.1.11
update-source Loopback1
address-family vpnv4 unicast
route-reflector-client
route-policy AN-OUT2 out
soft-reconfiguration inbound
route-policy AN-OUT2
if destination in DEFAULT or destination in RNC then
set next-hop 192.168.10.11
else
pass
endif
end-policy
This is what RR advertises to CPE-24
RP/0/RP0/CPU0:RR#show bgp vpnv4 unicast neighbors 192.168.10.24 advertised-routes
Fri Dec 20 15:23:14.931 BKK
Network Next Hop From AS Path
Route Distinguisher: 64549:3339
0.0.0.0/0 192.168.10.11 172.16.1.1 ?
172.16.1.2 ?
172.168.0.0/24 192.168.10.11 172.16.1.1 ?
172.16.1.2 ?
192.168.0.1/32 192.168.10.11 192.168.10.24 i
192.168.0.26/32 192.168.10.26 192.168.10.26 i
192.168.25.1/32 192.168.10.25 192.168.10.25 i
192.168.211.8/30 192.168.10.22 192.168.10.22 i
The IP part works as intended but MPLS Label doesn’t work as intended. Please take a look at RN who is originates 172.168.0.0/24, label 16025 is locally assigned.
RP/0/RP0/CPU0:RN1#show bgp vpnv4 unicast labels
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 64549:3339 (default for vrf VLAN3339)
*> 0.0.0.0/0 0.0.0.0 nolabel 16025
* i 172.16.1.11 16068 16025
* i 172.16.1.13 16033 16025
*> 172.168.0.0/24 0.0.0.0 nolabel 16025
* i 172.16.1.11 16059 16025
* i 172.16.1.13 16024 16025
172.168.0.0/24 at RR, label 16059 is locally assigned, label 16025 is receive from RN router. It should send 172.168.0.0/24 with label 16059 to CPE-24 to reflect next-hop changed.
RP/0/RSP0/CPU0:RR#show bgp vpnv4 unicast labels
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 64549:3339
*>i0.0.0.0/0 172.16.1.1 16025 16068
* i 172.16.1.2 16007 16068
*>i172.168.0.0/24 172.16.1.1 16025 16059
* i 172.16.1.2 16007 16059
*>i192.168.0.1/32 192.168.10.24 131070 16060
*>i192.168.25.1/32 192.168.10.25 131070 16062
*>i192.168.211.8/30 192.168.10.22 131070 16065
What I found at CPE-24 which is Alcatel router is that, RR send prefix 172.168.0.0/24, nh 192.168.10.11 with label 16025 which is incorrect.
A:CPE-24# show router bgp routes vpn-ipv4 172.168.0.0/24
===============================================================================
BGP Router ID:192.168.10.24 AS:64549 Local AS:64549
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop Path-Id VPNLabel
As-Path
u*>? 64549:3339:172.168.0.0/24 100 0
192.168.10.11 None 16025
No As-Path
Routes : 1
===============================================================================
On RR If I just remove the policy and do the next-hop-self under vpv4 address family, CPE-24 will get corrent nh with correct label(16059) but that won’t achieve our requirement to change nh only on selected prefixes. Is this software problem? Or is there any solution to work around?
Regard,
MaritHello Marit,
I am able to recreate this in the lab, and unfortunately this scenario is not supported. BGP does not advertise allocated label if we set nexhop using route policy. The only way is by next-hop-self configured on RR, and yes it eventually will applies to all prefixes advertised to neighbor-group AN. Currently i do not have workaround available.
Below is the capture of what i have tested in the lab:
The topology:
CRS-4-02 ---------- CRS-8-01 ------------ ASR-9006-1
CRS-8-01 is Route-reflector of CRS-4-02 and ASR-9006-1.
CRS-4-02 advertise some prefixes.
This issue occurs when RR have route-policy toward ASR-9006-1, where it assign incorrect label. But it assign correct label if CRS-8-01 use next-hop-self.
Below is the test done in the lab if RR use next-hop-self:
RP/0/RP0/CPU0:CRS-4-02#show run router bgp
Tue Jan 7 08:16:18.945 UTC
router bgp 1
bgp router-id 172.16.4.1
ibgp policy out enforce-modifications
address-family ipv4 unicast
address-family vpnv4 unicast
neighbor 172.16.8.3
remote-as 1
update-source Loopback0
address-family ipv4 unicast
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
vrf RTAMAELA
rd 100:1
address-family ipv4 unicast
redistribute connected
RP/0/RP0/CPU0:CRS-4-02#show bgp vpnv4 unicast advertised summary
Tue Jan 7 08:16:29.001 UTC
Network Next Hop From Advertised to
Route Distinguisher: 100:1
78.22.11.2/32 172.16.4.1 Local 172.16.8.3
78.22.11.3/32 172.16.4.1 Local 172.16.8.3
93.22.15.61/32 172.16.4.1 Local 172.16.8.3
RP/0/RP0/CPU0:CRS-4-02#
RP/0/RP0/CPU0:CRS-4-02#show bgp vpnv4 unicast labels
Tue Jan 7 08:16:53.655 UTC
BGP router identifier 172.16.4.1, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0
BGP main routing table version 57
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1 (default for vrf RTAMAELA)
*>i22.51.32.77/32 172.16.8.3 16056 nolabel
*> 78.22.11.2/32 0.0.0.0 nolabel 16003
*> 78.22.11.3/32 0.0.0.0 nolabel 16003
*> 93.22.15.61/32 0.0.0.0 nolabel 16003
Processed 4 prefixes, 4 paths
RP/0/RP0/CPU0:CRS-4-02#
RP/0/RP1/CPU0:CRS-8-01#show run router bgp
Wed Jan 8 11:07:05.436 UTC
router bgp 1
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
allocate-label all
address-family vpnv4 unicast
retain route-target all
neighbor-group AN
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
next-hop-self <-- use next-hop-self toward ASR-9006-1
soft-reconfiguration inbound
neighbor-group RN
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
next-hop-self
soft-reconfiguration inbound
neighbor 10.10.10.10
remote-as 1
address-family ipv4 unicast
neighbor 72.15.48.5
use neighbor-group AN
neighbor 172.16.4.1
use neighbor-group RN
RP/0/RP1/CPU0:CRS-8-01#show bgp vpnv4 unicast labels
Wed Jan 8 11:07:09.091 UTC
BGP router identifier 172.16.8.3, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 344169
BGP main routing table version 92
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1
*>i22.51.32.77/32 72.15.48.5 16000 16056
*>i78.22.11.2/32 172.16.4.1 16003 16053
*>i78.22.11.3/32 172.16.4.1 16003 16054
*>i93.22.15.61/32 172.16.4.1 16003 16055
Processed 4 prefixes, 4 paths
RP/0/RP1/CPU0:CRS-8-01#
RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
Wed Jan 8 17:02:02.796 UTC
router bgp 1
bgp router-id 72.15.48.5
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
address-family vpnv4 unicast
retain route-target all
neighbor-group RR
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
soft-reconfiguration inbound
neighbor 172.16.8.3
use neighbor-group RR
neighbor 192.169.1.2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
vrf RTAMAELA
rd 100:1
address-family ipv4 unicast
redistribute connected
RP/0/RSP1/CPU0:ASR-9006-01#show bgp vpnv4 unicast labels
Wed Jan 8 17:02:04.381 UTC
BGP router identifier 72.15.48.5, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 253825
BGP main routing table version 126
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1 (default for vrf RTAMAELA)
*> 22.51.32.77/32 0.0.0.0 nolabel 16000
*>i78.22.11.2/32 172.16.8.3 16053 nolabel <== 172.16.8.3 is the loopback address of CRS-8-01
*>i78.22.11.3/32 172.16.8.3 16054 nolabel
*>i93.22.15.61/32 172.16.8.3 16055 nolabel
Processed 4 prefixes, 4 paths
RP/0/RSP1/CPU0:ASR-9006-01#
From output above we can see that ASR-9006-01 received correct label for each prefix.
Below is the output with route-policy configured and ASR-9006-01 receive incorrect label:
RP/0/RP1/CPU0:CRS-8-01#show run router bgp
Wed Jan 8 11:04:46.310 UTC
router bgp 1
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
allocate-label all
address-family vpnv4 unicast
retain route-target all
neighbor-group AN
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
route-policy RTAMAELA out
soft-reconfiguration inbound
neighbor-group RN
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
next-hop-self
soft-reconfiguration inbound
neighbor 72.15.48.5
use neighbor-group AN
neighbor 172.16.4.1
use neighbor-group RN
RP/0/RP1/CPU0:CRS-8-01#show run route-policy RTAMAELA
Wed Jan 8 11:16:06.847 UTC
route-policy RTAMAELA
if destination in RNC then
set next-hop 172.16.8.3
else
pass
endif
end-policy
RP/0/RP1/CPU0:CRS-8-01#show run prefix-set RNC
Wed Jan 8 11:16:12.099 UTC
prefix-set RNC
78.22.11.3/32
end-set
RP/0/RP1/CPU0:CRS-8-01#show bgp vpnv4 unicast labels
Wed Jan 8 11:04:33.512 UTC
BGP router identifier 172.16.8.3, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 344013
BGP main routing table version 92
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1
*>i22.51.32.77/32 72.15.48.5 16000 16056
*>i78.22.11.2/32 172.16.4.1 16003 16053
*>i78.22.11.3/32 172.16.4.1 16003 16054
*>i93.22.15.61/32 172.16.4.1 16003 16055
Processed 4 prefixes, 4 paths
RP/0/RP1/CPU0:CRS-8-01#
RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
Wed Jan 8 16:59:41.601 UTC
router bgp 1
bgp router-id 72.15.48.5
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
address-family vpnv4 unicast
retain route-target all
neighbor-group RR
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
soft-reconfiguration inbound
neighbor 172.16.8.3
use neighbor-group RR
neighbor 192.169.1.2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
vrf RTAMAELA
rd 100:1
address-family ipv4 unicast
redistribute connected
RP/0/RSP1/CPU0:ASR-9006-01#show bgp ipv4 unicast labels
Wed Jan 8 16:59:52.173 UTC
RP/0/RSP1/CPU0:ASR-9006-01#show bgp vpnv4 unicast labels
Wed Jan 8 17:00:00.457 UTC
BGP router identifier 72.15.48.5, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 253701
BGP main routing table version 123
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1 (default for vrf RTAMAELA)
*> 22.51.32.77/32 0.0.0.0 nolabel 16000
*>i78.22.11.2/32 172.16.4.1 16003 nolabel
*>i78.22.11.3/32 172.16.8.3 16003 nolabel <-- It receive label 16003, which is wrong. it should receive label 16054.
*>i93.22.15.61/32 172.16.4.1 16003 nolabel
Processed 4 prefixes, 4 paths
RP/0/RSP1/CPU0:ASR-9006-01#
Rivalino -
What is the second, third, etc. next-hop address in the route-map set command for?
What is the second, third, etc. next-hop address in the route-map set command for?
route-map TEST_PBR permit 10 match
match ip address 101
router(config-route-map)#set ip next-hop 1.1.1.1 ?
A.B.C.D IP address of next hopHi,
You may get your answer in below link
http://www.groupstudy.com/archives/ccielab/200812/msg00999.html
First next-hop will be used unless until that is not unreachable. If first is unreachable, then next one will be used. Since these next-hops are directly connected, router can easily come to know whether they are active or not. In case you want to set some loopback ip as next-hop then you need to use keyword recursive "set ip next-hop recursive"
--Pls dont forget to rate helpful posts--
Regards,
Akash -
How do I turn off all alerts for a specific email account
I want to disable all notifications for a specific email account and I can't find the options to do this. So basically I have 3 email accounts linked on my blackberry. I and I want to make it so that any time account #3 gets an email I don't get a red flashing light or a new message * anywhere. I case you're wondering I've funneled all those annoying promo adds to this one account. It's just that sometimes some of them actually have good deals so I want to be able to check them every now and then but it's seriously annoying when my red light is going off constantly. NEVER MIND! I found it, but I'm going to leave this here incase anyone else it looking for something like this. You go into notification profiles and change the settings for that profile. So it's : Notifications -> Profiles -> Normal (or which ever one you want) -> Customize App Notifications -> Email Messages -> Select email account you want -> Turn off all notifications or modify them to your preference. It does suck that you can't just globally set it by email account. It seems you have to go through each profile and change the settings one at a time. Most people probably only have 3 though so it's not that big a deal #firstworldproblems. DOUBLE NEVER MIND! So the "solution" I mentioned above only seems to work for the LED indicator and the instant popup you that comes on the top of the screen when you get a new notification. I'm still getting the red "new email" star on the side bar when I do a quick look from the homescreen or an app. And the 3rd email account has a "new email" red star next to it as well. Hoping someone out there knows how to turn them off for a specific email account. Thanks. - Kbye
Hi, I am using German OS therefore maybe the items are called differently in English: 1) Go into the main menu 2) Select "Alerts" 3) select the Profile you like to adjust 4) Select App Alerts 5) Select Email 6) You sould see your 3 mail accounts listed 7) Select the one you like to "mute" and you can set everything (sound, LED, vibration etc. individually for this acount) Hope it helps Alex
-
How to find user exits for a specific field
hi,
How can we find a user exit for a specific fields .
as i know Three ways to search user-exits
1. SE80 look includes in a packages with name user-exits
2. by zreport which will fetch user-exit in a T-CODE
3. SMOD
but what if we have to find a user-exit for particular field for e.g bupla(bussiness place) in MIRO.
Please suggest me.
Thanks and Regards ,
Rahul Singh.Hi Rahul,
Here is the procedure to create field exits.
Step by step procedure for creating Field Exits
There are eight steps to creating a field exit:
Step 1: Determine Data Element
Step 2: Go To Field Exit Transaction
Step 3: Create Field Exit
Step 4: Create Function Module
Step 5: Code Function Module
Step 6: Activate Function Module
Step 7: Assign Program/Screen
Step 8: Activate Field Exit
Step 1: Determine Data Element
u2022 Before you can begin adding the functionality for a field exit, you must know the corresponding data element.
Step 2: Go To Field Exit Transaction
u2022 The transaction to create field exits is CMOD.
u2022 You can use the menu path Tools -> ABAP/4 Workbench -> Utilities -> Enhancements -> Project management.
u2022 From the initial screen of transaction CMOD, choose the Text enhancements -> Field exits menu path.
u2022 After choosing this menu path, you will be taken to the field exits screen. From here, you can create a field exit.
NOTE : Even though you use transaction CMOD to maintain field exits, you do not need to create a project to activate field exits.
Step 3: Create Field Exit
u2022 From the field exit screen of transaction CMOD, choose the Field exit -> Create menu path.
u2022 After choosing this menu path, a dialog box will prompt you for the appropriate data element .
u2022 Enter the data element name and click the u2018Continueu2019 pushbutton.
u2022 Now, you will be able to create the function module associated to the data elementu2019s field exit.
Step 4: Create Function Module
u2022 You will automatically be taken to the Function Library (SE37) after entering a data element name and clicking the u2018Continueu2019 pushbutton.
u2022 In the u2018Function moduleu2019 field, a function module name will be defaulted by the system based on the data element specified. This name will have the following convention:
FIELD_EXIT_<data element>
u2022 You can add an identifier (an underscore followed by a single character ).
u2022 The first function module for a data elementu2019s field exit must be created without an identifier.
u2022 To create the function module, click on the u2018Createu2019 pushbutton, choose menu path Function module -> Create, or press u2018F5u2019.
u2022 After choosing to create the function module, you will get the warning: "Function module name is reserved for SAP". This message is just a warning so a developer does not accidentally create a function module in the field exit name range. By pressing u2018Enteru2019, you will be able to go ahead and create the function module.
u2022 Before coding the function module, you will have to specify the function modules attributes -- function group, application, and short text.
Step 5: Code Function Module
u2022 From the function moduleu2019s attributes screen, click on the u2018Source codeu2019 pushbutton or choose the Goto -> Function module menu path to the code of the function module.
u2022 Here you will add your desired functionality for the field exit.
u2022 Remember that field exitu2019s function module will have two parameters -- one importing parameter called "INPUT" and one exporting parameter called "OUTPUT". These parameters will be set up automatically by the system.
u2022 You must remember to assign a value to the OUTPUT field. Even if the value does not change, it must be moved from the INPUT field to the OUTPUT field.
Step 6: Activate Function Module
u2022 After coding the function module, you must remember to activate it.
u2022 Use the Function module -> Activate menu path to activate the function module.
u2022 At this point, you can return to the field exit transaction.
u2022 You should be able to 'green arrow' back to this transaction.
u2022 When you return to the field exit transaction, you will see an entry for the newly created field exit.
u2022 At this point, the field exit is global. That is, it applies to all screens that use a particular data element. On any screen that uses the data element, the corresponding field exit function module will be triggered, once it is active.
u2022 Also, the field exit will not be triggered yet because it is inactive.
Step 7: Assign Program/Screen
u2022 This step is only needed if you want to make a field exit local.
u2022 To make a field exit local, select the field exit and click on the u2018Assign prog./screenu2019 pushbutton.
u2022 In the dialog box , indicate the appropriate program name and screen number.
This information indicates that the field exit is local to the specified screen in the specified program.
u2022 In the dialog box, you determine which function module gets executed for the field exit by specifying the identifier in the u2018Fld. Exitu2019 field.
u2022 If this field is left blank, the function module triggered will be 'FIELD_EXIT_<data element>'.
u2022 If a single-character identifier is entered into the field, the function module triggered will be 'FIELD_EXIT_<data element>_<identifier>'.
Step 8: Activate Field Exit
u2022 The field exit must be active for it to be triggered by the system.
u2022 Activate the field exit by choosing the Field exit -> Activate menu path.
u2022 After assigning the field exit to a change request, its status will change to u2018Activeu2019 and it will be triggered automatically on the appropriate screen(s).
NOTE : In order to activate the field exit the profile parameter abap/fieldexit = YES must be set on all application servers
Execute the transaction SE38 with PROGRAM NAME - RSMODPRF
Then give the Data Element Name for which field you want to create the exit(Just cross check with your field data element) and execute.
then it takes you to SE37 with the function module name FIELD_EXIT_<DATA ELEMENT NAME> and then create the same function module.
and in the coding part, You can write your logic to display the output of that field. and activate it.
once you complete the above,
Again execute SE38 transaction with program RSMODPRF and again click on Execute button without any Data Element Name. Now you select the data element which you have created and click on Assign prog/ Screen button and assign the program name and screen number of the filed and click on the menu Field Exit and Activate.
Hope it helps.
Regards
Radhika
Edited by: Radhika Pande on Nov 26, 2009 7:58 AM -
Finding Step Index for a specific test step name
How do I look up the StepIndex value (array index value for RunState.Sequence.Main["TestStepName"]) for a specific test step in a sequence? I am planning to use the number so I can dynamically change the test step execution order using the NextStepIndex parameter.
Thanks,
Scott TrosperHi Scott,
In the example attached, The Setup Step Group obtains an array of Steps from the Main.
All the example does at present is to step the next step to execute in the Main, But I hope it helps to answer your query.
Regards
Ray Farmer
Regards
Ray Farmer
Attachments:
GetListOfStepNames.seq 43 KB -
How to send a link for a specific podcast file?
So I'm in my Podcasts directory in iTunes 5.0 and I've got a bunch of downloaded podcasts. Just listened to a particular one that I really like and I'd like to send a link for that podcast to a friend. How to get the link? I do a Get Info on the file and there's no URL anywhere.
Even if I manually add a podcast by choosing "Subscribe to podcast" from the Advanced menu, then entering the podcast URL, if I thereafter try to retrieve that URL from somewhere in the downloaded podcast, it's nowhere to be found. Surely I'm missing something obvious. Now there are a very few podcasts that seem to put that info in their "Show Description" (aka the "Podcast Information" window) but they're the exception.
Before you suggest control-clicking in the iTunes Music Store and choosing "Copy iTunes Music Store URL," note that that doesn't get close to the mark at all, and besides, I need to do this for podcasts that aren't on the iTunes Music Store. Thanks!I should probably give an actual example to make myself clear. When you refer to clicking the "i," note that doing that is what I was talking about when I wrote: "there are a very few podcasts that seem to put that info in their 'Show Description' (aka the 'Podcast Information' window) but they're the exception." In other words, clicking the "i" opens the Podcast Information window. Same window opens if you choose "Show Description" from the contextual menu that opens when you control-click on the feed name.
But the URL that appears in the Podcast Information window (besides not being selectable for copying and also being in a window that disappears if you switch apps), is just the link to the RSS page that lists ALL the episodes. It is not a link to a specific episode. What I want is the ability FROM A DOWNLOADED PODCAST EPISODE to extract the link for that specific episode. I guess this would be equivalent to clicking the "Get" button next to a dimmed episode that has not yet been downloaded, though I don't really care that clicking that link (if I could find it) wouldn't automatically download the episode into iTunes for the person to whom I would send the link.
So, for example, the link that I can extract from the KCRW On the Beat podcast is this:
feed://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/podcastRSS?id =73331691
But what I want is to get the link (from within iTunes, not by visiting the web page) of the "Our Pop Stars Lead Us" episode, which is here:
http://66.186.18.80/podcast/mp3/ob/ob050907Afterthe_DelugeOur.mp3
See what I mean? -
Summ a measure over 12 months for a specific sales month
Hi
I have been trying to Sum a measure (Income) over the next 12 months (Date) for a specific sales month (SalesDate)
This query at least returns values but does not limit the measure to the first 12 months:
With
Member [Measures].[Income - plus 12] As
Iif(
[Date].[|Date - Month Description].CurrentMember>=[SalesDate].[SalesDate - Month].CurrentMember
, Sum(LastPeriods(- 12
, [Date].[Date - Month Description].CurrentMember
[Measures].[Income]
) HINT STRICT
, Null
Select
[SalesDate].[SalesDate].&[2014]
Except([SalesDate].[SalesDate - Month].[SalesDate Month]
, [SalesDate].[SalesDate - Month].[All].UNKNOWNMEMBER
} on Columns
, [Measures].[Income - plus 12] on Rows
From [My Cube]
So I tried this query but it returns nulls:
With
Member [Measures].[Income - plus 12] As
Sum(
(LinkMember([SalesDate].[SalesDate - Month].CurrentMember
, [Date].[Date - Month Description]
LinkMember(
ParallelPeriod([SalesDate].[SalesDate - Month].[SalesDate Month]
, -12
, [SalesDate].[SalesDate - Month].CurrentMember
, [Date].[Date - Month Description]
,Root([SalesDate])
[Measures].[Income]
Select
[SalesDate].[SalesDate].&[2014]
Except([SalesDate].[SalesDate - Month].[SalesDate Month]
, [SalesDate].[SalesDate - Month].[All].UNKNOWNMEMBER
} on Columns
, [Measures].[Income - plus 12] on Rows
From [My Cube]
I would appreciate any input (urgently as I have been fighting with this for a week now)Hi Simon
Thank you for your reply! I hope this will shed some light:
In the original question, I tried to make the query generic but here is the actual issue:
Ok, I can't upload images as my account has not been verified but this code returns the total prem for inception date January 2014 but includes values in 2015:
With
Set
[Inception - plus 12]
As
LinkMember([Inception Period].[Inception
Year - Month]
, [Loss Ratio Period].[Loss Ratio Year - Month Description])
LinkMember(ParallelPeriod([Inception
Period].[Inception Year - Month].[Inception Month]
, -12, [Inception Period].[Inception Year - Month] )
, [Loss Ratio Period].[Loss Ratio Year - Month Description])
Member
[Measures].[Total Prem - plus 12]
As
sum({ [Inception - plus 12] }
, [Measures].[Total Prem] )
Select
[Inception Period].[Inception Year].&[2014]
*[Inception Period].[Inception Year - Month].[Inception Month]
onColumns
, [Measures].[Total Prem - plus 12]
onRows
From
[Loss Ratio Cube]
So the result for January 2014 includes the Total Prem received in Jan and Feb 2015. So the code under your suggestion, however, the result is now (null)
With
Member
[Measures].[Total Prem - plus 12]
As
sum({LinkMember([Inception
Period].[Inception Year - Month]
, [Loss Ratio Period].[Loss Ratio Year - Month Description])
LinkMember(ParallelPeriod([Inception
Period].[Inception Year - Month].[Inception Month]
, -12, [Inception Period].[Inception Year - Month] )
, [Loss Ratio Period].[Loss Ratio Year - Month Description])
, [Measures].[Total Prem] )
Select
[Inception Period].[Inception Year].&[2014]
*[Inception Period].[Inception Year - Month].[Inception Month]
onColumns
, [Measures].[Total Prem - plus 12]
onRows
From
[Loss Ratio Cube]
Maybe you are looking for
-
Anyone try the cable listed at the link below? I'm looking for a mini-->mini audio cable to connect my IP to my Aux input in my car. I bought a cable that seems to work from Radio Shack, but it doesn't go fully into my IP. At least I think it doesn't
-
I've gone through the Help list under "Unresponsive Script Errors": I don't have Webroot SpySweeper; I tried letting the scripts run longer (selecting "Continue") but they keep coming up; my errors come up all the time, not just on certain websites;
-
can we use the .xls file as the database. If so how to set it up and use it? -karthek
-
How to communicate between UNI ports?
Hi I have a new ME3400 series switch with IOS (me340x-metrobase-mz.122-37.SE1), it has 24 fastethernet and 2 gig fiber uplinks Now all the ports except fiber uplinks are uni ports by default. So can't communicate with each other. Now i wishes to mak
-
Saving my Photoshop Project as JPEG
I recently downloaded the new Photoshop CS5 Extended trial version. Before I had the Regular CS5 with no extension. With the regular cs5 Iwas able to simply click 'save as' and save my proect in jpeg format. Now, when I do this, it says that the file