Cisco 4900m, pbr, route-map

Hi,
My customer has a question, what is the limit for entries for the route-map for PBR that will be done in hardware? This applies to soft-4900M 12.2 (53) SG2. I need a reference to documentation.
Regards,
lb

Hi Lukasz,
the 4900M is a Data Center Switch and not a Metro one, so it is more appropriate if you post these types of questions on Network Infrastructure > LAN Switching and Routing section
(the 4900M should not be confused with the ME4900 series, which are Metro switches instead).
Anyway it supports 128.000 Security and Quality-of-Service (QoS) Hardware Entries as documented here:
http://www.cisco.com/en/US/products/ps6021/prod_models_comparison.html
and here:
http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps6021/ps9310/Data_Sheet_Cat_4900M.html
regards,
Riccardo

Similar Messages

Route-Map Equal Access

Dears
please if i configure route-map for two access list like below '
interface tengig 1
ip policy route-map ABC
access-list 101 permit any eq www 1.1.1.0 0.0.0.255
access-list 102 permit any eq www 2.2.2.0 0.0.0.255
route-map ABC permit 10
match ip add 101
set ip next-hop 50.1.1.1
route-map ABC permit 20
match ip add 102
set ip next-hop 60.1.1.1
is it need to write this string below ?
route-map ABC permit 30
set default interface null0

Rawa
If you do that any packets that don't match acl 101 or acl 102 and there is no explicit route in the routing table they will be routed to null0. So it depends on whether you want that or not.
I explained this before in that if a packet does not match any PBR route map statements then those packets will be routed using the routing table. However in your example in the last statement, because you have not specified a match statement, all packets that didn't match the acls or have an explicit route in the routing table will be routed to null0.
Jon

PBR - adding a route map to an interface

Hello.
I cannot add a route-map to an interface on a C3750 stack
I have copied the switch details below
#sho ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01280000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE3, RELEASE SOFTWARE (fc1)
Pleidelsheim_V1B_Core uptime is 16 hours, 43 minutes
System returned to ROM by power-on
System restarted at 22:01:48 CET Wed Mar 3 2010
System image file is "flash:/c3750-ipservices-mz.122-35.SE5.bin"
cisco WS-C3750G-24TS (PowerPC405) processor (revision P0) with 118784K/12280K bytes of memory.
Processor board ID CAT1130ZK5F
Last reset from power-on
9 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:1D:46:8C:22:80
Motherboard assembly number     : 73-7058-14
Power supply part number        : 341-0045-01
Motherboard serial number       : CAT113059LV
Power supply serial number      : PHI1114L1PJ
Model revision number           : P0
Motherboard revision number     : A0
Model number                    : WS-C3750G-24TS-E
System serial number            : CAT1130ZK5F
Top Assembly Part Number        : 800-22348-07
Top Assembly Revision Number    : A0
Version ID                      : V07
CLEI Code Number                : COM7700ARA
Hardware Board Revision Number : 0x09
Switch   Ports Model              SW Version              SW Image
*    1   28     WS-C3750G-24TS     12.2(35)SE5             C3750-IPSERVICES-M
     2   28     WS-C3750G-24TS     12.2(35)SE5             C3750-IPSERVICES-M
Switch 02
Switch Uptime                   : 16 hours, 43 minutes
Base ethernet MAC Address       : 00:21:A1:2E:78:00
Motherboard assembly number     : 73-7058-15
Power supply part number        : 341-0045-01
Motherboard serial number       : FDO121903D2
Power supply serial number      : LIT121603VV
Model revision number           : Q0
Motherboard revision number     : A0
Model number                    : WS-C3750G-24TS-E
System serial number            : CAT1105RGN2
Top assembly part number        : 800-22348-08
Top assembly revision number    : A0
Version ID                      : V08
CLEI Code Number                : COMUJ10ARA
Configuration register is 0xF
#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses:                  3K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    11K
    number of directly-connected IPv4 hosts:        3K
    number of indirect IPv4 routes:                 8K
number of IPv4 policy based routing aces:         0.5K
number of IPv4/MAC qos aces:                      0.5K
number of IPv4/MAC security aces:                 1K
When I try to add the route map
interface Vlanx
ip policy route-map xx
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map xx not supported for Policy-Based Routing
Can anyone see what could be wrong?

Okay, just realised the route-map is not valid.
The settings are okay.
access-list 160 remark WIRELESS GUEST PBR FWD TRAFFIC
access-list 160 permit tcp 172.16.168.128 0.0.0.63 any
access-list 160 permit udp 172.16.168.128 0.0.0.63 any
access-list 160 permit ip 172.16.168.128 0.0.0.63 any
access-list 160 permit icmp 172.16.168.128 0.0.0.63 any
route-map GUEST_VLAN-to-WEB permit 20
description FWD REMAINING GUEST TRAFFIC TO PROXY
match ip address 160
set interface Null0
Doesn't like the set interface Null0
How else could I setup a black hole

Route-map not working on cisco 3750

Hello All,
Im trying to use route-map using next hop. For some reason I am not getting any matching packets. SDM is setup for desktop routing.
I am not getting any matches on my route-map nor my ACL.
Code is 12.2(55)SE5
Config
interface Vlan11
description OAD_NAP Data Network
ip address 10.248.60.254 255.255.255.0
ip helper-address 172.17.101.1
ip helper-address 172.17.104.1
ip helper-address 172.17.108.114
no ip redirects
no ip proxy-arp
ip policy route-map ROUTE-OADFW
end
access-list 100 permit ip host 10.248.60.240 host 172.20.1.1 log
access-list 100 permit ip 10.248.60.0 0.0.0.255 172.20.1.0 0.0.0.255
route-map ROUTE-OADFW permit 10
match ip address 100
set ip next-hop 10.248.31.254
Don't know if this makes a difference 10.248.31.254 (FW) is not the next hop but it is in the routing table so the 3750 knows how to get their.
sho route-map
route-map ROUTE-OADFW, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 10.248.31.254
Policy routing matches: 0 packets, 0 bytes
oan-u101-asw-01#
Very straight forward I thought :) Any help really appreciated.

Hi,
You need to look at the config guide
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swiprout.html#wp1392257
Look at step 4
Step 4
set ip next-hop ip-address [...ip-address]
Specify the action to take on the packets that match the criteria. Set next hop to which to route the packet (the next hop must be adjacent).
The address you re using as the next hop is NOT adjacent
Regards
Alex

Route map

Can anyone tell me what a route map is and how they work, thanks
Carl

hi
route maps are used for different purposes like policy based routing,controlling the routing updates also for number of administrative functionalities.
But the usage of route maps can be found mostly inline with PBR where the forwarding is being done based on different criterias.
Abstracts from CCO
"They are an ordered sequence of individual statements, each has a permit or deny result. Evaluation of ACL or route-maps consists of a list scan, in a predetermined order, and an evaluation of the criteria of each statement that matches. A list scan is aborted once the first statement match is found and an action associated with the statement match is performed".
"They are generic mechanismscriteria matches and match interpretation are dictated by the way they are applied. The same route-map applied to different tasks might be interpreted differently".
also check this link for more info.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008047915d.shtml#what
regds

Route Map - Delete Sequence Number

Hi All,
Taking the cisco example below, which demos how to PBR.
access-list 1 permit 209.165.200.225
access-list 2 permit 209.165.200.226
interface ethernet 1
ip policy route-map Texas
route-map Texas permit 10
match ip address 1
set ip precedence priority
set ip next-hop 209.165.200.227
route-map Texas permit 20
match ip address 2
set ip precedence critical
set ip next-hop 209.165.200.228
How would i safely remove sequence number 20 from the above?
Many thanks.

Hi John,
no route-map Texas 20 worked good.
thanks

Route-Map not taken on 3850 IP Services

Something odd I am seeing.
Trying to use a 3850 L3 switch running IP Services, XE ver 03.03.03SE, to do some policy routing on one of the VLAN interfaces.
Interface VLAN 10
ip address 208.x.y.z 255.255.255.0
ip policy route-map Use_Route1
It seems to take the command but when I look back with a show run interface vlan 10, it is not there.
Also when I look at the show route policy it indicates that 0 packets have been processed.
Is this a bug or am I missing something?

Hi Richard,
Cisco 3850 even running on full IP services image will not support verify-availability command to track with IP SLA.
If you enable terminal monitor or configure the device using console you can see the syslog message when you try to configure the route-map with set ip next-hop verify-availability command
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map <name> not supported for Policy-Based Routing
You can see the route-map command showing up in the config BUT as soon as you try to apply to interface vlan10 the command will be not be applied and PBR will not work.
I hope Cisco find way to fix this!!
Workaround:
You can use EEM Applet with IP SLA
event manager applet internet_up
event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "interface Vlan10"
action 3.3 cli command "ip policy router-map Use_Internet"
action 3.4 cli command "exit"
event manager applet internet_down
event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "interface Vlan10"
action 3.3 cli command "no ip policy router-map Use_Internet"
action 3.4 cli command "exit"
repeat the same process for other IP SLA tracking you have
hope this helps
Santhosh

Strange issue - unable to establish PPP with Cisco 887 VAG router on one particular ADSL line

I have a strange problem that I’m struggling to get to the bottom of with my ISP and wondered if anyone could help.
We have a site with an older Cisco 877 ADSL router which was working happily until a few weeks ago when the connection dropped suddenly (out-of-hours at 2am if that’s of any significance – made me think most likely something carrier/ISP related?)    When connectivity was lost, the router could sync with the BT exchange (we are in the UK) but could not establish PPP.
We logged fault with our ISP – after some to’ing and fro’ing, they passed it onto BT and their engineers visited site, they fixed “a line fault” (we don’t get much detail on what was actually fixed) but we still could not establish connectivity – same thing, solid CD light but no PPP.
So, we replaced the router with another 877 – same again, solid CD but no PPP. We replaced all the cables and microfilter etc but no difference.
We tried a different Cisco router (a newer Cisco 887VAG) which, as I understand, uses a different modem chipset but no matter – PPP could still not be established. We tested this router on another ADSL line with the same ISP and it worked without issue, using the same ADSL account details, it was able to establish connectivity. So we figured this must still be a BT/ISP issue.
Since then we’ve had BT out again twice but they say there is no fault. The ISP say there is no issue with them. But we still cannot establish ADSL connectivity on this line, despite having tried 3 different ADSL routers and despite the fact the routers work with the same account details on another ADSL line.
The 887VAG router we have currently connected has 3G backup so that is keeping us going in the meantime and also means I can login to the router remotely to check on the ADSL status.
But I’m struggling to pinpoint where the problem may lie.   Strangely, if I turn on PPP negotiation and authentication debug then I’m not actually seeing any output from it at all?
Yet, the ATM interface is up and shows packets being sent and received:
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR, address is bc16.6596.9b00 (bia bc16.6596.9b00)
MTU 1600 bytes, sub MTU 1600, BW 704 Kbit/sec, DLY 520 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
4 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 00:00:28, output 00:00:07, output hang never
Last clearing of "show interface" counters 6d23h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     23886 packets input, 1676964 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     56469 packets output, 4418592 bytes, 0 underruns
     0 output errors, 0 collisions, 6 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
Does anyone have any ideas on where the problem may be and what more I can do to troubleshoot and provide the relevant evidence to our ISP (assuming it is an ISP/BT issue though the fact the same router works ok with the exact same details etc would seem to indicate it must be their issue!)

Hi Jody,
thanks for the suggestions. Here's what I see from the ppp debugs (but I'm not sure how to interpret?)
Jan 6 14:50:22.838: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:50:22.878: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Jan 6 14:50:24.885: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:35.125: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:45.364: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:55.603: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:05.843: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:16.114: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:26.353: [0]PPPoE 0: O PADT R:0000.0000.0000 L:0000.0000.0000 0/38 ATM0.1
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 00
00 00 00 00 00 00 00 00 00 00 88 63 11 A7 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.576: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.608: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Provider wouldn't have bumped us from ADSL to VDSL - but here's the output of show controller vdsl 0:
Controller VDSL 0 is UP
Daemon Status: Up
XTU-R (DS) XTU-C (US)
Chip Vendor ID: 'BDCM' 'IFTN'
Chip Vendor Specific: 0x0000 0x71C8
Chip Vendor Country: 0xB500 0xB500
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x4602 0x0000
Modem Vendor Country: 0xB500 0x0000
Serial Number Near: FCZ1111C08V C887VAG 15.2(4)M
Serial Number Far:
Modem Version Near: 15.2(4)M
Modem Version Far: 0x71c8
Modem Status: TC Sync (Showtime!)
DSL Config Mode: AUTO
Trained Mode: G.992.1 (ADSL) Annex A
TC Mode: ATM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Trellis: ON ON
SRA: disabled disabled
SRA count: 0 0
Bit swap: enabled enabled
Bit swap count: 1 8
Line Attenuation: 54.5 dB 31.5 dB
Signal Attenuation: 54.5 dB 0.0 dB
Noise Margin: 6.7 dB 11.0 dB
Attainable Rate: 2132 kbits/s 888 kbits/s
Actual Power: 16.7 dBm 12.7 dBm
Total FECC: 546 0
Total ES: 6 0
Total SES: 0 0
Total LOSS: 0 0
Total UAS: 486 486
Total LPRS: 0 0
Total LOFS: 0 0
Total LOLS: 0 0
Full inits: 14
Failed full inits: 1
Short inits: 0
Failed short inits: 1
Firmware Source File Name (version)
VDSL user config flash:vdsl.bin-A2pv6C035d_d23j (10)
Modem FW Version: 110802_1752-4.02L.03.A2pv6C035d.d23j
Modem PHY Version: A2pv6C035d.d23j
Vendor Version:
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 1664 0 704
SRA Previous Speed: 0 0 0 0
Previous Speed: 0 1600 0 736
Total Cells: 0 2786872 0 0
User Cells: 0 68 0 0
Reed-Solomon EC: 0 546 0 0
CRC Errors: 0 9 0 0
Header Errors: 0 10 0 0
Interleave (ms): 0.00 8.00 0.00 8.00
Actual INP: 0.00 1.12 0.00 1.28
Training Log : Stopped
Training Log Filename : flash:vdsllog.bin
And here's the output from the ATM and dialer interfaces:
interface ATM0
no ip address
ip flow ingress
no atm ilmi-keepalive
end
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/38
pppoe-client dial-pool-number 2
end
interface Dialer2
description OUTSIDE
ip address negotiated
ip access-group firewall in
ip mtu 1492
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname ###removed###
ppp chap password ###removed###
no cdp enable
crypto map dcvpn
end
As I say though, config-wise, everything should be correct - the same router works fine on another line (which should also confirm the authentication details are correct - at least in as far as it matches what the ISP have on their RADIUS)
Any further thoughts?

Managing Route-Map based MPLS VPN

1) How to derive the VPN information of the MPLS VPN configured using route-maps? As I understand, stitching route-maps information to derive VPN is complex as it is difficult to derive & correlate the filters tied to each of the route-maps that are tied to a VRF :(
2) Is there any MIB to get from the MIB
a) Route-maps tied to each VRF
b) What is the filter associated with each route-map?
c) Definition of each of the above filter
It would have been nice if the route-maps' name had global-significance within AS, so that we could have treated route-maps, pretty much like the route-tragets. Alas, I doubt it is :(
It should be noted here that if the MPLS VPN is configured using route targets, the VPN information derivation is fairly straight forward throught MplsVpn MIB.
So, the question is what is the simplest way to derive the MPLS VPN info given that they are configured using route-maps in BGP for labelled-route-distribution & for the pkt association with the VRFs.
Thanks,
Suresh R

Each CE in a customer VPN is also added to the management VPN by selecting the Join the management VPN option in the service request user interface.
The function of the management route map is to allow only the routes to the specific CE into the management VPN. The Cisco IOS supports only one export route map and one import route map per VRF.
http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a0080353ac3.html

Making a VoIP call with the Cisco 837 ADSL router

I would greatly appreciate if could please provide some technical assistance to my questions below:
Is it possible to make a VoIP call between two 837 ADSL Cisco routers over a 1Mbps ADSL broadband connection?
If so, can I configure this VoIP connection using either a PPPoE or ATM WAN link?
Is it possible to make a VoIP call using a Cisco 837 Router while simultaneously surfing the Internet? In other words do I need two public IP addresses i.e. one for accessing the internet and one for making the VoIP call or is one static IP address obtained from my ISP sufficent.
It is possible to configure QoS parameters (e.g. RSVP, Voice precedence, Voice codec selection) on this 837 router using PPoE or can it only be done using an ATM WAN interface?
Does the Cisco 837 router support both the H.323 and SIP communication protocols? Do I need to purchase a certain IOS operating system version for VoIP calling?
Does the VoIP dial peers need to be configured with both a POTS and VoIP phone numbers or is only one number required?
Do I need to obtain a special VoIP number from my VoIP service provider? or can I use existing POTS numbers or made up numbers within the dial peers as this situation involves making a private VoIP call between two branch offices using 837 ADSL routers and not via a VoIP service provider.
Finally, can I use POTS ordinary telephones with the Cisco 837 for making VoIP calls or do I strictly need to purchase VoIP phones?
My apologies for the number of questions asked here but I currently need to know the technical ability of the Cisco ADSL 837 as I am thinking of employing these routers in my company organisation.
I await your feedback in due course.
Thanks,
Martin Healy

Hi,
I give you a sample config of my router.
class-map voice
match access-group 101
policy-map mypolicy
class voice
priority 128
class class-default
fair-queue 16
ip subnet-zero
gateway
interface Ethernet0
ip address 20.20.20.20 255.255.255.0
no ip directed-broadcast (default)
ip route-cache policy
ip policy route-map data
interface ATM0
ip address 10.10.10.20 255.255.255.0
no ip directed-broadcast (default)
no atm ilmi-keepalive (default)
pvc 1/40
service-policy output mypolicy
protocol ip 10.10.10.36 broadcast
vbr-nrt 640 600 4
! 640 is the maximum upstream rate of ADSL
encapsulation aal5snap
bundle-enable
h323-gateway voip interface
h323-gateway voip id gk-twister ipaddr 172.17.1.1 1719
h323-gateway voip h323-id gw-820
h323-gateway voip tech-prefix 1#
router eigrp 100
network 10.0.0.0
network 20.0.0.0
ip classless (default)
no ip http server
access-list 101 permit ip any any precedence critical
route-map data permit 10
set ip precedence routine
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
login
voice-port 1
local-alerting
timeouts call-disconnect 0
voice-port 2
local-alerting
timeouts call-disconnect 0
voice-port 3
local-alerting
timeouts call-disconnect 0
voice-port 4
local-alerting
timeouts call-disconnect 0
dial-peer voice 10 voip
destination-pattern ........
ip precedence 5
session target ras
dial-peer voice 1 pots
destination-pattern 5258111
port 1
dial-peer voice 2 pots
destination-pattern 5258222
port 2
dial-peer voice 3 pots
destination-pattern 5258333
port 3
dial-peer voice 4 pots
destination-pattern 5258444
port 4
end

Route map no match

Hi,
what is the reason for not having any match, in the acl for the route-map?
Current configuration : 1731 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
ip cef
interface Loopback0
ip address 192.168.0.1 255.255.255.0
interface Loopback1
ip address 192.168.1.1 255.255.255.0
interface Loopback200
ip address 196.0.0.1 255.255.255.0
interface FastEthernet0/0
ip address 195.0.0.1 255.255.255.0
ip policy route-map r_teste
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface Serial1/0
ip address 10.0.0.2 255.255.255.252
serial restart-delay 0
interface Serial1/1
ip address 172.16.0.2 255.255.255.252
serial restart-delay 0
clock rate 128000
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
router bgp 100
no synchronization
bgp log-neighbor-changes
network 192.168.0.0
network 192.168.1.0
neighbor 10.0.0.1 remote-as 200
neighbor 172.16.0.1 remote-as 300
no auto-summary
ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.0.1
access-list 40 permit any
route-map anuncia1 permit 20
match ip address 20
route-map anuncia0 permit 10
match ip address 10
route-map r_teste permit 10
match ip address 40
set ip default next-hop 10.0.0.1
control-plane
line con 0
line aux 0
line vty 0 4
login
end
R2#ping 192.168.55.1 source 195.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.55.1, timeout is 2 seconds:
Packet sent with a source address of 195.0.0.1
Success rate is 0 percent (0/5)
R2#sh access-lists
Standard IP access list 10
    10 permit 192.168.0.0, wildcard bits 0.0.0.255
Standard IP access list 20
    10 permit 192.168.1.0, wildcard bits 0.0.0.255
Standard IP access list 30
    10 permit 195.0.0.0, wildcard bits 0.0.0.255
Standard IP access list 40
    10 permit any
Extended IP access list 100
    10 permit ip any 192.168.55.0 0.0.0.255
R2#
is possible without changing the bgp?
thanks

Default PBR:
All packets received on an interface (ingress) with PBR enabled are entertained, first they should match through ACL then forward to next hop. if a match is exist (through ACL) but not forward to next hop then do nothing this packet especially for ICMP packet.
I think you need Local PBR:
Packets that are generated by the router are not normally policy-routed. To enable local PBR for such packets, indicate which route map the router should use by using the following command in global configuration mode:
ip local policy route-map TEST
Regards,
kazim

WSA and Cisco Policy Based Routing

I'm looking to convert my WSA from explicit to transparent proxy using policy based routing on a Cisco router. See the config below where xxx.xxx.xxx.xxx is the P1 interface on the WSA. Does anyone see any issues with the following in a production environment?
access-list 110 permit tcp any any eq www
route-map proxy-redirect permit 10
match ip address 110
set ip next-hop xxx.xxx.xxx.xxx
interface ethernet0/1
ip policy route-map proxy-redirect
The P1 interface on the WSA is located upstream from the router so I'm not checking for it in the ACL.

That router configuration looks good to me, but just make sure that the WSA was configured for Transparent mode during the initial System Setup Wizard configuration. If it was initially configured for explicit only, then you will need to run the wizard again to change it to transparent.
Also, make sure to add a deny statement to the top of access-list 110 for the WSA IP address if the WSA will be going out to the Internet through the same e0/1 interface. Loops are bad. :twisted:
Cheers,
Jason

Can't apply policy route-map on C3750 stack vlan interface

Hi All.
I've come up with this problem and i could see some people have had the same issue. I've tried to overlook and check other replies but it didn't help me. So I'm hoping someone could spot the problem. Here are the details:
2 x WS-C3750G-24T-E in stack
Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
switch#sh sdm prefe
The current template is "desktop IPv4 and IPv6 routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses:                  1.5K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    2.75K
    number of directly-connected IPv4 hosts:        1.5K
    number of indirect IPv4 routes:                 1.25K
number of IPv6 multicast groups:                  1.125k
number of directly-connected IPv6 addresses:      1.5K
number of indirect IPv6 unicast routes:           1.25K
number of IPv4 policy based routing aces:         0.25K
number of IPv4/MAC qos aces:                      0.5K
number of IPv4/MAC security aces:                 0.5K
number of IPv6 policy based routing aces:         0.25K
number of IPv6 qos aces:                          0.5K
number of IPv6 security aces:                     0.5K
There are 2 ISPs, G1/0/1 and G2/0/1. After creating a route-map i can apply a policy route-map to Vlan5 and it accepts without any errors. But when you do sh run vlan5 the command is not there, it's not applied.
Any help will be appretiated.
Thanks.

Hi Jon.
Thanks for your reply. I didn't put those configs as they're basic without use of VRF and WCCP. Also i've checked or tried to find the list of unsupported commands and didn't see them in that list. See config below with some extras:
track 11 rtr 1 reachability
track 22 rtr 2 reachability
ip routing
no ip dhcp use vrf connected
interface GigabitEthernet1/0/1
description ISP1
no switchport
ip address 9.9.9.2 255.255.255.252
no ip proxy-arp
no ip mroute-cache
speed 100
duplex full
ipv6 address 2B01:4B8:0:3::2/64
ipv6 ospf 1 area 0
no mdix auto
no cdp enable
interface GigabitEthernet2/0/1
description ISP2
no switchport
ip address 9.9.9.5 255.255.255.252
ip ospf cost 10000
speed 1000
duplex full
ipv6 address 2B01:4B8:0:7::2/64
ipv6 enable
ipv6 ospf cost 10000
ipv6 ospf 1 area 0
interface Vlan5
description Company Ext Subnet
ip address 9.9.8.1 255.255.255.128
no ip proxy-arp
no ip mroute-cache
ipv6 address 2B01:4B8:1:22::1/64
ipv6 ospf 1 area 15
access-list 111 permit tcp any any eq www
route-map pbr1 permit 10
match ip address 111
set interface GigabitEthernet2/0/1 GigabitEthernet1/0/1
route-map pbr1 permit 20
set interface GigabitEthernet1/0/1 GigabitEthernet2/0/1
route-map pbr2 permit 10
match ip address 111
set ip next-hop verify-availability 9.9.9.6 1 track 11
set ip next-hop 9.9.9.1
route-map pbr2 permit 20
set ip next-hop verify-availability 9.9.9.1 1 track 22
set ip next-hop 9.9.9.6
I've tried to apply both policies pbr1 and pbr2, it allowed to do that without errors but at the end it wasn't there.
Cheers,

ASA 5585-X Route-Map

Hi,
how can apply route-map rules to an interface ?
i set up some rules but i cannot apply these rules any interface.
Thanks a lot.

Thank you Kanwal.
in a cisco router you can apply your route-map by using command ip policy map ... İ didnt find any command like this. İ set up some match and set conditions but i do not apply any interface.
can i use route-map to manipulate routing table İn asa 5585-x.?
sincerely

Policy with route-map

Hi all,
may some of you tell me the real meaning of the sub-command "set interface <intf>" under the route-map section?
I thought it was like the <intf> parameter whe you set a route out of an interface.
I tried it with a PIX that should have to act as proxy-arp device but nothing happened.
Everything worked fine using "set ip next-hop ..."
The topology appears a little bit complicated if explained how I built it in practice.
Just a PIX525, a switch and a router 877 that manages VLANS.
I reproduced the environment that doesn't see 2 ethernet interfaces on the router where the policy is applied but 1 serial and 1 ethernet. By now there are 2 devices, one per link, and the def route is based on proxy-arp both for the serial and the ethernet.
Hope the scenario was clearly depicted.
TIA
Alex

Please refer to this document..
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml
HTH,
Ahmed

Cisco 4900m, pbr, route-map

Similar Messages

Maybe you are looking for