On the 6k/Sup720 only "match ip address <acl>" (permits only and without log statements) and "set ip next-hop" are supported in hardware. Anything else will be punted.
On Mon, Apr 16, 2012 at 8:55 PM, Andy S <[email protected]> wrote: > Hi There, > > A quick questions in relation to the following policy based routing > configuration for a Cisco 6500. > > Example: > > interface TenGigabitEthernet9/8 > ip address 10.10.10.10 255.255.255.252 > no ip redirects > ip directed-broadcast > ip route-cache flow > ip policy route-map MY-TEST > ! > route-map MY-TEST permit 10 > match ip address MY-TEST-ACL > set ip next-hop 192.168.255.10 > set ip df 0 > ! > route-map MY-TEST permit 20 > > 1/ Does having the permit 20 rule cause all my packets to be punted to the > CPU??? > > According to the output below, I believe this is happening as a result of > the permit 20 rule. > > #show tcam interface tenGigabitEthernet 9/8 acl in ip > > * Global Defaults shared > > Entries from Bank 0 > > Entries from Bank 1 > > permit ip any 224.0.0.0 15.255.255.255 > punt ip any any > > 2/ If point one is true, can I just remove the permit 20 rule which I > believe will stop all packets being punted to the CPU? > > I don't believe policy-maps have an implicit deny at the end, so packets > that don't match permit 10 should continue to be routed using the routing > table. Is this true also? > > Thanks. > > Andy > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
