No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

How to Deal with It When Policy-based Routes Delivered by the Uplink Interface Lead to the Fact That Users Under the NE40 Cannot Successfully Ping the Intranet Interface

Publication Date:  2012-07-27  |   Views:  132  |   Downloads:  0  |   Author:  SU1001733364  |   Document ID:  EKB0000359554


Issue Description

NE40-3/0/1------.21--------.22---------MA5200-(gateway)---------static user
The static user cam into the NE40 through 3/0/1 and went out after redirection. The gateway address ( of the MA5200 could be successfully pinged from the user and the address ( of the interface on the NE40 could also be successfully pinged from the MA5200. But, the user could not successfully ping After the redirection policy was removed, the user could successfully ping
The configuration of the policy-based route is as follows:
acl number 11019
rule ip source
traffic classifier shuchuanshi
if-match acl 11019
traffic behavior eudemon
redirect ip-nexthop GigabitEthernet2/0/3
interface GigabitEthernet3/0/1
description To_ZhongXinSuo-MA5200G
undo shutdown
ip address
traffic-policy to80-2 inbound 

Alarm Information


Handling Process

The problem was solved by removing the configuration of the policy-based route on GigabitEthernet2/0/3. 

Root Cause

Checking configurations showed that the outbound interface after redirection incorrectly delivered policy-based routes.
interface GigabitEthernet2/0/3
description to-eudemon-out
undo shutdown
ip address
traffic-policy to80-2 inbound
The packet of the problematic static user comes in from the downlink interface and is forwarded to GigabitEthernet2/0/3 after redirection, with the next hop changed to Therefore, after reaching the NE40, the ICMP packet is directly forwarded to a router that is connected to GigabitEthernet2/0/3 instead of being sent to the SRU by the NE40 for processing which finds the policy configured on the downlink interface. If the router has a route to the NE40, the ICMP packet is sent back to the NE40 and afterwards forwarded repeatedly until TTL times out because the same policy is applied on GigabitEthernet2/0/3. Under this configuration, it is normal that the NE40 cannot be pinged.