How to stop Policy Route which rules the router

We all know policy route rules the router. It has even greater priority than  connected route. How to make other routes on the routing tables which can have greater priority than policy route. How to do it?

Following the scenario to do the above difficult but possible stuff.

The above diagram shows there are two path to reach from router R1 loopback address i.e. 30.30.30.1 to router R3 loopback address 40.40.40.1. One is via R1----R2------R3 & the other is via R1----R2-----R4----R3. We have policy map enforce (next hop for 40.40.40.1 towards R4) on router R2 i.e. on F0/0 interface. Still packet moving towards R3 via f0/1 interface of router R2. Check(Scenario 1) the trace route which is now moving via router R2----R3 even the policy route map enforce on the router R2 interface F0/0.

     Now I will shut down f0/1 interface of router R3 which will stop direct connectivity between Router R2 and R3. Now check Scenario 2. Now the traffic moving via R1-R2-R4-R3. How it is possible. The command “set ip default next-hop” is the do the job for us. If you use the syntax default then Policy route will active in case of there is no route in the routing table for the next hop network. Kindly find the  configuration of all the routers below & try it by yourself.

Scenario 1

interface FastEthernet0/0

 ip address 10.10.10.2 255.255.255.0

 ip policy route-map san

 duplex auto

 speed auto

-------

route-map san permit 10

 match ip address ss

 set ip default next-hop 10.10.30.2

R1#traceroute

Protocol [ip]:

Target IP address: 40.40.40.1

Source address: 30.30.30.1

Numeric display [n]:

Timeout in seconds [3]:

Probe count [3]:

Minimum Time to Live [1]:

Maximum Time to Live [30]:

Port Number [33434]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Type escape sequence to abort.

Tracing the route to 40.40.40.1

  1 10.10.10.2 32 msec 12 msec 12 msec

  2 10.10.20.2 28 msec 24 msec 20 msec

Scenario 2

R3#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R3(config)#int f0/1

R3(config-if)#shut

R3(config-if)#

*Mar  1 01:40:02.099: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 10.10.20.1 (FastEthernet0/1) is down: interface down

R3(config-if)#

*Mar  1 01:40:04.007: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar  1 01:40:05.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R1#traceroute

Protocol [ip]:

Target IP address: 40.40.40.1

Source address: 30.30.30.1

Numeric display [n]:

Timeout in seconds [3]:

Probe count [3]:

Minimum Time to Live [1]:

Maximum Time to Live [30]:

Port Number [33434]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Type escape sequence to abort.

Tracing the route to 40.40.40.1

  1 10.10.10.2 20 msec 12 msec 12 msec

  2 10.10.30.2 32 msec 20 msec 44 msec

  3 11.11.11.2 44 msec 48 msec 24 msec

R1

R1#sh run

Building configuration...

Current configuration : 1104 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

!

archive

 log config

  hidekeys

!

!

ip tcp synwait-time 5

ip ssh version 1

!

!

interface Loopback0

 ip address 30.30.30.1 255.255.255.0

!

interface FastEthernet0/0

 ip address 10.10.10.1 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet1/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.10.10.2

!

!

no ip http server

no ip http secure-server

!

no cdp log mismatch duplex

!

!

control-plane

!

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end

R2

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

no ip domain lookup

!

multilink bundle-name authenticated

archive

 log config

  hidekeys

!

ip tcp synwait-time 5

ip ssh version 1

!

interface FastEthernet0/0

 ip address 10.10.10.2 255.255.255.0

 ip policy route-map san

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.10.20.1 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet1/0

 ip address 10.10.30.1 255.255.255.0

 duplex auto

 speed auto

!

router eigrp 100

 redistribute static

 network 10.0.0.0

 auto-summary

!

ip forward-protocol nd

ip route 30.30.30.0 255.255.255.0 10.10.10.1

!

!

no ip http server

no ip http secure-server

!

ip access-list extended ss

 permit ip 30.30.30.0 0.0.0.255 40.40.40.0 0.0.0.255

!

no cdp log mismatch duplex

!

route-map san permit 10

 match ip address ss

 set ip default next-hop 10.10.30.2

!

control-plane

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end

R3

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

archive

 log config

  hidekeys

!

ip tcp synwait-time 5

ip ssh version 1

!

interface Loopback0

 ip address 40.40.40.1 255.255.255.0

!

interface FastEthernet0/0

 ip address 11.11.11.2 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.10.20.2 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet1/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

router eigrp 100

 network 10.0.0.0

 network 40.0.0.0

 auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 11.11.11.1

!

!

no ip http server

no ip http secure-server

!

no cdp log mismatch duplex

control-plane

!

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end

R4

R4#sh run

Building configuration...

Current configuration : 1111 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

archive

 log config

  hidekeys

!

!

ip tcp synwait-time 5

ip ssh version 1

!

interface FastEthernet0/0

 ip address 11.11.11.1 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet1/0

 ip address 10.10.30.2 255.255.255.0

 duplex auto

 speed auto

!

ip forward-protocol nd

ip route 30.30.30.0 255.255.255.0 10.10.30.1

ip route 40.40.40.0 255.255.255.0 11.11.11.2

!

!

no ip http server

no ip http secure-server

!

no cdp log mismatch duplex

!

control-plane

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end