I cannot quite suss out the logic behind ACLs + PBR and am asking here hoping that someone can help.
I have an ACL:
ip access-list extended protect-VLANs
seq 10 permit ip host 192.168.2.144 any
seq 50 deny ip any 10.5.8.0 255.255.255.0
seq 51 deny ip any 10.5.7.0 255.255.255.0
seq 90 permit ip any any
Now I go to PBR:
Interface Ve VlanZ
ip policy route-map protect-vlans permit 10 (Active)
match ip address acl protect-VLANs
set ip vrf protect-vlans next-hop 192.168.2.199
set ip vrf protect-vlans next-hop 10.5.8.254
set interface null0 (selected)
Policy routing matches: 0 packets Note: No counters available
VE's ip is 192.168.2.199 onto which protect-vlans PBR is applied.
What I'm hoping to achieve is that only 192.168.2.144 could get to VLANs "behind" 192.168.2.199.
But with above no node, not 192.168.2.144 can ping 10.5.8.0/24
I'm failing to understand the logic here, obviously.