Policy Maps on Routed Switch interfaces

simonmerrett · ‎04-28-2007

I have a problem when i try to apply a policy map to a routing interface on a Cisco3560

I have firstly defined the access-list and the route-map. But the problem occurs when trying to apply the ip policy to the physical interface.

ip access-list extended SOFT

permit ip 10.187.237.0 0.0.0.128 172.134.0.0 0.0.255.255

permit ip 12.34.108.0 0.0.0.255 172.134.0.0 0.0.255.255

permit ip 10.200.81.32 0.0.0.15 172.134.0.0 0.0.255.255

permit ip 10.187.239.0 0.0.0.128 172.134.0.0 0.0.255.255

permit ip 10.34.106.0 0.0.0.255 172.134.0.0 0.0.255.255

permit ip 10.200.81.48 0.0.0.15 172.134.0.0 0.0.255.255

ip access-list extended TEST_SOFT

permit ip 12.34.105.0 0.0.0.255 172.134.0.0 0.0.255.255

permit ip 10.187.238.0 0.0.0.255 172.134.0.0 0.0.255.255

permit ip 10.200.81.64 0.0.0.15 172.134.0.0 0.0.255.255

permit ip host 10.187.239.14 172.134.0.0 0.0.255.255

permit ip host 10.187.239.17 172.134.0.0 0.0.255.255

route-map soft_pbr permit 10

match ip address TEST_SOFT

set ip default next-hop 10.200.81.231

!

route-map soft_pbr permit 20

match ip address SOFT

set ip default next-hop 10.200.81.104

interface fast 0/16

ip policy route-map soft_pbr

( the interface will take the command, and this is also the same on a Vlan interface, but doesn't show in the config)

When i then look at the interface it doesn't show the Policy map statement,

interface FastEthernet0/16

description ####*Temporary**

no switchport

ip address 10.200.81.238 255.255.255.240 secondary

ip address 10.200.72.157 255.255.255.192

speed 100

duplex full

standby 91 ip 10.200.72.156

standby 91 priority 150

standby 91 preempt

spanning-tree portfast

######3560_1#sh route-map soft_pbr

route-map swift_pbr, permit, sequence 10

Match clauses:

ip address (access-lists): TEST_SOFT

Set clauses:

ip default next-hop 10.200.81.231

Policy routing matches: 0 packets, 0 bytes

route-map soft_pbr, permit, sequence 20

Match clauses:

ip address (access-lists): SOFT

Set clauses:

ip default next-hop 10.200.81.104

Policy routing matches: 0 packets, 0 bytes

I never see the packet count increasing, even though there is traffic passing through the interface.

!

CLSPRA3560_1#sh version

Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)

Compiled Tue 22-Nov-05 23:18 by yenanh

Image text-base: 0x00003000, data-base: 0x01191EEC

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

CLSPRA3560_1 uptime is 4 weeks, 1 day, 5 hours, 38 minutes

System returned to ROM by power-on

System restarted at 12:03:22 CET Fri Mar 30 2007

System image file is "flash:c3560-advipservicesk9-mz.122-25.SED1.bin"

I have also tried using VLANs and turning the port into a switchport again, and using normal numbered access-lists. Just wondering whether this is a feature of this train of code or, is there a switch, to turn the policy database?

Thanks for any help in advance.

mohammedmahmoud · ‎04-28-2007

Hi there,

To use PBR on your 3560, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates:

http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00803a9a79.htmlv

HTH, please rate if it does help,

Mohammed Mahmoud.

kirkster · ‎04-30-2007

Yep, agreed. I struggled with this one for about two days last month !!! I should have RTFM!!! As soon as you enable the routing template (reboot required)you can use PBR.

Steve