3750 support for pbr & vrf

Unanswered Question
May 23rd, 2007


I am trying to get a 3750 with enhanced layer 3 software (12.2(35)se) to do some policy based routing from a VRF recieve interface into a VRF instance. The switch is running VRF lite.

The config looks fine but i'm having trouble with the route map, specifically the 'Set VRF <name>' option.

basically, i am trying to route from vlan 700 (global routing table) into VRF UNI. At the same time, keeping the whole thing as secure from each other as possible.

The Route Map looks like this...

route-map uni-radius, permit, sequence 10

Match clauses:

ip address (access-lists): 101

Set clauses:

vrf UNI

When I use this to interface vlan 700, the switch will not apply the route map and gives the following error...

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map uni-radius not supported f

or Policy-Based Routing

Is the 'set vrf' command supported on the 3750 ? It does not appear on the 'unsupported commands' document for this release.

Second, can i use the 'set ip next-hop x.x.x.x and set ip next-hop in vrf <vrf name> command in place of the 'set vrf' command to achieve the same thing.

The switch will apply this 'set ip-next hop' route map to the interface ok and i can see hits on the policy, but the routing will not work. Looking at the debug output, it seems as if it is still trying to route from within the global routing table.

Again, I cant seem to find any info on cisco.com about this command or its useage guidelines, so im not sure i am using it correctly. I am using...

set ip next-hop x.x.x.x

set ip next-hop in-vrf <name>

Can anyone shed any light on where i might be going wrong on this ?

Here are the relevent bits of config...

ip vrf UNI

rd 1:20

route-target export 1:20

route-target import 1:20

interface Loopback1

ip vrf forwarding UNI

ip address


interface FastEthernet1/0/1

no switchport

ip vrf forwarding EDIT

ip address

interface Vlan20

ip vrf forwarding UNI

ip address secondary

ip address


interface Vlan700

ip vrf receive UNI

ip address

no ip proxy-arp

router rip

version 2

no auto-summary


address-family ipv4 vrf UNI

redistribute bgp 1



no auto-summary

version 2


router bgp 1

no synchronization

bgp log-neighbor-changes

no auto-summary


address-family ipv4 vrf UNI

redistribute rip

neighbor remote-as 2

neighbor activate

no synchronization

network mask


access-list 101 permit ip host host

route-map uni-radius permit 10

match ip address 101

set vrf UNI



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bjornarsb Wed, 05/23/2007 - 04:21


Try: ip vrf select source,

under interface Vlan700.

Keep in mind that vrf receive only

adds Interface Address into VRF Table.

I'm not sure of the effect using only vrf receive. I quess that routing still will be global for Vlan700.




roadhouse1387 Wed, 05/23/2007 - 04:29

HI, thanks for the quick reply.

I tried that first and although it lets me put the command on the interface, the switch will not take the selection global command.

If i enter...

vrf selection criteria source vrf UNI

i get

% VRF Select: failed to add config

so I guess vrf source selection is not supported.




bjornarsb Wed, 05/23/2007 - 04:38

try :

(config-if)#ip vrf select source ?


Without specifying source ip and mask.

And please issue a:

sh sdm prefer

sh sdm prefer

The current template is "desktop default" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 6K

number of igmp groups + multicast routes: 1K

number of unicast routes: 8K

number of directly connected hosts: 6K

number of indirect routes: 2K

number of policy based routing aces: 0

number of qos aces: 512

number of security aces: 1K

roadhouse1387 Wed, 05/23/2007 - 06:17


here is the sdm output..

VRFaware-Wireles-SWt#sh s

1d00h: %SYS-5-CONFIG_I: Configured from console by consoledm prefe

The current template is "desktop routing" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K

number of IPv4 IGMP groups + multicast routes: 1K

number of IPv4 unicast routes: 11K

number of directly-connected IPv4 hosts: 3K

number of indirect IPv4 routes: 8K

number of IPv4 policy based routing aces: 0.5K

number of IPv4/MAC qos aces: 0.5K

number of IPv4/MAC security aces: 1K

the interface will take the 'ip vrf select source' command without any other arguments but it has no effect. I believe it also needs the global 'ip vrf selection criteria' command to define the source addresses to act upon. Its the global command which the switch kicks out.




This Discussion