Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1425
Views
0
Helpful
5
Replies

3750 support for pbr & vrf

roadhouse1387
Level 1
Level 1

‎05-23-2007 03:16 AM - edited ‎03-05-2019 04:14 PM

HI,

I am trying to get a 3750 with enhanced layer 3 software (12.2(35)se) to do some policy based routing from a VRF recieve interface into a VRF instance. The switch is running VRF lite.

The config looks fine but i'm having trouble with the route map, specifically the 'Set VRF <name>' option.

basically, i am trying to route from vlan 700 (global routing table) into VRF UNI. At the same time, keeping the whole thing as secure from each other as possible.

The Route Map looks like this...

route-map uni-radius, permit, sequence 10

Match clauses:

ip address (access-lists): 101

Set clauses:

vrf UNI

When I use this to interface vlan 700, the switch will not apply the route map and gives the following error...

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map uni-radius not supported f

or Policy-Based Routing

Is the 'set vrf' command supported on the 3750 ? It does not appear on the 'unsupported commands' document for this release.

Second, can i use the 'set ip next-hop x.x.x.x and set ip next-hop in vrf <vrf name> command in place of the 'set vrf' command to achieve the same thing.

The switch will apply this 'set ip-next hop' route map to the interface ok and i can see hits on the policy, but the routing will not work. Looking at the debug output, it seems as if it is still trying to route from within the global routing table.

Again, I cant seem to find any info on cisco.com about this command or its useage guidelines, so im not sure i am using it correctly. I am using...

set ip next-hop x.x.x.x

set ip next-hop in-vrf <name>

Can anyone shed any light on where i might be going wrong on this ?

Here are the relevent bits of config...

ip vrf UNI

rd 1:20

route-target export 1:20

route-target import 1:20

interface Loopback1

ip vrf forwarding UNI

ip address 10.6.63.253 255.255.255.255

!

interface FastEthernet1/0/1

no switchport

ip vrf forwarding EDIT

ip address 10.6.46.1 255.255.255.252

interface Vlan20

ip vrf forwarding UNI

ip address 2.2.2.1 255.255.255.248 secondary

ip address 10.50.1.1 255.255.255.0

!

interface Vlan700

ip vrf receive UNI

ip address 10.6.32.2 255.255.255.0

no ip proxy-arp

router rip

version 2

no auto-summary

!

address-family ipv4 vrf UNI

redistribute bgp 1

network 2.0.0.0

network 10.0.0.0

no auto-summary

version 2

exit-address-family

router bgp 1

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf UNI

redistribute rip

neighbor 10.6.46.6 remote-as 2

neighbor 10.6.46.6 activate

no synchronization

network 10.6.63.251 mask 255.255.255.255

exit-address-family

access-list 101 permit ip host 10.6.32.12 host 172.18.3.40

route-map uni-radius permit 10

match ip address 101

set vrf UNI

Cheers

Shaun

Labels:
0 Helpful
5 Replies 5

bjornarsb
Level 4
Level 4

‎05-23-2007 04:21 AM

Hi,

Try: ip vrf select source,

under interface Vlan700.

Keep in mind that vrf receive only

adds Interface Address into VRF Table.

I'm not sure of the effect using only vrf receive. I quess that routing still will be global for Vlan700.

HTH

Regards,

Bjornarsb

0 Helpful

roadhouse1387
Level 1
Level 1
In response to bjornarsb

‎05-23-2007 04:29 AM

HI, thanks for the quick reply.

I tried that first and although it lets me put the command on the interface, the switch will not take the selection global command.

If i enter...

vrf selection criteria source vrf UNI

i get

% VRF Select: failed to add config

so I guess vrf source selection is not supported.

:-(

Cheers

Shaun

0 Helpful

bjornarsb
Level 4
Level 4
In response to roadhouse1387

‎05-23-2007 04:38 AM

try :

(config-if)#ip vrf select source ?

(config-if)#

Without specifying source ip and mask.

And please issue a:

sh sdm prefer

sh sdm prefer

The current template is "desktop default" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 6K

number of igmp groups + multicast routes: 1K

number of unicast routes: 8K

number of directly connected hosts: 6K

number of indirect routes: 2K

number of policy based routing aces: 0

number of qos aces: 512

number of security aces: 1K

0 Helpful

roadhouse1387
Level 1
Level 1
In response to bjornarsb

‎05-23-2007 06:17 AM

Hi,

here is the sdm output..

VRFaware-Wireles-SWt#sh s

1d00h: %SYS-5-CONFIG_I: Configured from console by consoledm prefe

The current template is "desktop routing" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K

number of IPv4 IGMP groups + multicast routes: 1K

number of IPv4 unicast routes: 11K

number of directly-connected IPv4 hosts: 3K

number of indirect IPv4 routes: 8K

number of IPv4 policy based routing aces: 0.5K

number of IPv4/MAC qos aces: 0.5K

number of IPv4/MAC security aces: 1K

the interface will take the 'ip vrf select source' command without any other arguments but it has no effect. I believe it also needs the global 'ip vrf selection criteria' command to define the source addresses to act upon. Its the global command which the switch kicks out.

Cheers

Shaun

0 Helpful

bjornarsb
Level 4
Level 4
In response to roadhouse1387

‎05-23-2007 11:40 PM

Hi again,

ok, then you might go for an isr ?

BR,

Bjornarsb

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card