02-02-2008 10:37 AM - edited 03-03-2019 08:32 PM
Have a quick question I'm trying to do PBR on a switch when I do a traceroute from the router to the source I see that it is coming over my sw1 on vlan 7 so I figure I can put the PBR on sw1 vlan 7 but also on my sw2 I have vlan 7 on there as well. Question is would I need to put PBR on vlan 7 as well on sw 2?
Solved! Go to Solution.
02-02-2008 12:11 PM
Warren
There is still an aspect of this that I am not clear about. If you did a traceroute to the source and the response to the traceroute came from VLAN 7 then this is the outbound interface that is responding to the traceroute (and therefore the interface that is forwarding the packet and not the interface on which the packet was received by the switch). This would mean that VLAN 7 is not where you configure PBR.
I would suggest that you not depend on traceroute to determine where to configure PBR (other than finding what device is next to the end stations). Look on the switch for the layer 3 interface which has the subnet that the end stations are in. This is where you should configure PBR.
HTH
Rick
02-02-2008 11:30 AM
Warren
One fundamental aspect of Policy Based Routing is that you apply PBR on the interface through which the packet arrives at the switch/router. Remembering this will help in answering both parts of your question.
I may need some clarification about your situation. You say that you did a traceroute from the router to the source. And then you say that traffic was going through some switch(es). Are the switches layer 2 switches which are just forwarding based on MAC address or are they layer 3 switches that are performing routing? If they are layer 2 switches then they do not do PBR. If they are layer 3 switches and are routing then they can do PBR.
So if the traffic is arriving on VLAN 7 of the switch/router then that is the interface where you should configure PBR.
And if both switches have VLAN 7 and if the traffic that you want to Policy Route is arriving on VLAN 7 on both switches then you should configure PBR on both switches.
HTH
Rick
02-02-2008 11:54 AM
Hi Rick;
yes they are layer 3 switches Sw1 and Sw2
both have vlan 7 on the switches. Yes when I did a traceroute to the source IP to find out which switch is was coming from it told me vlan 7 and gave the ip address of sw1. But sw2 also as vlan 7 configured on it as well so I need to add PBR on sw2 as well. Thanks for the info I won't be able to do the change till tonight so thus the question right now. Thank you!!!!
02-02-2008 12:11 PM
Warren
There is still an aspect of this that I am not clear about. If you did a traceroute to the source and the response to the traceroute came from VLAN 7 then this is the outbound interface that is responding to the traceroute (and therefore the interface that is forwarding the packet and not the interface on which the packet was received by the switch). This would mean that VLAN 7 is not where you configure PBR.
I would suggest that you not depend on traceroute to determine where to configure PBR (other than finding what device is next to the end stations). Look on the switch for the layer 3 interface which has the subnet that the end stations are in. This is where you should configure PBR.
HTH
Rick
02-02-2008 12:16 PM
ok the subnet that I want the PBR to work on is my 10.255.180.0/24 subnet which belong to vlan 180 so since vlan 180 is where I should put the PBR and not vlan 7 which is just the return path
02-02-2008 12:29 PM
That did the trick thank you Rick for all your help!!!!!
02-02-2008 05:23 PM
Warren
I am glad that you got it working. Thank you for using the rating system to indicate that your issue was resolved (and thanks for the rating). It makes the forum more useful when people can read about an issue and can read what resolved the issue.
The forum is a good place to learn more about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: