cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
5
Helpful
6
Replies

Policy routing a switchs

wgranada1
Level 1
Level 1

Have a quick question I'm trying to do PBR on a switch when I do a traceroute from the router to the source I see that it is coming over my sw1 on vlan 7 so I figure I can put the PBR on sw1 vlan 7 but also on my sw2 I have vlan 7 on there as well. Question is would I need to put PBR on vlan 7 as well on sw 2?

1 Accepted Solution

Accepted Solutions

Warren

There is still an aspect of this that I am not clear about. If you did a traceroute to the source and the response to the traceroute came from VLAN 7 then this is the outbound interface that is responding to the traceroute (and therefore the interface that is forwarding the packet and not the interface on which the packet was received by the switch). This would mean that VLAN 7 is not where you configure PBR.

I would suggest that you not depend on traceroute to determine where to configure PBR (other than finding what device is next to the end stations). Look on the switch for the layer 3 interface which has the subnet that the end stations are in. This is where you should configure PBR.

HTH

Rick

HTH

Rick

View solution in original post

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Warren

One fundamental aspect of Policy Based Routing is that you apply PBR on the interface through which the packet arrives at the switch/router. Remembering this will help in answering both parts of your question.

I may need some clarification about your situation. You say that you did a traceroute from the router to the source. And then you say that traffic was going through some switch(es). Are the switches layer 2 switches which are just forwarding based on MAC address or are they layer 3 switches that are performing routing? If they are layer 2 switches then they do not do PBR. If they are layer 3 switches and are routing then they can do PBR.

So if the traffic is arriving on VLAN 7 of the switch/router then that is the interface where you should configure PBR.

And if both switches have VLAN 7 and if the traffic that you want to Policy Route is arriving on VLAN 7 on both switches then you should configure PBR on both switches.

HTH

Rick

HTH

Rick

Hi Rick;

yes they are layer 3 switches Sw1 and Sw2

both have vlan 7 on the switches. Yes when I did a traceroute to the source IP to find out which switch is was coming from it told me vlan 7 and gave the ip address of sw1. But sw2 also as vlan 7 configured on it as well so I need to add PBR on sw2 as well. Thanks for the info I won't be able to do the change till tonight so thus the question right now. Thank you!!!!

Warren

There is still an aspect of this that I am not clear about. If you did a traceroute to the source and the response to the traceroute came from VLAN 7 then this is the outbound interface that is responding to the traceroute (and therefore the interface that is forwarding the packet and not the interface on which the packet was received by the switch). This would mean that VLAN 7 is not where you configure PBR.

I would suggest that you not depend on traceroute to determine where to configure PBR (other than finding what device is next to the end stations). Look on the switch for the layer 3 interface which has the subnet that the end stations are in. This is where you should configure PBR.

HTH

Rick

HTH

Rick

ok the subnet that I want the PBR to work on is my 10.255.180.0/24 subnet which belong to vlan 180 so since vlan 180 is where I should put the PBR and not vlan 7 which is just the return path

That did the trick thank you Rick for all your help!!!!!

Warren

I am glad that you got it working. Thank you for using the rating system to indicate that your issue was resolved (and thanks for the rating). It makes the forum more useful when people can read about an issue and can read what resolved the issue.

The forum is a good place to learn more about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco