Policy Based Routing

Unanswered Question
Apr 25th, 2008
User Badges:

Hello,


I am trying to establish a PBR on 3750 switch.The setup is like I am having 7 vlans.I have an ASA firewall and ISA server on same segment on vlan 7.and I want to write a PBR,where the traffic from Vlan 1,2,3 should route via ISA server and traffic from Vlan 4,5,6 should route via ASA firewall.


I have tried this by writing an access-list differenting ISA and ASA traffic,binded it to appropriate route-map command and set the next-hop command.and finally binding the ip policy route-map to the appropriate vlan.


For testing I took one vlan 2 where its traffic has to get routed towards ASA firewall.

Eg:

access-list ISA-traff permit ip X.X.X.X 0.0.0.31 any

access-list ASA-traff permit ip Y.Y.Y.Y 0.0.0.255 any


route-map PBR-ASA-ISA permit 10

match ip address ASA-traff

set ip next-hop ASAIP.


under Vlans 2,I have binded this following command

ip policy route-map PBR-ASA-ISA


But its not working.


In addition to this I have default route given to ISA server.


Can anyone tell me will this default route or any routing entry affect this PBR.


Can anyone tel how to configure PBR for a vlan on switch.


Regards,

Archana.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sat, 04/26/2008 - 13:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Archana


Which SDM template are you using? I would guess that you are using the default template. You can check by using the command show sdm prefer. But PBR is not supported in the default template. To support PBR you need to switch to the routing template using the command sdm prefer routing.


HTH


Rick

marchanamendon Mon, 04/28/2008 - 00:26
User Badges:

Hi


I am using "desktop routing" template.

Is there anything else to be enabled?


Regards,

Archana.

Richard Burts Mon, 04/28/2008 - 02:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Archana


If you are using the desktop routing template then it is not a template issue. The parts of config that you show seem reasonable. Perhaps if you post a more complete section of the config we might see what the problem is.


Also can you tell us how you are testing this and how you determine that PBR is not working?


HTH


Rick

Actions

This Discussion