Policy Based Routing

Unanswered Question
Apr 25th, 2008

Hello,

I am trying to establish a PBR on 3750 switch.The setup is like I am having 7 vlans.I have an ASA firewall and ISA server on same segment on vlan 7.and I want to write a PBR,where the traffic from Vlan 1,2,3 should route via ISA server and traffic from Vlan 4,5,6 should route via ASA firewall.

I have tried this by writing an access-list differenting ISA and ASA traffic,binded it to appropriate route-map command and set the next-hop command.and finally binding the ip policy route-map to the appropriate vlan.

For testing I took one vlan 2 where its traffic has to get routed towards ASA firewall.

Eg:

access-list ISA-traff permit ip X.X.X.X 0.0.0.31 any

access-list ASA-traff permit ip Y.Y.Y.Y 0.0.0.255 any

route-map PBR-ASA-ISA permit 10

match ip address ASA-traff

set ip next-hop ASAIP.

under Vlans 2,I have binded this following command

ip policy route-map PBR-ASA-ISA

But its not working.

In addition to this I have default route given to ISA server.

Can anyone tell me will this default route or any routing entry affect this PBR.

Can anyone tel how to configure PBR for a vlan on switch.

Regards,

Archana.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sat, 04/26/2008 - 13:19

Archana

Which SDM template are you using? I would guess that you are using the default template. You can check by using the command show sdm prefer. But PBR is not supported in the default template. To support PBR you need to switch to the routing template using the command sdm prefer routing.

HTH

Rick

marchanamendon Mon, 04/28/2008 - 00:26

Hi

I am using "desktop routing" template.

Is there anything else to be enabled?

Regards,

Archana.

Richard Burts Mon, 04/28/2008 - 02:58

Archana

If you are using the desktop routing template then it is not a template issue. The parts of config that you show seem reasonable. Perhaps if you post a more complete section of the config we might see what the problem is.

Also can you tell us how you are testing this and how you determine that PBR is not working?

HTH

Rick

Actions

This Discussion