Routing Question

Unanswered Question
Jul 18th, 2008

I need help on setting up routing for a single subnet.

At the moment all traffic is routed via the etherchannel(po1) to the R2 Router via ospf. What i would like to do is route a single SVI on the 4506 to R1 instead of R2.

Can i apply a route map on the subnet ( SVI VLAN18 interface and set the next hop via r1 interface(

should i apply the policy on the trunk port or on the SVI?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Darshannaidoo Mon, 08/04/2008 - 15:28

Thanks Jerry,

I have applied the route-map on the 4506 SVI.

route-map Traffic_to_ISP2 permit 10

match ip address 20

set ip next-hop

#sh ip access-lists 20

Standard IP access list 20

10 permit, wildcard bits

interface Vlan17

description Layer3 gateway

ip address

ip policy route-map Traffic_to_ISP2

#sh ip policy

Interface Route map

Vlan17 Traffic_to_ISP2

#sh route-map

route-map Traffic_to_ISP2, permit, sequence 10

Match clauses:

ip address (access-lists): 20

Set clauses:

ip next-hop

Nexthop tracking current:, fib_nh:18836098,oce:189008EC,status:1

Policy routing matches: 0 packets, 0 bytes

However i am not getting any matches when debugging or any matches on the acl.

A traceroute shows traffic hitting the SVI but the PBR is not working

Protocol [ip]:

Target IP address:

Source address:

Numeric display [n]:

Timeout in seconds [3]:

Probe count [3]:

Type escape sequence to abort.

Tracing the route to

1 0 msec 0 msec 9 msec

2 0 msec 0 msec 9 msec

7 16 msec 17 msec 25 msec

Any ideas?

Jerry Ye Mon, 08/04/2008 - 18:52


Just a question, where do you initiate the ping? On the router where PBR is configured on the SVI? If this is the case, you have to use the command "ip local policy route-map map-tag" to test the PBR.

If you are testing from a PC on VLAN 17, the trace route should hit the ACL and use the PBR.



Darshannaidoo Mon, 08/04/2008 - 22:14

Good question

Traffic is not orginating on the switch which is a 4506 not a router. I am tracerouting from another switch on vlan17.

I am not getting any matches which would suggest the switch has issues with PBR should i be running a different IOS?

at the moment i am running "cat4000-i5s-mz.122-25.EWA13.bin"

Jerry Ye Tue, 08/05/2008 - 08:43

Hi, Can you post the output of the following command:

show ip route

I am wondering is the next hop on the routing table of the 4506.



Darshannaidoo Tue, 08/05/2008 - 13:29

Yes it is directly connected, it is a ptp connection from the 4506 to the router for ISP2.

#sh ip route

Routing entry for

Known via "connected", distance 0, metric 0 (connected, via interface)

Jerry Ye Tue, 08/05/2008 - 19:26

Hi, I don't see any issue with your configuration.

Like I said before, if you are testing the PBR from any device on VLAN17, the route-map and ACL should catch it. However, if the traceroute/ping is initiate from the 4506 sourced from VLAN17, "ip local policy" should be use to perform the test.




This Discussion