Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4415
Views
10
Helpful
3
Replies

PBR with multiple next-hop not working

Go to solution
gautamzone
Level 1
Level 1

‎02-23-2009 10:40 PM - edited ‎03-06-2019 04:12 AM

Dear Friends,

I have setup PBR on a 3560 (SW Version : 12.2(40)SE Advanced IP Services).

The config is as follows:

route-map mymap permit 10

match ip address <access-list>

set ip next hop 172.21.11.1 172.21.11.2

int g0/25

ip policy route-map mymap

My requirement is that packets should always be policy routed to the next-hop address 172.21.11.1 and if this is down, 172.21.11.2 should be the next hop.

But even i bring down the router 172.21.11.1, the switch never detects that and it still continues to forward packets to the first hop which is unreachable.

The router is connected to port G0/11 of the switch. The config details of this port are as follows:

interface GigabitEthernet0/11

switchport access vlan 211

switchport mode access

spanning-tree portfast

The redundant router (172.21.11.2) is connected to this switch via a trunk link and is reachable.

I also tried other options like the continue clause with route-map but failed(Got the error Unsupported route map).

Can you suggest me a solution on this please?

Thanks a lot

Gautam

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-24-2009 02:49 AM

Hello Gautam,

what would be needed here is to have the two next-hops in two different subnets/vlan.

Actually, until there is a port in vlan 211 that is in STP forwarding state the vlan 211 is up/up and the ARP entry for the first next-hop is used even if it is not reachable.

If you could put the two devices in two different vlans and each vlan has only one port (the one to the device) associated to the L2 vlan you can detect the failure

This is the autostate feature that links the state of an SVI to the presence of at least one physical interface (access or trunk also) in STP forwarding state for the corresponding L2 Vlan.

It would have been handy to have some neighbor verify availabilty command like in C6500 with native IOS

Hope to help

Giuseppe

View solution in original post

3 Replies 3

Go to solution
guruprasadr
Level 7
Level 7

‎02-23-2009 11:08 PM

HI Gautam, [Pls RATE if HELPS]

Try, enabling HSRP between the Routers and route the traffic to the Logical Standby IP Address.

Hope this Helps.

Best Regards,

Guru Prasad R

0 Helpful

Go to solution
gautamzone
Level 1
Level 1
In response to guruprasadr

‎02-23-2009 11:14 PM

Dear Guru,

Thanks a lot for the reply. Though i tried this exercise with routers, the production devices are not Cisco routers but rather Ironport security devices that dont support HSRP.

Thanks a lot anyways for your qucik response.

I couldnt try route-maps with Object tracking too since the 3560's dont support this feature.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-24-2009 02:49 AM

Hello Gautam,

what would be needed here is to have the two next-hops in two different subnets/vlan.

Actually, until there is a port in vlan 211 that is in STP forwarding state the vlan 211 is up/up and the ARP entry for the first next-hop is used even if it is not reachable.

If you could put the two devices in two different vlans and each vlan has only one port (the one to the device) associated to the L2 vlan you can detect the failure

This is the autostate feature that links the state of an SVI to the presence of at least one physical interface (access or trunk also) in STP forwarding state for the corresponding L2 Vlan.

It would have been handy to have some neighbor verify availabilty command like in C6500 with native IOS

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card