Policy-Based Routing on 3560 switches

Unanswered Question
May 8th, 2009
User Badges:

Hello,


Runing a 3560 on IOS c3560-ipservices-mz.122-25.SEE3.bin (which states PBR is available in Feature Navigator), and also with routing SDM template.


SLHX3530#sh sdm prefer

The current template is "desktop routing" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.


number of unicast mac addresses: 3K

number of IPv4 IGMP groups + multicast routes: 1K

number of IPv4 unicast routes: 11K

number of directly-connected IPv4 hosts: 3K

number of indirect IPv4 routes: 8K

number of IPv4 policy based routing aces: 512

number of IPv4/MAC qos aces: 512

number of IPv4/MAC security aces: 1K


However, it will not allow the below route-map config to be used in a PBR statement when applied to a layer-3 physical interface:


!

route-map STIG-traffic-to-FW permit 10

match ip address 2

set ip next-hop 10.247.250.142

set interface Null0

!

access-list 2 remark For_STIG_traffic_route_map_to_FW

access-list 2 permit any

!

int f0/8

ip address 10.139.145.13 255.255.255.248

ip policy route-map STIG-traffic-to-FW

!


The below error message appears:


000064: May 7 18:45:22: %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map STIG-traffi

c-to-FW not supported for Policy-Based Routing


It will only accept the below route-map:


route-map STIG-traffic-to-FW permit 10

set ip next-hop 10.247.250.142


This seems to semi-work, with mixed results. It does not however allow full design needed. Can anyone advise why this doesn't work with the IOS/config above, and if there is a quick easy solution (upgrade to a different IOS level with proven results)?


Thanks

Phil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jon Marshall Fri, 05/08/2009 - 03:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Phil


Unfortunately not all route-map commands are supported on Catalyst switches. The "set interface" command is not supported on the 3560 even with the latest IOS - 12.2(50)SE -


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swuncli.html#wp1088139


Jon

phil_carter Fri, 05/08/2009 - 04:32
User Badges:

found out it's a hardware restriction.... many thanks.

Actions

This Discussion