PBR with Layer3 switch (3560)

Answered Question
Jul 16th, 2009
User Badges:

Hi all,

I would like have web traffic to be directed towrds a default gateway 1.1.1.1 and SMTP traffic towards a different gateway 1.1.1.2.


I know I need apolicy based routing.


Is it possibile to configure PBR in catalyst 3560?

if it is, what image do I need: the base or the enhanced one?


Thank you very much


Correct Answer by Jon Marshall about 7 years 11 months ago

Lorenzo


Yes the 3560 does support PBR and you will need the Enhanced Image - IP services.


You also need to enable to the routing template, "sdm prefer routing".


And there are some unsupported PBR commands on the 3560 -


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swuncli.html#wp1088139


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 07/16/2009 - 07:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Lorenzo


Yes the 3560 does support PBR and you will need the Enhanced Image - IP services.


You also need to enable to the routing template, "sdm prefer routing".


And there are some unsupported PBR commands on the 3560 -


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swuncli.html#wp1088139


Jon

l.buschi Thu, 07/16/2009 - 07:45
User Badges:

Thank you jon.

Do you think it could work the following way?


route-map PBR permit 10

match ip address PBRACL

set IP next hop 1.1.1.2


access-list PBRACL permit tcp host 1.1.1.30 any eq 25


ip route 0.0.0.0 0.0.0.0 1.1.1.1


int vlan 1

ip address 1.1.1.254 255.255.255.0

ip policy route-map PBRACL


on a catalyst 3560 with IP service Image

in order to send SMTP from server 1.1.1.30 to 1.1.1.2 and all the lan traffic (included 1.1.1.30 apart from tcp 25) to 1.1.1.1?


THhank you very much

Johnny


Jon Marshall Thu, 07/16/2009 - 08:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Johnny


Yes that config looks fine.


Jon

Actions

This Discussion