Solved: PBR not working on CAT4510R

l.buschi · ‎10-06-2009

Hello everybody,

I have a problem with policy based routing. It seems it doesn't work.

Here is the configuration:

access-list 199 deny ip 172.27.42.0 0.0.0.255 172.16.0.0 0.15.255.255

access-list 199 permit ip 172.27.42.0 0.0.0.255 any

route-map PBE permit 10

match ip address 199

set ip next-hop 172.24.10.31

Int vlan 10

ip address 172.24.10.1 255.255.255.0

Int vlan 20

ip address 172.29.5.1 255.255.255.0

ip policy route-map PBE

ip route 0.0.0.0 0.0.0.0 172.24.10.100

ip route 172.27.42.0 255.255.255.0 172.29.5.100

What I need is that packet with source address 172.27.42.0/24 should be routed towards 172.24.10.31 for destination except from 172.16.0.0/12 destinations.

no match results in sh route-map

and packet ignores PBR.

I also tried to use a standard access-list such as access-list 1 permit 172.27.42.0 0.0.0.255 to route all traffic from 172.27.42 to 172.24.10.31 but it doesn't work.

Finally I also tried to use

set ip default next-hop 172.24.10.31 but i doesn't work again.

the 4500 IOS version is

cat4500e-entservicesk9-mz.122-44.SG.bin

I thank you very much if any could help me.

best

Johnny

Giuseppe Larosa · ‎10-06-2009

Hello Johnny,

in recent releases support for PBR has been introduced

for example in 12.2(44)SE says:

PBR not supported on sup 6-E

on last release 12.2(53)SG says

Understanding PBR on Supervisor Engine 6-E

The Catalyst 4500 Supervisor Engine 6-E supports matching route-map actions with a packet by installing entries in the TCAM that match the set of packets described by the ACLs in the match criteria of the route map. These TCAM entries point at adjacencies that either perform the necessary output actions or forward the packet to software if either hardware does not support the action or its resources are exhausted.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/53SG/configuration/pbroute.html

you may need an IOS upgrade

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎10-06-2009

Hello Johnny,

first of all what is the supervisor model that is on the chassis

you can post a sh module

It can make the difference some newer supervisors are weak in these features as reported by other colleagues

Hope to help

Giuseppe

l.buschi · ‎10-06-2009

Thank you giuseppe,

here is the show module

5 6 Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E

6 6 Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E

Giuseppe Larosa · ‎10-06-2009

Hello Johnny,

in recent releases support for PBR has been introduced

for example in 12.2(44)SE says:

PBR not supported on sup 6-E

on last release 12.2(53)SG says

Understanding PBR on Supervisor Engine 6-E

The Catalyst 4500 Supervisor Engine 6-E supports matching route-map actions with a packet by installing entries in the TCAM that match the set of packets described by the ACLs in the match criteria of the route map. These TCAM entries point at adjacencies that either perform the necessary output actions or forward the packet to software if either hardware does not support the action or its resources are exhausted.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/53SG/configuration/pbroute.html

you may need an IOS upgrade

Hope to help

Giuseppe