PBR with VRF and L3 Switch

Unanswered Question
Jan 20th, 2010

I am having trouble getting PBR to work with a VRV interface.  I have a 3560 L3 Switch running an IPBase image.  The SDM template is Desktop-Routing.

The target is to get the host to route to the FW-B firewall.  Default route on the L3 switch is FW-A.  All hosts access the L3 switch via the Trunk between the L2 and L3 switch. is a VRF and has a policy map applied as such:

access-list 100 permit ip any

route-map fwa, permit, sequence 10

  Match clauses:

    ip address (access-lists): 100

  Set clauses:

    ip next-hop

I cannot get any traffic from the 10.1.10.x network applied by the routemap.  Any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 01/20/2010 - 08:12

hello Klivesey,

among PBR notes in 12.2(44)SE it reports the following:

To use PBR, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates, see "Configuring SDM Templates."

VRF and PBR are mutually exclusive on a switch interface. You cannot enable VRF when PBR is enabled on an interface. The reverse is also true, you cannot enable PBR when VRF is enabled on an interface.


also for 12.2(52)SE


this looks like to be a limit of this switch model, you can change SDM template, but VRF and PBR cannot be used together

Hope to help


prasad.gsmc Mon, 05/17/2010 - 00:21

i dont think so its possible. You are trying to put next hop of PBR which is not part of your current routing table (in your VRF 10 there is no connected network of 10.1.2.x hence the next of will fail and PBR is not possible as per the attached diagram....

Giuseppe Larosa Tue, 05/18/2010 - 05:40

Hello Prasad,

good note

also PBR and VRF cannot be used together on this specific platform

Hope to help



This Discussion

Related Content