PBR with VRF and L3 Switch

Unanswered Question
Jan 20th, 2010

I am having trouble getting PBR to work with a VRV interface.  I have a 3560 L3 Switch running an IPBase image.  The SDM template is Desktop-Routing.

The target is to get the 10.1.10.0/24 host to route to the FW-B firewall.  Default route on the L3 switch is FW-A.  All hosts access the L3 switch via the Trunk between the L2 and L3 switch.  10.1.10.3 is a VRF and has a policy map applied as such:

access-list 100 permit ip 10.1.10.0 0.0.0.255 any

route-map fwa, permit, sequence 10

  Match clauses:

    ip address (access-lists): 100

  Set clauses:

    ip next-hop 10.1.2.2

I cannot get any traffic from the 10.1.10.x network applied by the routemap.  Any suggestions?

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 01/20/2010 - 08:12

hello Klivesey,

among PBR notes in 12.2(44)SE it reports the following:

To use PBR, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates, see "Configuring SDM Templates."

VRF and PBR are mutually exclusive on a switch interface. You cannot enable VRF when PBR is enabled on an interface. The reverse is also true, you cannot enable PBR when VRF is enabled on an interface.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swiprout.html#wp1228588

also for 12.2(52)SE

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swiprout.html#wp1210866

this looks like to be a limit of this switch model, you can change SDM template, but VRF and PBR cannot be used together

Hope to help

Giuseppe

prasad.gsmc Mon, 05/17/2010 - 00:21

i dont think so its possible. You are trying to put next hop of PBR which is not part of your current routing table (in your VRF 10 there is no connected network of 10.1.2.x hence the next of will fail and PBR is not possible as per the attached diagram....

Giuseppe Larosa Tue, 05/18/2010 - 05:40

Hello Prasad,

good note

also PBR and VRF cannot be used together on this specific platform

Hope to help

Giuseppe

Actions

This Discussion

Related Content