Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
4
Replies

PBR with VRF and L3 Switch

klivesey
Level 1
Level 1

‎01-20-2010 07:35 AM - edited ‎03-06-2019 09:22 AM

I am having trouble getting PBR to work with a VRV interface.  I have a 3560 L3 Switch running an IPBase image.  The SDM template is Desktop-Routing.

The target is to get the 10.1.10.0/24 host to route to the FW-B firewall.  Default route on the L3 switch is FW-A.  All hosts access the L3 switch via the Trunk between the L2 and L3 switch.  10.1.10.3 is a VRF and has a policy map applied as such:

access-list 100 permit ip 10.1.10.0 0.0.0.255 any

route-map fwa, permit, sequence 10

  Match clauses:

    ip address (access-lists): 100

  Set clauses:

    ip next-hop 10.1.2.2

I cannot get any traffic from the 10.1.10.x network applied by the routemap.  Any suggestions?

Labels:
Preview file
24 KB
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-20-2010 08:12 AM

hello Klivesey,

among PBR notes in 12.2(44)SE it reports the following:

To use PBR, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates, see "Configuring SDM Templates."

VRF and PBR are mutually exclusive on a switch interface. You cannot enable VRF when PBR is enabled on an interface. The reverse is also true, you cannot enable PBR when VRF is enabled on an interface.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swiprout.html#wp1228588

also for 12.2(52)SE

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swiprout.html#wp1210866

this looks like to be a limit of this switch model, you can change SDM template, but VRF and PBR cannot be used together

Hope to help

Giuseppe

0 Helpful

prasad.gsmc
Level 1
Level 1

‎05-17-2010 12:21 AM

i dont think so its possible. You are trying to put next hop of PBR which is not part of your current routing table (in your VRF 10 there is no connected network of 10.1.2.x hence the next of will fail and PBR is not possible as per the attached diagram....

0 Helpful

prasad.gsmc
Level 1
Level 1

‎05-17-2010 12:36 AM

this maynot be possible since next hope route is not in vrf 10

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to prasad.gsmc

‎05-18-2010 05:40 AM

Hello Prasad,

good note

also PBR and VRF cannot be used together on this specific platform

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card