cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11795
Views
5
Helpful
14
Replies

PBR with VLAN interface

lveraza2010
Level 1
Level 1

Hi,

I have configured step by step PBR on my core switch.  The core switch is using 2 L3 VLAN and it has connected 2 routers. Every VLAN has to use one router like default gateway, but If one router fails, all the traffic will be sending to the active router.

The problem that I have is that PBR is not working, when I put on VLAN interface ´ ip policy route-map NAME ´, the core switch doesn’t accept this command, it does nothing.

Do you have any idea why not?.

Thank you, best regards, Luis.

2 Accepted Solutions

Accepted Solutions

Hi Luis,

Take a look at the following configuration guide for the 3560 below, it details the steps for configuring PBR including configuring the SDM template.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swiprout.html#wp1228588

To use PBR, you must first enable the routing  template by using the sdm prefer routing global  configuration command.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swsdm.html#wpxref88774

Regards

Allan.

Hope this helps, pls rate helpful posts.

View solution in original post

Luis

Follow Allan's instructions about the sdm routing template and you should be fine.

Jon

Please also rate helpful posts

View solution in original post

14 Replies 14

Jon Marshall
Hall of Fame
Hall of Fame

Luis

What switch, which IOS and which feature set (for IOS and feature set just post a "sh version").

Jon

Here the info:

ROUTERNAME#sho ver

Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(40)SE, R

ELEASE SOFTWARE (fc3)

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Fri 24-Aug-07 01:39 by myl

Image text-base: 0x00003000, data-base: 0x01800000

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWA

RE (fc1)

ARBUESWTADM01 uptime is 12 weeks, 4 days, 17 hours, 26 minutes

System returned to ROM by power-on

System restarted at 19:49:45 HAA Thu Jan 21 2010

System image file is "flash:c3560-ipservicesk9-mz.122-40.SE.bin"

Thank you.

Have you enabled the sdm routing template ?

Jon

No, I didn´t have any idea about sdm routing template, Do i need ?, for what is it ?. Thank you.

Hi Luis,

Take a look at the following configuration guide for the 3560 below, it details the steps for configuring PBR including configuring the SDM template.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swiprout.html#wp1228588

To use PBR, you must first enable the routing  template by using the sdm prefer routing global  configuration command.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swsdm.html#wpxref88774

Regards

Allan.

Hope this helps, pls rate helpful posts.

Luis

Follow Allan's instructions about the sdm routing template and you should be fine.

Jon

Please also rate helpful posts

Hi, based on Cisco document I have enabled sdm prefer dual-ipv4-and-ipv6 routing with PBR.

´´ The software supports IPv4 PBR only when the dual-ipv4-and-ipv6 routing template is configured´´

The show sdm prefer command is showing next:

ROUTER#sh sdm prefer

The current template is "desktop IPv4 and IPv6 routing" template.

The problem that I have yet, the IP policy route-map NAME is not working, I enable it but the switch does nothing.

Do you have another idea why is not working ?.

PBR is not working, as yo know, If I can´t enable IP policy route-map, PBR won´t work.

´´ Enables policy routing and identifies a route map to be used for policy routing ´´.

Thank you, best regards. Luis Veraza.

Luis

Can you post the config together with the test details you carried out that didn't work.

Jon

Here the config:

ROUTER#show conf
Using 8169 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname ROUTER
!
enable password
!
no aaa new-model
clock timezone HAA -3
system mtu routing 1500
!
track 123 rtr 1 reachability
!
track 124 rtr 2 reachability
ip subnet-zero
ip routing
!
ip sla 1
icmp-echo 192.68.84.251
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.68.84.252
ip sla schedule 2 life forever start-time now
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2  1
mls qos srr-queue input cos-map queue 1 threshold 3  0
mls qos srr-queue input cos-map queue 2 threshold 1  2
mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3  3 5
mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3  32
mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3  2 4
mls qos srr-queue output cos-map queue 4 threshold 2  1
mls qos srr-queue output cos-map queue 4 threshold 3  0
mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
vlan dot1q tag native
!
!
!
!
interface GigabitEthernet0/1

interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.68.81.254 255.255.252.0
!
interface Vlan3
ip address 192.68.84.253 255.255.255.248
!
interface Vlan93
ip address 192.68.93.254 255.255.255.0
ip helper-address 192.168.81.4
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.68.84.251
ip route 0.0.0.0 0.0.0.0 192.68.84.252
ip http server
ip http secure-server
!
!
access-list 100 permit ip 192.68.80.0 0.0.3.255 any
access-list 101 permit ip 192.68.93.0 0.0.0.255 any
route-map BAD permit 10
match ip address 100
set ip next-hop verify-availability 192.68.84.251 10 track 123
set ip next-hop verify-availability 192.68.84.252 20 track 124
!
route-map BAV permit 10
match ip address 101
set ip next-hop verify-availability 192.68.84.252 10 track 124
set ip next-hop verify-availability 192.68.84.251 20 track 123
!
line con 0
password
line vty 0 4
password
login
length 0
line vty 5 15
password
login
!
ntp clock-period 36028795
end

ROUTER#

And when you say it isn't working how are you proving that ?

Jon

I typed next:

ROUTER#show ip policy

Interface Route map

ROUTER#

It showed me nothing, later I reviewed the current config and the Interface VLAN1 is showing only the IP address.

Thanks, best regards, Luis.

Luis

Have you tried applying the route-map to the vlan interface or even after setting up the SDM template are you saying it is still not applying ie.

vlan

ip policy route-map

Also note from your config you don't need 2 route-map names ie. you can just do -

route-map BAD permit 10
match ip address 100
set ip next-hop verify-availability 192.68.84.251 10 track 123
set ip next-hop verify-availability 192.68.84.252 20 track 124
!
route-map BAD permit 20
match ip address 101
set ip next-hop verify-availability 192.68.84.252 10 track 124
set ip next-hop verify-availability 192.68.84.251 20 track 123
!

Jon

You´re right.

I changed these route-map numbers some days ago, they don´t have the same number now, BUT ! I removed them and I added again some minutes ago and the IP policy is working.

Thanks a lot, it´s working now.

Best regards, Luis.

lveraza2010 wrote:

You´re right.

I changed these route-map numbers some days ago, they don´t have the same number now, BUT ! I removed them and I added again some minutes ago and the IP policy is working.

Thanks a lot, it´s working now.

Best regards, Luis.

Luis

Glad you got it working.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: