Source based routing in Cisco Layer 3 ?

Unanswered Question
Apr 22nd, 2010


In my set up, I have a Cisco 3560 Layer 3 switch in which I have created 4 vlans (say,,, and above that I have 2 Cisco routers (say A and B). In my current setup, by default, all traffic goes to my Cisco A through my Linux gateway. Is it possible for me to do source based routing in my Layer 3? I would like to route traffic from one particular vlan alone (say vlan) or one particular host from a vlan to my router B. How can I do this otherwise if I can't do source based routing...

Any help greatly appreciated...


Ribin Jones S.B

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
KARUPPUCHAMY MA... Thu, 04/22/2010 - 04:17


Yes.It is possible by configuring "policy based routing" in your L3.

Sample Config on L3:

access-list 1 permit ip 
access-list 2 permit ip 

route-map net_access permit 10
 match ip address 1
 set ip default next-hop 
route-map net_access permit 20
 match ip address 2
 set ip default next-hop 

interface fa0/0/0

ip policy route-map net_access

ycae Thu, 04/22/2010 - 04:17


You can work with route-maps.

first you create an access-list which matches for example the source network you want to router B

then you create a route-map which specifies what access-list to use and what would be the next hop for these ip addresses.

the third step, you apply your route map to the concerned interface.



One more thing to be considered as well is the sdm mode you are using.

As I know PBR available only in routing sdm ("sdm prefer routing" global config command and requires reboot) and it is not the default.

I have run into this on 3560E while trying to configure PBR so don't be surprised if you get error messages when you try to apply the pbr in the interface.

Hope it helps, rate if does


Jon Marshall Thu, 04/22/2010 - 04:44

One final point. You need the IPServices image on your switch to support PBR. IP Base will not work.


ribin.jones Thu, 04/22/2010 - 05:18

Thanks for all the replies...I will try it out and get back to you guys..

Thanks again,


ribin.jones Thu, 06/03/2010 - 04:45


Which interface I shoula pply the route map?

In my setup, port 17 is the one connecting the two routers A and B. So, I tried applying this in the inerface fastEthernet 0/17.

But I get this error.

Switch3560(config-if)#ip policy route-map net_access
% Invalid input detected at '^' marker.

Below is my route map and the ACL.

access-list 1 permit
route-map net_access permit 10
match ip address 1
set ip default next-hop

I want traffic from the host to go through router



Hitesh Vinzoda Thu, 06/03/2010 - 04:58


The default gateway for the host seems to be interface vlan's so apply the policy on vlan interfaces...


Int vlan 10

ip policy route-map net_access


Hitesh Vinzoda

Please rate useful posts

ribin.jones Thu, 06/03/2010 - 07:40

i am not able to apply the route-map in the vlan interface. Seems there is no such command under vlan. Below are my options coming up under vlan.

Switch3560(config)#interface vlan 50

Switch3560(config-if)#ip ?
Interface IP configuration subcommands:
  access-group        Specify access control for packets
  accounting          Enable IP accounting on this interface
  address             Set the IP address of an interface
  admission           Apply Network Admission Control
  authentication      authentication subcommands
  bandwidth-percent   Set EIGRP bandwidth limit
  broadcast-address   Set the broadcast address of an interface
  cef                 Cisco Express Forwarding interface commands
  dhcp                Configure DHCP parameters for this interface
  directed-broadcast  Enable forwarding of directed broadcasts
  hello-interval      Configures IP-EIGRP hello interval
  helper-address      Specify a destination address for UDP broadcasts
  hold-time           Configures IP-EIGRP hold time
  information-reply   Enable sending ICMP Information Reply messages
  irdp                ICMP Router Discovery Protocol
  load-sharing        Style of load sharing
  local-proxy-arp     Enable local-proxy ARP
  mask-reply          Enable sending ICMP Mask Reply messages
  next-hop-self       Configures IP-EIGRP next-hop-self
  probe               Enable HP Probe support
  proxy-arp           Enable proxy ARP
  rarp-server         Enable RARP server for static arp entries
  redirects           Enable sending ICMP Redirect messages
  rip                 Router Information Protocol
  route-cache         Enable fast-switching cache for outgoing packets
  security            DDN IP Security Option
  split-horizon       Perform split horizon
  summary-address     Perform address summarization
  unnumbered          Enable IP processing without an explicit address
  unreachables        Enable sending ICMP Unreachable messages
  vrf                 VPN Routing/Forwarding parameters on the interface

Switch3560(config-if)#ip po
Switch3560(config-if)#ip policy route-map net_access
% Invalid input detected at '^' marker.


This Discussion