Source based routing in Cisco Layer 3 ?

ribin.jones · ‎04-22-2010

Hi,

In my set up, I have a Cisco 3560 Layer 3 switch in which I have created 4 vlans (say 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24) and above that I have 2 Cisco routers (say A and B). In my current setup, by default, all traffic goes to my Cisco A through my Linux gateway. Is it possible for me to do source based routing in my Layer 3? I would like to route traffic from one particular vlan alone (say 192.168.3.0/24 vlan) or one particular host from a vlan to my router B. How can I do this otherwise if I can't do source based routing...

Any help greatly appreciated...

Regards,

Ribin Jones S.B

KARUPPUCHAMY MALAIYANDI · ‎04-22-2010

Hi,

Yes.It is possible by configuring "policy based routing" in your L3.

Sample Config on L3:

access-list 1 permit ip 
access-list 2 permit ip

route-map net_access permit 10
 match ip address 1
 set ip default next-hop 
route-map net_access permit 20
 match ip address 2
 set ip default next-hop

interface fa0/0/0

ip policy route-map net_access

Thanks

Karuppu

ycae · ‎04-22-2010

Hi,

You can work with route-maps.

first you create an access-list which matches for example the source network you want to router B

then you create a route-map which specifies what access-list to use and what would be the next hop for these ip addresses.

the third step, you apply your route map to the concerned interface.

http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfindp2.html#wp1044142

Yves

kerek · ‎04-22-2010

Hi,

One more thing to be considered as well is the sdm mode you are using.

As I know PBR available only in routing sdm ("sdm prefer routing" global config command and requires reboot) and it is not the default.

I have run into this on 3560E while trying to configure PBR so don't be surprised if you get error messages when you try to apply the pbr in the interface.

Hope it helps, rate if does

Krisztian

Jon Marshall · ‎04-22-2010

One final point. You need the IPServices image on your switch to support PBR. IP Base will not work.

Jon

ribin.jones · ‎04-22-2010

Thanks for all the replies...I will try it out and get back to you guys..

Thanks again,

Ribin

ribin.jones · ‎06-03-2010

hi,

Which interface I shoula pply the route map?

In my setup, port 17 is the one connecting the two routers A and B. So, I tried applying this in the inerface fastEthernet 0/17.

But I get this error.

Switch3560(config-if)#ip policy route-map net_access
^
% Invalid input detected at '^' marker.

Below is my route map and the ACL.

access-list 1 permit 192.168.26.64 0.0.0.255
route-map net_access permit 10
match ip address 1
set ip default next-hop 192.168.50.3

I want traffic from the host 192.168.26.64 to go through router 192.168.50.3.

Thanks,

Ribin

Hitesh Vinzoda · ‎06-03-2010

Hi,

The default gateway for the host seems to be interface vlan's so apply the policy on vlan interfaces...

e.g.

Int vlan 10

ip policy route-map net_access

HTH

Hitesh Vinzoda

Please rate useful posts

ribin.jones · ‎06-03-2010

i am not able to apply the route-map in the vlan interface. Seems there is no such command under vlan. Below are my options coming up under vlan.

Switch3560(config)#interface vlan 50

Switch3560(config-if)#ip ?
Interface IP configuration subcommands:
access-group        Specify access control for packets
accounting          Enable IP accounting on this interface
address             Set the IP address of an interface
admission           Apply Network Admission Control
authentication      authentication subcommands
bandwidth-percent   Set EIGRP bandwidth limit
broadcast-address   Set the broadcast address of an interface
cef                 Cisco Express Forwarding interface commands
dhcp                Configure DHCP parameters for this interface
directed-broadcast Enable forwarding of directed broadcasts
hello-interval      Configures IP-EIGRP hello interval
helper-address      Specify a destination address for UDP broadcasts
hold-time           Configures IP-EIGRP hold time
information-reply   Enable sending ICMP Information Reply messages
irdp                ICMP Router Discovery Protocol
load-sharing        Style of load sharing
local-proxy-arp     Enable local-proxy ARP
mask-reply          Enable sending ICMP Mask Reply messages
next-hop-self       Configures IP-EIGRP next-hop-self
probe               Enable HP Probe support
proxy-arp           Enable proxy ARP
rarp-server         Enable RARP server for static arp entries
redirects           Enable sending ICMP Redirect messages
rip                 Router Information Protocol
route-cache         Enable fast-switching cache for outgoing packets
security            DDN IP Security Option
split-horizon       Perform split horizon
summary-address     Perform address summarization
unnumbered          Enable IP processing without an explicit address
unreachables        Enable sending ICMP Unreachable messages
vrf                 VPN Routing/Forwarding parameters on the interface

Switch3560(config-if)#ip po
Switch3560(config-if)#ip policy route-map net_access
^
% Invalid input detected at '^' marker.