08-05-2010 04:33 AM - edited 03-04-2019 09:19 AM
I am trying to set default next-hop route on vlan10 and vlan20 interfaces because I wanna split up traffic on c3550 to reach two different ISPs. Somehow the route-map could not be applied on vlan interface. If I set just next-hop command then it works but default next-hop doesn't. PLEASE HELP!
08-05-2010 04:41 AM
ljube0131 wrote:
I am trying to set default next-hop route on vlan10 and vlan20 interfaces because I wanna split up traffic on c3550 to reach two different ISPs. Somehow the route-map could not be applied on vlan interface. If I set just next-hop command then it works but default next-hop doesn't. PLEASE HELP!
I can't find the 3550 configuration docs but from the 3560 configuration doc it states that using the "ip default next-hop" within a route-map is not supported -
this also applies to the 3550 switch.
Jon
08-05-2010 05:49 AM
Hello,
In order for you to configure PBR on 3550, you need to have a minimum of IPServices image and your SDM template should be set to routing. You can verify the current SDM template using "show sdm prefer" command.
Switch#show sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
Once you verify the SDM template, if it is not set to routing, please set it to routing by issuing the command "sdm prefer routing"
Switch(config)#sdm prefer ?
access Access bias
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
routing Unicast bias
vlan VLAN bias
Then, you will be able to apply the route-map to the interface.You need to use "set ip next-hop" command under the route-map.
Hope this helps.
Regards,
NT
08-06-2010 12:23 AM
08-06-2010 01:54 AM
What is your question ? The default next-hop etc. commands are not supported with the 3550 no matter what IOS you run, see my previous post.
Are you now asking something else ?
Jon
08-08-2010 10:24 PM
My question is wether "default next-hop" is supported by c3550 because I see it as only way to split up traffic to two ISPs. Is there any other way to do that on C3550
08-08-2010 10:47 PM
Hello,
"default next-hop" command is not supported on DSBU switches. You can use "set ip next-hop" command instead.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_se/configuration/guide/swiprout.html#wp1260543
Here is an explanation of both commands in question:
https://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
If you want to send the traffic via routing table and send it via a specific path if the route does not exist, then you might have to do route tracking. Otherwise, if you are just looking to route specific traffic type through a specific path, then you need to use "set ip next-hop" configuration.
Hope this helps.
Regards,
NT
08-08-2010 10:48 PM
If you can match the traffic based on an access list, you can try the following -
Define ACL 1 for traffic to ISP 1
access-list 1 permit < ip >
Define ACL 2 for traffic to ISP 2
access-list 2 permit < ip >
route-map test permit 10
match ip address 1
set ip next-hop
!
route-map test permit 20
match ip address 2
set ip next-hop
Apply the route map to the appropriate interface
08-09-2010 05:36 AM
I can't use "set next-hope" because it will take my all vlan traffic over the firewalls out and my vlans on c3550 will not be able to connect other parts of my local networks that are connected to c3550 over router 2610.
ISP1______c3500(VLANs10,20)
ISP2______/ |_2610----LANs
08-09-2010 06:30 AM
ljube0131 wrote:
I can't use "set next-hope" because it will take my all vlan traffic over the firewalls out and my vlans on c3550 will not be able to connect other parts of my local networks that are connected to c3550 over router 2610.
ISP1______c3500(VLANs10,20)
ISP2______/ |_2610----LANs
I hestiated to reply to this post because you clearly didn't read my original answer ie. even after being told default next-hop is not supported you still were asking whether it was supported or not.
However this is a forum where we try to help so.
You can use set ip next-hop, you simply need to use deny statements in your access-list for that traffic you don't want PBR'd eg.
on your 3550 you have -
vlan 10 = 192.168.5.0/24
vlan 11 = 192.168.6.0/24
let says you have 2 other networks off the the 2610-
192.168.7.0/24
192.168.8.0/24
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.255
access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.255
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.8.0 0.0.255
access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.8.0 0.0.255
access-list permit ip any any
route-map PBR permit 10
match ip address 101
set ip next-hop
the deny entries in your acl will not be policy routed ie. they will use the routing table, any other traffic will be policy routed.
Jon
08-09-2010 06:31 AM
Hello,
You can use extended access-lists and specify the exact matches. For
example, if the subnets behind 2620 are 10.x.x.x, you can do the following:
access-list 101 permit ip 192.168.10.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
route-map VL10 10
match ip address 101
set ip next-hop <2600's IP>
route-map VL10 20
match ip address 102
set ip next-hop
While you could also use deny statements in the access-lists, using deny
statements will send the traffic to CPU and could affect your performance.
Hope this helps.
Regards,
NT
08-09-2010 06:47 AM
NT makes a good point and one i forgot about. If you mix deny statement and permit statements in the same acl the packets are software switched so it would be better to use the example provided by him.
Jon
08-09-2010 07:04 AM
I hestiated to reply to this post because you clearly didn't read my original answer ie. even after being told default next-hop is not supported you still were asking whether it was supported or not.
However this is a forum where we try to help so.
Apologies. First post of the day and think you got some of my bad mood that i started today with. No offense intended, hopefully NT's solution works for you.
Jon
08-10-2010 04:45 AM
NT, this works! Thank you a lot!
No problem JM I really appreciate you assistance.
I am new in this and I was little-bit
confused because my c3550 route-map accept my
default next-hop command but I can't apply it on interface.
Thank you, once more!
08-10-2010 04:45 AM
NT, this works! Thank you a lot!
No problem JM I really appreciate you assistance.
I am new in this and I was little-bit
confused because my c3550 route-map accept my
default next-hop command but I can't apply it on interface.
Thank you, once more!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: