Catalyst 3750 - problem with ip policy

Answered Question
Sep 28th, 2010
User Badges:

Hi,


I have two Catalyst 3750 in stack configuration. They have c3750-ipservicesk9-mz.122-55.SE.bin IOS.

I have ip policy configured on interface vlan, but I can not see this ip policy route-map command in show running!!!!

When I enter sh ip policy, also I don't see this policy for that vlan.

With sh class-map I see that traffic is routed by that policy based routing and with sh ip access-lists I see matches.

So, it seems that everything works fine, but I don't see PBR configuration in my show running!!!


Anyone have same problem?

Is this some bug?


Regards,


Vlaho

Correct Answer by schooram about 6 years 9 months ago

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

You'll need IP Services to do PBR and a routing SDM template:


1) By 'show sdm prefer' command - you will see that there is no memory allocation for pbr instances.


2) Configure 'sdm prefer routing'


3) save and reload the switch for these changes to take effect.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
csawest.dc Tue, 09/28/2010 - 22:30
User Badges:

Hi There,


I think you need to apply ip policy route-map abc on fas or gi ingterface.


if possible to provide me PBR configuration



Cheers!!!

vjemin Wed, 09/29/2010 - 00:54
User Badges:

Hi,


here is an the output from my console.

First here is sh run and there is current configuration.

ip policy route-map DisasterRecovery is not shown in configuration and in sh ip policy command.

It is not possible to put ip policy command on gi interfaces!

At the end, I configured again ip policy command on interface vlan, it is permitted, but cann't see on configuration.


Consola output:


3750#sh run


!

interface Vlan64

description SERVERI

ip address 10.A.64.1 255.255.255.0       <----- NO ip policy command


!


!


ip local policy route-map DisasterRecovery


!


!


ip access-list extended DisasterRecovery


permit ip 10.A.64.0 0.0.0.255 10.B.64.0 0.0.0.255


permit ip 10.A.65.0 0.0.0.255 10.B.65.0 0.0.0.255


!


route-map DisasterRecovery permit 10


match ip address DisasterRecovery


set ip next-hop 10.A.60.36


!


route-map DisasterRecovery permit 20


!


!


!


end


3750#sh ip policy
Interface      Route map
local          DisasterRecovery                      <----- NO ip DisasterRecovery policy
3750#sh ip access-lists
Extended IP access list DisasterRecovery
    10 permit ip 10.A.64.0 0.0.0.255 10.B.64.0 0.0.0.255 (15 matches)
    20 permit ip 10.A.65.0 0.0.0.255 10.B.65.0 0.0.0.255 (10 matches)  
3750#sh route-map DisasterRecovery
route-map DisasterRecovery, permit, sequence 10
  Match clauses:
    ip address (access-lists): DisasterRecovery
  Set clauses:
    ip next-hop 10.A.60.36
  Policy routing matches: 25 packets, 2710 bytes     <----- policy works
route-map DisasterRecovery, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 191001 packets, 282764144 bytes
3750#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
3750(config)#interf gi 1/0/15         
3750(config-if)#ip ?
Interface IP configuration subcommands:
  access-group  Specify access control for packets
  admission     Apply Network Admission Control
  arp           Configure ARP features
  auth-proxy    Apply authenticaton proxy
  device        IP device tracking
  dhcp          Configure DHCP parameters for this interface
  igmp          IGMP interface commands
  verify        verify
  vrf           VPN Routing/Forwarding parameters on the interface


3750(config-if)#interf vlan 64
3750(config-if)#ip policy route-map DisasterRecovery            <----- policy configured on vlan interface
3750(config-if)#end
3750#sh run interf vlan 64
Building configuration...


Current configuration : 82 bytes
!
interface Vlan64
description SERVERI
ip address 10.A.64.1 255.255.255.0          <----- NO ip policy command
end


3750#

vjemin Wed, 09/29/2010 - 05:06
User Badges:

Hi,


Packets that are generated by the router are not normally policy routed. With command ip local policy route-map they are routed and I put this command to test PBR configuration from router.

When I don't have this command PBR doesn't work for packets originated from router.


Regards,

Vlaho

Correct Answer
schooram Thu, 09/30/2010 - 04:37
User Badges:
  • Cisco Employee,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

You'll need IP Services to do PBR and a routing SDM template:


1) By 'show sdm prefer' command - you will see that there is no memory allocation for pbr instances.


2) Configure 'sdm prefer routing'


3) save and reload the switch for these changes to take effect.

Actions

This Discussion