Unable to apply Ip-Policy Route-map to Vlan 4 in C-3750

Answered Question
Apr 23rd, 2012

Hi all,

Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , please check the below configuration and help me on this.

In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .

sh boot

coreswitch#sh boot

BOOT path-list      : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin

Config file         : flash:/config.text

Private Config file : flash:/private-config.text

Enable Break        : no

Manual Boot         : no

HELPER path-list    :

Auto upgrade        : yes

Auto upgrade path   :

----------------------------------------------------------------------------------------------

coreswitch#sh ver

coreswitch#sh version

Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 19-Jul-07 19:15 by nachen

Image text-base: 0x00003000, data-base: 0x01280000

ROM: Bootstrap program is C3750 boot loader

BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

coreswitch uptime is 12 hours, 27 minutes

System returned to ROM by power-on

System image file is "flash:/c3750-ipservices-mz.122-35.SE5"

cisco WS-C3750G-24T (PowerPC405) processor (revision M0) with 118784K/12280K bytes of memory.

Processor board ID FDO1203Y78G

Last reset from power-on

3 Virtual Ethernet interfaces

24 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address       : 00:1F:6D:28:1F:80

Motherboard assembly number     : 73-9679-10

Power supply part number        : 341-0048-03

Motherboard serial number       : FDO12020PXJ

Power supply serial number      : LIT114602GH

Model revision number           : M0

Motherboard revision number     : C0

Model number                    : WS-C3750G-24T-S

System serial number            : FDO1203Y78G

Top Assembly Part Number        : 800-25855-01

Top Assembly Revision Number    : G0

Version ID                      : V05

CLEI Code Number                : COMR100BRA

Hardware Board Revision Number  : 0x02

Switch   Ports  Model              SW Version              SW Image           

------   -----  -----              ----------              ----------         

*    1   24     WS-C3750G-24T      12.2(35)SE5             C3750-IPSERVICES-M 

Configuration register is 0xF

-----------------------------------------------------------------------------------------------

coreswitch#sh run

coreswitch#sh running-config

Building configuration...

Current configuration : 2599 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname coreswitch

!

enable password precicore

!

username admin password 0 admincore123

no aaa new-model

clock timezone UTC 5 30

switch 1 provision ws-c3750g-24t

system mtu routing 1500

ip subnet-zero

ip routing

ip name-server 125.62.193.121

ip name-server 123.108.200.163

ip name-server 121.242.190.210

ip name-server 121.242.190.181

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface GigabitEthernet1/0/1

switchport access vlan 2

!

interface GigabitEthernet1/0/2

switchport access vlan 4

!

interface GigabitEthernet1/0/3

switchport access vlan 2

!

interface GigabitEthernet1/0/4

switchport access vlan 2

!

interface GigabitEthernet1/0/5

switchport access vlan 2

!

interface GigabitEthernet1/0/6

switchport access vlan 2

!

interface GigabitEthernet1/0/7

switchport access vlan 2

!

interface GigabitEthernet1/0/8

switchport access vlan 2

!

interface GigabitEthernet1/0/9

switchport access vlan 2

!

interface GigabitEthernet1/0/10

switchport access vlan 2

!

interface GigabitEthernet1/0/11

switchport access vlan 2

!

interface GigabitEthernet1/0/12

switchport access vlan 2

!

interface GigabitEthernet1/0/13

switchport access vlan 2

!

interface GigabitEthernet1/0/14

switchport access vlan 2

!

interface GigabitEthernet1/0/15

switchport access vlan 2

!

interface GigabitEthernet1/0/16

switchport access vlan 2

!

interface GigabitEthernet1/0/17

switchport access vlan 2

!

interface GigabitEthernet1/0/18

switchport access vlan 2

!

interface GigabitEthernet1/0/19

switchport access vlan 2

!

interface GigabitEthernet1/0/20

switchport access vlan 2

!

interface GigabitEthernet1/0/21

switchport access vlan 4

!

interface GigabitEthernet1/0/22

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/23

switchport access vlan 2

!

interface GigabitEthernet1/0/24

switchport access vlan 2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

!

interface Vlan4

description TTSL

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.1.5

!

ip classless

no ip route static inter-vrf

ip route 0.0.0.0 0.0.0.0 192.168.1.2

ip http server

!

!

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

route-map TTSL permit 20

match ip address 102

set ip default next-hop 192.168.2.3

!

!

control-plane

!

!

line con 0

line vty 0 4

password admin123

login

length 0

line vty 5 15

login

!

end

coreswitch#

I have this problem too.
0 votes
Correct Answer by mukremin13 about 1 year 11 months ago

if 192.168.1.5 is dc. The packet which are starting from 192.168.2.x subnet never reach there.

Because of this acl "access-list 102 permit ip 192.168.2.0 0.0.0.255 any" whole packets forwarded to 192.168.2.3

You must define destination network instead of using "any".

Correct Answer by mukremin13 about 1 year 11 months ago

i have similar problem with 3560. My problem is "set ip next-hop verify availability" is in the unsupported command list. So this happened. May be "set ip default next-hop" is in the unsupported list of 3750. Try to use set ip next-hop instead of this. and check 3750 configuration guide for unsupported command.

mukremin

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
Correct Answer
mukremin13 Mon, 04/23/2012 - 22:40

i have similar problem with 3560. My problem is "set ip next-hop verify availability" is in the unsupported command list. So this happened. May be "set ip default next-hop" is in the unsupported list of 3750. Try to use set ip next-hop instead of this. and check 3750 configuration guide for unsupported command.

mukremin

hari.mukkamala Mon, 04/23/2012 - 22:49

Thanks Mukremin ,

I works for me , the PBR was succeed .

Appriciate your help

Thanks

Hari

hari.mukkamala Mon, 04/23/2012 - 22:55

Hi Mukremin,

this works , but here we have one more issue , i am unable to ping the Switch Gateway from any 192.168.2.x subnet , it is directly redirecting to my 192.68.2.x firewall , in this case the dhcp will not assign to any 2.x pool.

please advise

Hari

hari.mukkamala Mon, 04/23/2012 - 23:10

Hello ,

192.168.2.3 is my Firwall which has connected to Vlan 4 ( Gateway i am using for 2.x Subntes is Vlan4 - 192.168.2.1)

192.168.1.2 is my another Firewall which has connected to my Vlan 2 ( Gateway i am using for 1.x subnets Vlan2 - 192.168.1.1)

192.168.1.5 is my DHCP server which i want to use for both the subnets to serve the DHCP ips. 192.168.1.x and 2.x

Thanks

Hari

Correct Answer
mukremin13 Mon, 04/23/2012 - 23:11

if 192.168.1.5 is dc. The packet which are starting from 192.168.2.x subnet never reach there.

Because of this acl "access-list 102 permit ip 192.168.2.0 0.0.0.255 any" whole packets forwarded to 192.168.2.3

You must define destination network instead of using "any".

hari.mukkamala Mon, 04/23/2012 - 23:38

Here i am confusing , if i give the destination address 192.168.1.5 i am not able to ping the DC ,can you please send me the config how it looks like.

Thanks

Hari

hari.mukkamala Tue, 04/24/2012 - 00:04

Thanks i have given the below access list and it works for me .

"access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.3 255.255.255.0"

Thanks a Ton for your help

Hari

Actions

Login or Register to take actions

This Discussion

Posted April 23, 2012 at 10:33 PM
Stats:
Replies:9 Avg. Rating:5
Views:969 Votes:0
Shares:0
Tags: No tags.
Categories: Switches
+

Discussions Leaderboard

Rank Username Points
1 14,997
2 8,150
3 7,720
4 7,078
5 6,713
Rank Username Points
180
80
59
57
55