cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2316
Views
0
Helpful
9
Replies

Unable to apply Ip-Policy Route-map to Vlan 4 in C-3750

Hari Kumar Raja
Level 1
Level 1

Hi all,

Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , please check the below configuration and help me on this.

In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .

sh boot

coreswitch#sh boot

BOOT path-list      : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin

Config file         : flash:/config.text

Private Config file : flash:/private-config.text

Enable Break        : no

Manual Boot         : no

HELPER path-list    :

Auto upgrade        : yes

Auto upgrade path   :

----------------------------------------------------------------------------------------------

coreswitch#sh ver

coreswitch#sh version

Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 19-Jul-07 19:15 by nachen

Image text-base: 0x00003000, data-base: 0x01280000

ROM: Bootstrap program is C3750 boot loader

BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

coreswitch uptime is 12 hours, 27 minutes

System returned to ROM by power-on

System image file is "flash:/c3750-ipservices-mz.122-35.SE5"

cisco WS-C3750G-24T (PowerPC405) processor (revision M0) with 118784K/12280K bytes of memory.

Processor board ID FDO1203Y78G

Last reset from power-on

3 Virtual Ethernet interfaces

24 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address       : 00:1F:6D:28:1F:80

Motherboard assembly number     : 73-9679-10

Power supply part number        : 341-0048-03

Motherboard serial number       : FDO12020PXJ

Power supply serial number      : LIT114602GH

Model revision number           : M0

Motherboard revision number     : C0

Model number                    : WS-C3750G-24T-S

System serial number            : FDO1203Y78G

Top Assembly Part Number        : 800-25855-01

Top Assembly Revision Number    : G0

Version ID                      : V05

CLEI Code Number                : COMR100BRA

Hardware Board Revision Number  : 0x02

Switch   Ports  Model              SW Version              SW Image           

------   -----  -----              ----------              ----------         

*    1   24     WS-C3750G-24T      12.2(35)SE5             C3750-IPSERVICES-M 

Configuration register is 0xF

-----------------------------------------------------------------------------------------------

coreswitch#sh run

coreswitch#sh running-config

Building configuration...

Current configuration : 2599 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname coreswitch

!

enable password precicore

!

username admin password 0 admincore123

no aaa new-model

clock timezone UTC 5 30

switch 1 provision ws-c3750g-24t

system mtu routing 1500

ip subnet-zero

ip routing

ip name-server 125.62.193.121

ip name-server 123.108.200.163

ip name-server 121.242.190.210

ip name-server 121.242.190.181

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface GigabitEthernet1/0/1

switchport access vlan 2

!

interface GigabitEthernet1/0/2

switchport access vlan 4

!

interface GigabitEthernet1/0/3

switchport access vlan 2

!

interface GigabitEthernet1/0/4

switchport access vlan 2

!

interface GigabitEthernet1/0/5

switchport access vlan 2

!

interface GigabitEthernet1/0/6

switchport access vlan 2

!

interface GigabitEthernet1/0/7

switchport access vlan 2

!

interface GigabitEthernet1/0/8

switchport access vlan 2

!

interface GigabitEthernet1/0/9

switchport access vlan 2

!

interface GigabitEthernet1/0/10

switchport access vlan 2

!

interface GigabitEthernet1/0/11

switchport access vlan 2

!

interface GigabitEthernet1/0/12

switchport access vlan 2

!

interface GigabitEthernet1/0/13

switchport access vlan 2

!

interface GigabitEthernet1/0/14

switchport access vlan 2

!

interface GigabitEthernet1/0/15

switchport access vlan 2

!

interface GigabitEthernet1/0/16

switchport access vlan 2

!

interface GigabitEthernet1/0/17

switchport access vlan 2

!

interface GigabitEthernet1/0/18

switchport access vlan 2

!

interface GigabitEthernet1/0/19

switchport access vlan 2

!

interface GigabitEthernet1/0/20

switchport access vlan 2

!

interface GigabitEthernet1/0/21

switchport access vlan 4

!

interface GigabitEthernet1/0/22

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet1/0/23

switchport access vlan 2

!

interface GigabitEthernet1/0/24

switchport access vlan 2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

!

interface Vlan4

description TTSL

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.1.5

!

ip classless

no ip route static inter-vrf

ip route 0.0.0.0 0.0.0.0 192.168.1.2

ip http server

!

!

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

route-map TTSL permit 20

match ip address 102

set ip default next-hop 192.168.2.3

!

!

control-plane

!

!

line con 0

line vty 0 4

password admin123

login

length 0

line vty 5 15

login

!

end

coreswitch#

2 Accepted Solutions

Accepted Solutions

mukremin13
Level 1
Level 1

i have similar problem with 3560. My problem is "set ip next-hop verify availability" is in the unsupported command list. So this happened. May be "set ip default next-hop" is in the unsupported list of 3750. Try to use set ip next-hop instead of this. and check 3750 configuration guide for unsupported command.

mukremin

View solution in original post

if 192.168.1.5 is dc. The packet which are starting from 192.168.2.x subnet never reach there.

Because of this acl "access-list 102 permit ip 192.168.2.0 0.0.0.255 any" whole packets forwarded to 192.168.2.3

You must define destination network instead of using "any".

View solution in original post

9 Replies 9

mukremin13
Level 1
Level 1

i have similar problem with 3560. My problem is "set ip next-hop verify availability" is in the unsupported command list. So this happened. May be "set ip default next-hop" is in the unsupported list of 3750. Try to use set ip next-hop instead of this. and check 3750 configuration guide for unsupported command.

mukremin

Thanks Mukremin ,

I works for me , the PBR was succeed .

Appriciate your help

Thanks

Hari

Hi Mukremin,

this works , but here we have one more issue , i am unable to ping the Switch Gateway from any 192.168.2.x subnet , it is directly redirecting to my 192.68.2.x firewall , in this case the dhcp will not assign to any 2.x pool.

please advise

Hari

who is 192.168.2.3 and 192.168.1.2 and 192.168.1.5

Hello ,

192.168.2.3 is my Firwall which has connected to Vlan 4 ( Gateway i am using for 2.x Subntes is Vlan4 - 192.168.2.1)

192.168.1.2 is my another Firewall which has connected to my Vlan 2 ( Gateway i am using for 1.x subnets Vlan2 - 192.168.1.1)

192.168.1.5 is my DHCP server which i want to use for both the subnets to serve the DHCP ips. 192.168.1.x and 2.x

Thanks

Hari

if 192.168.1.5 is dc. The packet which are starting from 192.168.2.x subnet never reach there.

Because of this acl "access-list 102 permit ip 192.168.2.0 0.0.0.255 any" whole packets forwarded to 192.168.2.3

You must define destination network instead of using "any".

Here i am confusing , if i give the destination address 192.168.1.5 i am not able to ping the DC ,can you please send me the config how it looks like.

Thanks

Hari

Thanks i have given the below access list and it works for me .

"access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.3 255.255.255.0"

Thanks a Ton for your help

Hari

not important, good luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: