Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSM with PBR and 2 client VLANs

Hi all,

I have a query on whether the following is possible or not, and how we should approach this.

What we currently have is CSM client VLAN 100, with PBR setting the next-hop of matching back-end reply traffic to, eg:

vlan 100 client

ip address alt



And have "set ip policy next-hop" in a route-map for the back-end VLAN interface (say VLAN 150).

This works fine.

What we have been trying to do is:

vlan 100 client

ip address alt




vlan 101 client

ip address alt



And have back-end traffic on VLAN 150 go to (using PBR) and have VLAN 151 reply traffic go to (using PBR as well).

We have found that the CSM doesn't deal with traffic from VLAN 151 (next-hop, however setting the next-hop to works for both 150 and 151 (and any vservers configured on VLAN 100 and 101 work properly too).

Also, all of the CSM probes seem to come from the first client VLAN that was configured.

It seems that the CSM will only "talk" to the MSFC via one VLAN (VLAN 100 - which was configured first).

Is this how it should work, and is it reasonable to leave it this way (ie. use two client VLANs and send all PBR-matched traffic to the first)?

Apologies if this is unclear or confusing. :)



Re: CSM with PBR and 2 client VLANs

The purpose of setting PBR is to make sure that the return traffic from different Server VLANs should not bypass CSM. The return traffic from Real Servers hits the MSFC and instead of routing it to the clinets, MSFC forwards the traffic to the CSM. You dont need to define two different CSMs IP addresses to achieve that.

You just need one set ip next hop statement with any number of client vlans.


Syed Iftekhar Ahmed

Cisco Employee

Re: CSM with PBR and 2 client VLANs

the CSM only uses 1 gateway [even if more are configured].

This is the first one configured or the first one that comes alive [mac resolved].

Since the servers are not directly connected to the CSM, all traffic to be sent to those servers will go through the active gateway. In this case gateway in vlan 100.

Since traffic is sent out through vlan 100, the CSM expects the response to come back through vlan 100. If you set PBR to have the response sent over vlan 101, the CSM will drop it.

You should probably not configure a 2nd gateway and have all your servers traffic go back through vlan 100.

[in case of a reload, the active gateway may change and you would have to reconfigure PBR, this is why it is not interesting to have a 2nd gateway in your case].


CreatePlease to create content