05-23-2007 03:16 AM - edited 03-05-2019 04:14 PM
HI,
I am trying to get a 3750 with enhanced layer 3 software (12.2(35)se) to do some policy based routing from a VRF recieve interface into a VRF instance. The switch is running VRF lite.
The config looks fine but i'm having trouble with the route map, specifically the 'Set VRF <name>' option.
basically, i am trying to route from vlan 700 (global routing table) into VRF UNI. At the same time, keeping the whole thing as secure from each other as possible.
The Route Map looks like this...
route-map uni-radius, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
vrf UNI
When I use this to interface vlan 700, the switch will not apply the route map and gives the following error...
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map uni-radius not supported f
or Policy-Based Routing
Is the 'set vrf' command supported on the 3750 ? It does not appear on the 'unsupported commands' document for this release.
Second, can i use the 'set ip next-hop x.x.x.x and set ip next-hop in vrf <vrf name> command in place of the 'set vrf' command to achieve the same thing.
The switch will apply this 'set ip-next hop' route map to the interface ok and i can see hits on the policy, but the routing will not work. Looking at the debug output, it seems as if it is still trying to route from within the global routing table.
Again, I cant seem to find any info on cisco.com about this command or its useage guidelines, so im not sure i am using it correctly. I am using...
set ip next-hop x.x.x.x
set ip next-hop in-vrf <name>
Can anyone shed any light on where i might be going wrong on this ?
Here are the relevent bits of config...
ip vrf UNI
rd 1:20
route-target export 1:20
route-target import 1:20
interface Loopback1
ip vrf forwarding UNI
ip address 10.6.63.253 255.255.255.255
!
interface FastEthernet1/0/1
no switchport
ip vrf forwarding EDIT
ip address 10.6.46.1 255.255.255.252
interface Vlan20
ip vrf forwarding UNI
ip address 2.2.2.1 255.255.255.248 secondary
ip address 10.50.1.1 255.255.255.0
!
interface Vlan700
ip vrf receive UNI
ip address 10.6.32.2 255.255.255.0
no ip proxy-arp
router rip
version 2
no auto-summary
!
address-family ipv4 vrf UNI
redistribute bgp 1
network 2.0.0.0
network 10.0.0.0
no auto-summary
version 2
exit-address-family
router bgp 1
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf UNI
redistribute rip
neighbor 10.6.46.6 remote-as 2
neighbor 10.6.46.6 activate
no synchronization
network 10.6.63.251 mask 255.255.255.255
exit-address-family
access-list 101 permit ip host 10.6.32.12 host 172.18.3.40
route-map uni-radius permit 10
match ip address 101
set vrf UNI
Cheers
Shaun
05-23-2007 04:21 AM
Hi,
Try: ip vrf select source,
under interface Vlan700.
Keep in mind that vrf receive only
adds Interface Address into VRF Table.
I'm not sure of the effect using only vrf receive. I quess that routing still will be global for Vlan700.
HTH
Regards,
Bjornarsb
05-23-2007 04:29 AM
HI, thanks for the quick reply.
I tried that first and although it lets me put the command on the interface, the switch will not take the selection global command.
If i enter...
vrf selection criteria source
i get
% VRF Select: failed to add config
so I guess vrf source selection is not supported.
:-(
Cheers
Shaun
05-23-2007 04:38 AM
try :
(config-if)#ip vrf select source ?
(config-if)#
Without specifying source ip and mask.
And please issue a:
sh sdm prefer
sh sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of igmp groups + multicast routes: 1K
number of unicast routes: 8K
number of directly connected hosts: 6K
number of indirect routes: 2K
number of policy based routing aces: 0
number of qos aces: 512
number of security aces: 1K
05-23-2007 06:17 AM
Hi,
here is the sdm output..
VRFaware-Wireles-SWt#sh s
1d00h: %SYS-5-CONFIG_I: Configured from console by consoledm prefe
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
the interface will take the 'ip vrf select source' command without any other arguments but it has no effect. I believe it also needs the global 'ip vrf selection criteria' command to define the source addresses to act upon. Its the global command which the switch kicks out.
Cheers
Shaun
05-23-2007 11:40 PM
Hi again,
ok, then you might go for an isr ?
BR,
Bjornarsb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide