cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2919
Views
0
Helpful
7
Replies

Can't apply policy route-map on C3750 stack vlan interface

firestormnet
Level 1
Level 1

Hi All.

I've come up with this problem and i could see some people have had the same issue. I've tried to overlook and check other replies but it didn't help me. So I'm hoping someone could spot the problem. Here are the details:

2 x WS-C3750G-24T-E in stack

Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)

switch#sh sdm prefe

The current template is "desktop IPv4 and IPv6 routing" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  1.5K

  number of IPv4 IGMP groups + multicast routes:    1K

  number of IPv4 unicast routes:                    2.75K

    number of directly-connected IPv4 hosts:        1.5K

    number of indirect IPv4 routes:                 1.25K

  number of IPv6 multicast groups:                  1.125k

  number of directly-connected IPv6 addresses:      1.5K

  number of indirect IPv6 unicast routes:           1.25K

  number of IPv4 policy based routing aces:         0.25K

  number of IPv4/MAC qos aces:                      0.5K

  number of IPv4/MAC security aces:                 0.5K

  number of IPv6 policy based routing aces:         0.25K

  number of IPv6 qos aces:                          0.5K

  number of IPv6 security aces:                     0.5K

There are 2 ISPs, G1/0/1 and G2/0/1. After creating a route-map i can apply a policy route-map to Vlan5 and it accepts without any errors. But when you do sh run vlan5 the command is not there, it's not applied.

Any help will be appretiated.

Thanks.

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Can you post the PBR config as it appears in your config ?

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Sorry, also can you post the vlan 5 SVI configuration as well.

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Might be a while before i logon again so -

1) if you have VRF or WCCP applied to vlan 5s SVI you cannot also use PBR

2) only IPv4 traffic can be policy routed even though you have the dual template

3) if you have deny statement in your route map then the policy will not be applied to the interface.

Jon

Hi Jon.

Thanks for your reply. I didn't put those configs as they're basic without use of VRF and WCCP. Also i've checked or tried to find the list of unsupported commands and didn't see them in that list. See config below with some extras:

!

track 11 rtr 1 reachability

!

track 22 rtr 2 reachability

!

ip routing

no ip dhcp use vrf connected

!

interface GigabitEthernet1/0/1

description ISP1

no switchport

ip address 9.9.9.2 255.255.255.252

no ip proxy-arp

no ip mroute-cache

speed 100

duplex full

ipv6 address 2B01:4B8:0:3::2/64

ipv6 ospf 1 area 0

no mdix auto

no cdp enable

!

!

interface GigabitEthernet2/0/1

description ISP2

no switchport

ip address 9.9.9.5 255.255.255.252

ip ospf cost 10000

speed 1000

duplex full

ipv6 address 2B01:4B8:0:7::2/64

ipv6 enable

ipv6 ospf cost 10000

ipv6 ospf 1 area 0

!

interface Vlan5

description Company Ext Subnet

ip address 9.9.8.1 255.255.255.128

no ip proxy-arp

no ip mroute-cache

ipv6 address 2B01:4B8:1:22::1/64

ipv6 ospf 1 area 15

!

access-list 111 permit tcp any any eq www

!

route-map pbr1 permit 10

match ip address 111

set interface GigabitEthernet2/0/1 GigabitEthernet1/0/1

!

route-map pbr1 permit 20

set interface GigabitEthernet1/0/1 GigabitEthernet2/0/1

!

route-map pbr2 permit 10

match ip address 111

set ip next-hop verify-availability 9.9.9.6 1 track 11

set ip next-hop 9.9.9.1

!

route-map pbr2 permit 20

set ip next-hop verify-availability 9.9.9.1 1 track 22

set ip next-hop 9.9.9.6

!

I've tried to apply both policies pbr1 and pbr2, it allowed to do that without errors but at the end it wasn't there.

Cheers,

Couple of things -

1) from the config guide for your IOS -

Policy-based routing based on packet length, TOS, set interface, set default next hop, or set default interface are not supported. Policy maps with no valid set actions or with set action set to Don't Fragment are not supported.

So pbr1 isn't going to work

2) i'm not sure whether verify-availablity is supported.

so some things to try -

1)  try using pbr2 but without the "verify-availability" and see if it shows in the running config

2) if 1) still doesn't work then try creating a dummy vlan and SVI with no ipv6 addressing and try applying pbr2 to it

Jon

Thanks guys.

Ashish, two requirements are already in place. Looks like unsupported commands.

 

Jon, that switch is in a company's live working enviroment, so i don't want to mess around too much in case something happened or need to restart it.

I saw that some commands are not supported, but "set ip next-hop" and "verify-availability" are not on that list. I'll try your suggestions probably after working hours.

Also, is there a point to upgrade IOS to the latest, i think its' 12.2(55). Will it include all commands, do you knoiw?

Cheers,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: