Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4152
Views
0
Helpful
6
Replies

Catalyst 3750 - problem with ip policy

Go to solution
vjemin
Level 1
Level 1

‎09-28-2010 02:15 PM - edited ‎03-06-2019 01:13 PM

Hi,

I have two Catalyst 3750 in stack configuration. They have c3750-ipservicesk9-mz.122-55.SE.bin IOS.

I have ip policy configured on interface vlan, but I can not see this ip policy route-map command in show running!!!!

When I enter sh ip policy, also I don't see this policy for that vlan.

With sh class-map I see that traffic is routed by that policy based routing and with sh ip access-lists I see matches.

So, it seems that everything works fine, but I don't see PBR configuration in my show running!!!

Anyone have same problem?

Is this some bug?

Regards,

Vlaho

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
schooram
Level 1
Level 1

‎09-30-2010 04:37 AM

You'll need IP Services to do PBR and a routing SDM template:

1) By 'show sdm prefer' command - you will see that there is no memory allocation for pbr instances.

2) Configure 'sdm prefer routing'

3) save and reload the switch for these changes to take effect.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
csawest.dc
Level 3
Level 3

‎09-28-2010 10:30 PM

Hi There,

I think you need to apply ip policy route-map abc on fas or gi ingterface.

if possible to provide me PBR configuration

Cheers!!!

0 Helpful

Go to solution
vjemin
Level 1
Level 1
In response to csawest.dc

‎09-29-2010 12:54 AM

Hi,

here is an the output from my console.

First here is sh run and there is current configuration.

ip policy route-map DisasterRecovery is not shown in configuration and in sh ip policy command.

It is not possible to put ip policy command on gi interfaces!

At the end, I configured again ip policy command on interface vlan, it is permitted, but cann't see on configuration.

Consola output:

3750#sh run

!

interface Vlan64

description SERVERI

ip address 10.A.64.1 255.255.255.0       <----- NO ip policy command

!

!

ip local policy route-map DisasterRecovery

!

!

ip access-list extended DisasterRecovery

permit ip 10.A.64.0 0.0.0.255 10.B.64.0 0.0.0.255

permit ip 10.A.65.0 0.0.0.255 10.B.65.0 0.0.0.255

!

route-map DisasterRecovery permit 10

match ip address DisasterRecovery

set ip next-hop 10.A.60.36

!

route-map DisasterRecovery permit 20

!

!

!

end

3750#sh ip policy
Interface      Route map
local          DisasterRecovery                      <----- NO ip DisasterRecovery policy
3750#sh ip access-lists
Extended IP access list DisasterRecovery
    10 permit ip 10.A.64.0 0.0.0.255 10.B.64.0 0.0.0.255 (15 matches)
    20 permit ip 10.A.65.0 0.0.0.255 10.B.65.0 0.0.0.255 (10 matches)  
3750#sh route-map DisasterRecovery
route-map DisasterRecovery, permit, sequence 10
  Match clauses:
    ip address (access-lists): DisasterRecovery
  Set clauses:
    ip next-hop 10.A.60.36
  Policy routing matches: 25 packets, 2710 bytes     <----- policy works
route-map DisasterRecovery, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 191001 packets, 282764144 bytes
3750#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
3750(config)#interf gi 1/0/15         
3750(config-if)#ip ?
Interface IP configuration subcommands:
  access-group  Specify access control for packets
  admission     Apply Network Admission Control
  arp           Configure ARP features
  auth-proxy    Apply authenticaton proxy
  device        IP device tracking
  dhcp          Configure DHCP parameters for this interface
  igmp          IGMP interface commands
  verify        verify
  vrf           VPN Routing/Forwarding parameters on the interface

3750(config-if)#interf vlan 64
3750(config-if)#ip policy route-map DisasterRecovery            <----- policy configured on vlan interface
3750(config-if)#end
3750#sh run interf vlan 64
Building configuration...

Current configuration : 82 bytes
!
interface Vlan64
description SERVERI
ip address 10.A.64.1 255.255.255.0          <----- NO ip policy command
end

3750#

0 Helpful

Go to solution
Ashley Georgeson
Level 1
Level 1
In response to vjemin

‎09-29-2010 01:23 AM

Hi,

I have never seen the global ip local policy route-map command before, but I wonder if it is clashing with the appilcation of an interface-level ip policy?

ip local policy route-map is described here:

http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i1gt.html#wp1107972

Regards, Ash.

0 Helpful

Go to solution
vjemin
Level 1
Level 1
In response to Ashley Georgeson

‎09-29-2010 05:06 AM

Hi,

Packets that are generated by the router are not normally policy routed. With command ip local policy route-map they are routed and I put this command to test PBR configuration from router.

When I don't have this command PBR doesn't work for packets originated from router.

Regards,

Vlaho

0 Helpful

Go to solution
schooram
Level 1
Level 1

‎09-30-2010 04:37 AM

You'll need IP Services to do PBR and a routing SDM template:

1) By 'show sdm prefer' command - you will see that there is no memory allocation for pbr instances.

2) Configure 'sdm prefer routing'

3) save and reload the switch for these changes to take effect.

0 Helpful

Go to solution
vjemin
Level 1
Level 1
In response to schooram

‎09-30-2010 02:17 PM

Thanks Sandeep!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card