11-13-2010 12:16 AM - edited 03-06-2019 02:02 PM
Dear All,
We are facing problem on inter-vlan routing after applying PBR on C3560E
Cisco Switch Image : c3560e-universalk9-mz.122-44.SE2
We have 3 vlans and intervlan routing is enabled on 3560E and all vlans talks each other.
vlan 100 : 192.168.0.100
vlan 102 : 192.168.2.100
vlan 104 : 192.168.4.100
and have two isps. we need to route internet traffic of vlan 100 and 102 to ISP1 (Cisco ASA- 192.168.0.1)
internet traffic from vlan 104 to ISP2 (Cisco ASA - 192.168.4.1) and need inter-vlan routing.
C3560E Configuration
======================================
int vlan 100
ip address 192.168.0.100 255.255.255.0
no shut
int vlan 102
ip address 192.168.2.100 255.255.255.0
no shut
int vlan 104
ip address 192.168.4.100 255.255.255.0
ip policy route-map aiwa_routemap
no shut
ip routing
access-list 104 permit ip 192.168.4.0 0.0.0.255 any
route-map aiwa_routemap permit 10
match ip address 104
set ip next-hop 192.168.4.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1
===================================================
Problems :
Inter-vlan is not working after appying PBR.
we tried to use the command "set ip default next-hop" instead of "set ip next-hop"
we can't apply the route-map to vlan interface.
Got error "route-map vlan30 not supported by policy-based routing"
Kindly send your suggestion for above.
Regards
Mani
Solved! Go to Solution.
11-13-2010 12:25 AM
The problem is your acl 104 matches all traffic, including that for vlan 100 & 102.
Change your acl as follows:
access-list 104 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 104 permit ip 192.168.4.0 0.0.0.255 any
The first line matches your internal traffic, in fact it matches the entire RFC1918 range for class C networks.
This is a good thing; you must send such traffic over the Internet anyway because it is not routed.
Anyway, because the policy map does not match anymore for your local traffic, it should work.
regards,
Leo
11-13-2010 12:25 AM
The problem is your acl 104 matches all traffic, including that for vlan 100 & 102.
Change your acl as follows:
access-list 104 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 104 permit ip 192.168.4.0 0.0.0.255 any
The first line matches your internal traffic, in fact it matches the entire RFC1918 range for class C networks.
This is a good thing; you must send such traffic over the Internet anyway because it is not routed.
Anyway, because the policy map does not match anymore for your local traffic, it should work.
regards,
Leo
11-14-2010 11:50 AM
Its working fine. thanks a lot Mr.Leo
12-29-2022 02:38 AM
@lgijssel You saved the day, thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide