Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1099
Views
5
Helpful
3
Replies

inter-vlan and PBR issue.

Go to solution
sardhar79
Level 1
Level 1

‎11-13-2010 12:16 AM - edited ‎03-06-2019 02:02 PM

Dear All,

We are facing problem on inter-vlan routing after applying PBR on C3560E

Cisco Switch Image : c3560e-universalk9-mz.122-44.SE2

We have 3 vlans and intervlan routing is enabled on 3560E and all vlans talks each other.

vlan 100 : 192.168.0.100
vlan 102 : 192.168.2.100
vlan 104 : 192.168.4.100

and have two isps. we need to route internet traffic of vlan 100 and 102 to ISP1 (Cisco ASA- 192.168.0.1)

internet traffic from vlan 104 to ISP2 (Cisco ASA - 192.168.4.1) and need inter-vlan routing.

C3560E Configuration
======================================

int vlan 100
ip address 192.168.0.100 255.255.255.0
no shut

int vlan 102
ip address 192.168.2.100 255.255.255.0
no shut

int vlan 104
ip address 192.168.4.100 255.255.255.0
ip policy route-map aiwa_routemap
no shut

ip routing

access-list 104 permit ip 192.168.4.0 0.0.0.255 any

route-map aiwa_routemap permit 10
match ip address 104
set ip next-hop 192.168.4.1


ip route 0.0.0.0 0.0.0.0 192.168.0.1

===================================================

Problems :

Inter-vlan is not working after appying PBR.

we tried to use the command "set ip default next-hop" instead of "set ip next-hop"

we can't apply the route-map to vlan interface.

Got error "route-map vlan30 not supported by policy-based routing"

Kindly send your suggestion for above.

Regards

Mani

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lgijssel
Level 9
Level 9

‎11-13-2010 12:25 AM

The problem is your acl 104 matches all traffic, including that for vlan 100 & 102.

Change your acl as follows:

access-list 104 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 104 permit ip 192.168.4.0 0.0.0.255 any

The first line matches your internal traffic, in fact it matches the entire RFC1918 range for class C networks.

This is a good thing; you must send such traffic over the Internet anyway because it is not routed.

Anyway, because the policy map does not match anymore for your local traffic, it should work.

regards,

Leo

View solution in original post

3 Replies 3

Go to solution
lgijssel
Level 9
Level 9

‎11-13-2010 12:25 AM

The problem is your acl 104 matches all traffic, including that for vlan 100 & 102.

Change your acl as follows:

access-list 104 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 104 permit ip 192.168.4.0 0.0.0.255 any

The first line matches your internal traffic, in fact it matches the entire RFC1918 range for class C networks.

This is a good thing; you must send such traffic over the Internet anyway because it is not routed.

Anyway, because the policy map does not match anymore for your local traffic, it should work.

regards,

Leo

Go to solution
sardhar79
Level 1
Level 1
In response to lgijssel

‎11-14-2010 11:50 AM

Its working fine. thanks a lot Mr.Leo

0 Helpful

Go to solution
Vi Vo
Level 1
Level 1

‎12-29-2022 02:38 AM

@lgijssel You saved the day, thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card