i have a problem with a PBR statement.
in juniper this statement work fine, but now i change the juniper with a Cisco 4500X.
I try to disable the cef on the interface vlan but nothing.. what can be?
the juniper per config and the cisco per config are attached.
From what I can see, you want to take all traffic that comes from 10.51.243.221 and set the next hop to 192.168.0.1 when it enters interface vlan 501.
Since 10.51.243.221 is not part of the subnet 192.168.150.1/24, the only time traffic from 10.51.243.221 will enter this interface is when the destination IP resides with in 192.168.150.1/24.
What is the overall goal for this PBR?
Thanks for the support,
Because the default route point to 192.168.150.1, but for the traffic with source 10.51.243.221 i need that is redirected to 192.168.0.1
Some switches require you to set their template before they'll use pbr.
Do a "show sdm prefer" and see if it says default. If so, change the template and reload the switch to make the change take effect. To change the template:
sdm prefer routing
thanks for the reply, now i'm outs of office and i don't have a VPN for try what you said me.
Tomorrow i try and i'll let you know.
Also, your policy isn't going to work the way it's currently written:
access-list 118 permit ip host 10.51.243.221 any route-map PBR118 permit 10 match ip address 118 set ip next-hop 192.168.0.1 interface Vlan501 ip address 192.168.150.1 255.255.255.0 ip policy route-map PBR118
The problem is that v501 has a subnet of 192.168.150.0/24, but you're wanting to match on 10.251.243.221. PBR is inbound only, so you would need to match on something in the 192.168.150.0/24 range. If you have an SVI on the switch that's supporting 10.251.243.0/xx, you'll want this policy applied to that interface and not vlan 501.
Thanks again for the support,
You're right, but the problem is that the address 10.51.243.221 is an ip from another side and I receive through the wan. And the vlan that connects me to the wan is the v501.
Please check if the next hop ip address does exist in the switch routing table. Since you are using the "set ip next-hop" command, the policy will look first for that ip address (192.168.0.1) in the routing table, if it does exist then it would route the packet to that ip address, otherwise the packet would be routed normally not by the policy (bypassing the policy).
It is highly unlikely that there are hits on the route map. As John has explained there is a severe logic flaw in the route map. Given the config shared with us the access list is looking for a source address that does not exist on the interface to which the route map is applied.
Just an assumption, would not I have a design like the following:
(LAN 10.51.243.0/24) Router <--- (192.168.150.0/24) ---> Switch (Access port on vlan 501)
And on the Router there is no nat configured and the default route is towards the vlan 501 svi on the switch which is 192.168.150.1?
Aref (glad to see you so active in the Support Community)
I am not sure that I understand your post. Are you suggesting the possibility that there is a router and a switch and the switch has an access port connected to the router? And that the address 10.51.243.221 is accessed via vlan 501 on the switch? In that case the route map could be correct. We need some clarification from the original poster about the topology of the network.
Thank you Rick, I really appreciate it.
Yes, you got me correctly, that what I was try to say. As you said, more clarification from the original poster would help for troubleshooting.
Sorry I'm explained evil and I have given little information on the topology.
I have a 4500x that has :
In this case i received the packet from 10.51.243.221 from a another side of my network by the wan and the wan it's directly connected at the van 501, but for ip routing the packet are routing to the 192.168.150.4 but for another reason i need redirect to 192.168.0.1.