I have a PBR problem on a 3750 running 12.35SE5 (C3750-IPSERVICES-M). SDM configured as "desktop routing".
I have a couple of entry points in to my network with specific exit points based on the source of the traffic.
With my policy configured with ONE set command it works fine.
route-map rm-in permit 10
match ip address sites-in-1
set ip next-hop 172.18.21.110
route-map rm-in permit 20
match ip address sites-in-2
set ip next-hop 172.18.21.120
The problem starts as soon as I configure TWO set statements. Although the config is allowed in the policy I cannot apply this to the interface. The system does not report any errors but does not configure the policy on the SVI. Once the "set tag" statement is removed, the policy could be applied.
I do not understand what you are trying to do. Setting a tag in a route map is usually done on routing protocol updates. This route map is about how to forward data packets. What function would a tag have on a data packet?
I believe that the issue is that your route map becomes logically inconsistent when you attempt to apply a routing protocol function to a packet forwarding route map. Perhaps if you explain what you are trying to accomplish we might find some other way to do it that would work.
The network is somewhat complex. It was inherited with bandwidth optimisers installed off-path. Some firewalls were added and later two VRFs are used to connect four different site profiles to the HO.
As soon as I receive traffic inbound on my core switch (from VRF1 or VRF2), it is passed to some bandwidth optimisers (one of six units) for decompression via PBR process 1. This decision is done by source IP.
Once decompressed the traffic passes through my core switch again and forwarded to one of three interfaces on my firewall. This task is performed by PBR process 2 on the optimiser SVI.
If traffic leaves the firewall outbound, PBR process 3 will forward traffic to the appropriate bandwidth optimiser (all firewall SVIs) based on destination IP address. Once it reaches the core switch after it is compressed the source address is that of the DC and not defined in any policy on the optimiser SVI. This will cause the PBR not to act on the traffic and it is routed normally to the remote site. As long as all traffic flows to and from the DC it all functions correctly.
The problem comes in if a site on VRF1 tries to connect to a site on VRF2. Now the traffic runs through PBR1 and PBR2 as per usual. Then enters the firewall and is forwarded back out instead of in to the DC. The outbound traffic now has a source IP of a remote site and will be forwarded back to the firewall once optimised and to the remote site.
The plan is to tag the traffic as it passes through PBR2 (set tag and set next hop) on this policy. The first line of the policy will check for the tag and drop the traffic if present. This will be very similar to solving a route redistribution problem between two networks interconnected with two routers.
Thank you for the additional information. It does help to understand what you are trying to accomplish and I agree that the approach is very logical to try to solve your problem as you would solve a route redistribution problem. Unfortunately I do not think that this use of set tag is supported. I have checked several command references and they mention set tag only in the context of tagging route advertisements and not of tagging data packets. Perhaps someone else in the community may have some ideas of how to accomplish what you need?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.