02-03-2012 07:20 AM - edited 03-07-2019 04:43 AM
Hi,
I have a 3560G switch with c3560-advipservicesk9-mz.122-46.SE and 2 routers. The switch has vlans defined. I want to route all traffic on vlan 25 out of one of the routers exclusively.
Here is what I have attempted:
-Set the SDM template to routing & reload
-Define an access-list for the vlan traffic
-Define the route-map
-Apply the route-map to the vlan interface
When I attempt the last step I receive the following syslog error:
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM_IMDGuest not supported for Policy-Based Routing
Also, the route-map is removed from the vlan interface after this error is thrown.
Im 99% confident that PBR is supported on this switch (am I wrong?).
Here is the relevant show output:
...
access-list 125 permit ip 192.168.25.0 0.0.0.255 any
route-map RM_IMDGuest permit 10
match ip address 125
set ip next-hop 192.168.5.3
!
...
sw3560IMD#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
sw3560IMD#show route-map
route-map RM_IMDGuest, permit, sequence 10
Match clauses:
ip address (access-lists): 125
Set clauses:
ip next-hop 192.168.5.3
Policy routing matches: 5 packets, 809 bytes
sw3560IMD# show run int vlan25
Building configuration...
Current configuration : 168 bytes
!
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.5.5
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
end
**UPDATE: I just tried the above commands again and it seemed to accept them? So now Im still confused. How do I test to see if PBR is working correctly?
Message was edited by: Charles Van Dusen
02-03-2012 08:33 AM
Do a traceroute to the specific destination and see if 92.168.5.3 appears in the path.
HTH
02-03-2012 01:56 PM
Hi Reza,
Thanks for the quick reply.
I did a couple of traceroutes and the 192.168.5.3 address does appear in the path.
The problem I am still seeing is that I cannot browse the web or sucessfully traceroute to an internet ip if I am connected to the vlan which I am trying to force out of one of my 2 routers using route-maps.
So, I had to change my approach until I can figure this out, so I have updated the 3560 with a different route map, acl, and vlan configuration:
Here it is:
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.5.5
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
!
...
access-list 125 permit ip 192.168.25.0 0.0.0.255 any
route-map RM_IMDGuest permit 10
match ip address 125
set ip next-hop 192.168.5.1
!
So, what I am trying to do is have all clients who are connected to vlan 25 use the router at 192.168.5.1. When I fire up a client on that vlan, I am not able to ping an internet ip or browse. When I attempt a tracert to the same ip which I tried to ping, I only see 2 'hops':
1 6 ms 6 ms 6 ms 192.168.25.2
2 3 ms 3 ms 3 ms 192.168.5.1
3 all subsequent requests time out
...
From the 3560 itself I can ping and traceroute to the same ip, but the traceroute goes through the 192.168.5.3 router rather than the 192.168.5.1. I guess this is expected since the 192.168.5.3 router is also connected and I have a default route in the 3560 'ip route 0.0.0.0 0.0.0.0 192.168.5.3'.
If I have the 3560 configured correctly, then I am wondering if its a problem with the configuration of 192.168.5.1 (which is a cisco 1841).
Any ideas?
Charlie
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: