cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1412
Views
0
Helpful
2
Replies

PBR on 3560G with c3560-advipservicesk9-mz.122-46.SE

IM-Design
Level 1
Level 1

Hi,

I have a 3560G switch with c3560-advipservicesk9-mz.122-46.SE and 2 routers. The switch has vlans defined. I want to route all traffic on vlan 25 out of one of the routers exclusively.

Here is what I have attempted:

-Set the SDM template to routing & reload

-Define an access-list for the vlan traffic

-Define the route-map

-Apply the route-map to the vlan interface

When I attempt the last step I receive the following syslog error:

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM_IMDGuest not supported for Policy-Based Routing

Also, the  route-map is removed from the vlan interface after this error is thrown.

Im 99% confident that PBR is supported on this switch (am I wrong?).

Here is the relevant show output:

...

access-list 125 permit ip 192.168.25.0 0.0.0.255 any

route-map RM_IMDGuest permit 10

match ip address 125

set ip next-hop 192.168.5.3

!

...

sw3560IMD#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  3K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    11K
    number of directly-connected IPv4 hosts:        3K
    number of indirect IPv4 routes:                 8K
  number of IPv4 policy based routing aces:         0.5K
  number of IPv4/MAC qos aces:                      0.5K
  number of IPv4/MAC security aces:                 1K

sw3560IMD#show route-map
route-map RM_IMDGuest, permit, sequence 10
  Match clauses:
    ip address (access-lists): 125
  Set clauses:
    ip next-hop 192.168.5.3
  Policy routing matches: 5 packets, 809 bytes
sw3560IMD# show run int vlan25
Building configuration...

Current configuration : 168 bytes
!
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.5.5
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
end

**UPDATE: I just tried the above commands again and it seemed to accept them? So now Im still confused. How do I test to see if PBR is working correctly?

Message was edited by: Charles Van Dusen

2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

Do a traceroute to the specific destination and see if 92.168.5.3 appears in the path.

HTH

Hi Reza,

Thanks for the quick reply.

I did a couple of traceroutes and the 192.168.5.3 address does appear in the path.

The problem I am still seeing is that I cannot browse the web or sucessfully traceroute to an internet ip if I am connected to the vlan which I am trying to force out of one of my 2 routers using route-maps.

So, I had to change my approach until I can figure this out, so I have  updated the 3560 with a different route map, acl, and vlan configuration:

Here it is:

interface Vlan25

ip address 192.168.25.2 255.255.255.0

ip helper-address 192.168.5.5

ip pim sparse-dense-mode

ip policy route-map RM_IMDGuest

ntp broadcast

!

...

access-list 125 permit ip 192.168.25.0 0.0.0.255 any

route-map RM_IMDGuest permit 10

match ip address 125

set ip next-hop 192.168.5.1

!

So, what I am trying to do is have all clients who are connected to vlan 25 use the router at 192.168.5.1. When I fire up a client on that vlan, I am not able to ping an internet ip or browse. When I attempt a tracert to the same ip which I tried to ping, I only see 2 'hops':

1     6 ms 6 ms 6 ms 192.168.25.2

2     3 ms 3 ms 3 ms 192.168.5.1

3     all subsequent requests time out

...

From the 3560 itself I can ping and traceroute to the same ip, but the traceroute goes through the 192.168.5.3 router rather than the 192.168.5.1. I guess this is expected since the 192.168.5.3 router is also connected and I have a default route in the 3560 'ip route 0.0.0.0 0.0.0.0 192.168.5.3'.

If I have the 3560 configured correctly, then I am wondering if its a problem with the configuration of 192.168.5.1 (which is a cisco 1841).

Any ideas?

Charlie

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco