Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

PBR question.

Hi Guys,

 

I would like to ask how could I define a PBR if the VLAN is behind ASA? There is no SVI set in 6509. I can't set ip policy route-map command on Gig2/6.

 

6509:

ip access-list extended ACL-ATT-TO-RIVERBED
 permit ip 10.199.24.0 0.0.0.255 10.226.147.163 0.0.0.0
 permit ip 10.199.26.0 0.0.0.255 10.226.147.163 0.0.0.0

route-map RM-TO-RIVERBED permit 10
 match ip address ACL-ATT-TO-RIVERBED
 set ip next-hop 10.199.195.253

 

interface GigabitEthernet2/6
 description ASA003_TRUNK_1_P
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 load-interval 30
 speed 1000
 duplex full
 wrr-queue bandwidth 20 100 200 
 priority-queue queue-limit 5 
 wrr-queue queue-limit 65 15 15 
 wrr-queue random-detect min-threshold 1 70 100 100 100 100 100 100 100 
 wrr-queue random-detect min-threshold 2 70 100 100 100 100 100 100 100 
 wrr-queue random-detect min-threshold 3 40 40 50 50 60 60 70 70 
 wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100 
 wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100 
 wrr-queue random-detect max-threshold 3 70 70 80 80 90 90 100 100 
 wrr-queue cos-map 2 1 1 2 
 wrr-queue cos-map 3 5 3 4 
 wrr-queue cos-map 3 7 6 7 
 rcv-queue threshold 1 50 50 60 60 100 100 100 100 
 rcv-queue threshold 2 60 80 100 100 100 100 100 100 
 rcv-queue cos-map 1 1 0 
 rcv-queue cos-map 1 2 1 
 rcv-queue cos-map 1 3 2 
 rcv-queue cos-map 1 4 3 
 rcv-queue cos-map 2 1 4 
 rcv-queue cos-map 2 2 5 
 rcv-queue cos-map 2 3 6 
 rcv-queue cos-map 2 4 7 
 mls qos trust dscp
 auto qos voip trust 
 spanning-tree portfast edge trunk
end

 

ASA:

ASA003# show run int GigabitEthernet0/1.24
!
interface GigabitEthernet0/1.24
 vlan 24
 nameif att
 security-level 100
 ip address 10.199.24.1 255.255.255.0 standby 10.199.24.2 
ASA003# show run int GigabitEthernet0/1.26
!
interface GigabitEthernet0/1.26
 vlan 26
 nameif att_ii
 security-level 100
 ip address 10.199.26.1 255.255.255.0 standby 10.199.26.2

 

Regards,

Jackie

1 REPLY
VIP Super Bronze

Hi Jackie,If you are running

Hi Jackie,

If you are running version 9 or later on your ASA, it supports PBR.

see link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html#pgfId-1943033

HTH

 

48
Views
0
Helpful
1
Replies
CreatePlease to create content