02-23-2009 10:40 PM - edited 03-06-2019 04:12 AM
Dear Friends,
I have setup PBR on a 3560 (SW Version : 12.2(40)SE Advanced IP Services).
The config is as follows:
route-map mymap permit 10
match ip address <access-list>
set ip next hop 172.21.11.1 172.21.11.2
int g0/25
ip policy route-map mymap
My requirement is that packets should always be policy routed to the next-hop address 172.21.11.1 and if this is down, 172.21.11.2 should be the next hop.
But even i bring down the router 172.21.11.1, the switch never detects that and it still continues to forward packets to the first hop which is unreachable.
The router is connected to port G0/11 of the switch. The config details of this port are as follows:
interface GigabitEthernet0/11
switchport access vlan 211
switchport mode access
spanning-tree portfast
The redundant router (172.21.11.2) is connected to this switch via a trunk link and is reachable.
I also tried other options like the continue clause with route-map but failed(Got the error Unsupported route map).
Can you suggest me a solution on this please?
Thanks a lot
Gautam
Solved! Go to Solution.
02-24-2009 02:49 AM
Hello Gautam,
what would be needed here is to have the two next-hops in two different subnets/vlan.
Actually, until there is a port in vlan 211 that is in STP forwarding state the vlan 211 is up/up and the ARP entry for the first next-hop is used even if it is not reachable.
If you could put the two devices in two different vlans and each vlan has only one port (the one to the device) associated to the L2 vlan you can detect the failure
This is the autostate feature that links the state of an SVI to the presence of at least one physical interface (access or trunk also) in STP forwarding state for the corresponding L2 Vlan.
It would have been handy to have some neighbor verify availabilty command like in C6500 with native IOS
Hope to help
Giuseppe
02-23-2009 11:08 PM
HI Gautam, [Pls RATE if HELPS]
Try, enabling HSRP between the Routers and route the traffic to the Logical Standby IP Address.
Hope this Helps.
Best Regards,
Guru Prasad R
02-23-2009 11:14 PM
Dear Guru,
Thanks a lot for the reply. Though i tried this exercise with routers, the production devices are not Cisco routers but rather Ironport security devices that dont support HSRP.
Thanks a lot anyways for your qucik response.
I couldnt try route-maps with Object tracking too since the 3560's dont support this feature.
02-24-2009 02:49 AM
Hello Gautam,
what would be needed here is to have the two next-hops in two different subnets/vlan.
Actually, until there is a port in vlan 211 that is in STP forwarding state the vlan 211 is up/up and the ARP entry for the first next-hop is used even if it is not reachable.
If you could put the two devices in two different vlans and each vlan has only one port (the one to the device) associated to the L2 vlan you can detect the failure
This is the autostate feature that links the state of an SVI to the presence of at least one physical interface (access or trunk also) in STP forwarding state for the corresponding L2 Vlan.
It would have been handy to have some neighbor verify availabilty command like in C6500 with native IOS
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide