We upgraded our network from a basic flat network to a VLAN network. All is working fine except for one area. We have 2 ISP routers connecting to our main switch. Traffic to the primary router is working (default route) but am unable to get specific traffic routed to the other router.
Below is a copy of my running config (deleted sensitive info & changed IPs). I am trying to setup Policy Based Routing as from what I've read that sounds like the best solution for me. I have multiple VLANs setup, and am needing VLAN 4 traffic to be routed to the 1841 router on port 33 of the main switch. I have tried following several online walkthroughs, such as http://www.ciscozine.com/2013/04/23/pbr-route-a-packet-based-on-source-ip-address/, but haven't been successful.
I've narrowed it down to this. I will change to the VLAN 4 interface, and input "ip policy route-map ISP", it takes it with no errors. When doing a "sh ip policy" command it shows nothing: no policies on any interfaces.
Why isn't VLAN 4 taking the policy? I have enabled the sdm routing template. I did read somewhere that someone said to disable CEF; another said it didn't matter after version 12.0. I tried to disable it, but said that wasn't possible.
I'm sure it is one simple thing but not seeing it. Any help you can provide would be very appreciative. If you need more information just let me know.
sh run Building configuration...
Current configuration : 9480 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname switch3750 ! boot-start-marker boot-end-marker !
no aaa new-model clock timezone UTC -6 switch 1 provision ws-c3750-48ts system mtu routing 1500 ip subnet-zero ip routing ip domain-name deleted ip name-server 184.108.40.206 ip name-server 220.127.116.11 ip name-server 18.104.22.168 ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! Deleted interfaces ! interface FastEthernet1/0/24 description Commercial Internet switchport trunk encapsulation dot1q switchport mode trunk speed 100 duplex full ! Deleted interfaces ! interface FastEthernet1/0/33 description To AT&T Router (ISP) IP 172.16.4.20 switchport trunk encapsulation dot1q switchport mode trunk speed 100 duplex full ! Deleted interfaces ! interface Vlan4 description 4_ISP ip address 172.16.4.1 255.255.255.0 ip helper-address 172.16.4.2 ! Deleted interfaces ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.2 ip route 172.16.1.0 255.255.255.0 172.16.1.2 ip route 172.16.2.0 255.255.255.0 172.16.4.20 ip route 172.16.3.0 255.255.255.0 172.16.3.2 ip route 172.16.5.0 255.255.255.0 172.16.5.2 ip route 172.16.6.0 255.255.255.0 172.16.6.2 ip route 172.16.7.0 255.255.255.0 172.16.7.2 ip route 172.16.8.0 255.255.255.0 172.16.8.2 ip route 172.16.9.0 255.255.255.0 172.16.9.2 ip route 172.16.10.0 255.255.255.0 172.16.10.2 ip route 172.16.20.0 255.255.255.0 172.16.20.2 ip route 172.16.21.0 255.255.255.0 172.16.21.2 ip route 172.16.22.0 255.255.255.0 172.16.22.2 ip route 172.16.23.0 255.255.255.0 172.16.23.2 ip route 172.16.24.0 255.255.255.0 172.16.24.2 ip http server ip http secure-server ! ! access-list 51 remark ISP Policy Based Routing access-list 51 permit 172.16.4.1 route-map ISP permit 1 match ip address 51 set ip precedence critical set ip next-hop 172.16.4.20 ! control-plane ! ! ! end
After setting the interfaces to layer 3 interfaces I still had the same issue, but figured it out.
Come to find out, the VLAN would not accept the policy with the "set ip precedence priority" command *(even though all documentation online called for it). I started over, assigned the policy to VLAN 4 and it showed it under the "sh ip policy" command, then rebuilt my policy from there while checking "sh ip policy" after every step. Upon issuing the "set ip precedence priority" command it was discovered that the policy was dropped from VLAN 4. When I left that command out, I was able to reassign the policy to the VLAN.
Anyway, its working now. I do have an issue with DHCP not working for that VLAN, but I think that is because PBR is interfering and routing those to the other router that doesn't have DHCP on it.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...