Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy Based Routing on a VLAN

Hello,

We upgraded our network from a basic flat network to a VLAN network. All is working fine except for one area. We have 2 ISP routers connecting to our main switch. Traffic to the primary router is working (default route) but am unable to get specific traffic routed to the other router.

Physical layout:

2811 Router (default route)         1841 Router (VLAN 4 traffic)

      ^----------------- 3750 switch --------------^

Below is a copy of my running config (deleted sensitive info & changed IPs). I am trying to setup Policy Based Routing as from what I've read that sounds like the best solution for me. I have multiple VLANs setup, and am needing VLAN 4 traffic to be routed to the 1841 router on port 33 of the main switch. I have tried following several online walkthroughs, such as http://www.ciscozine.com/2013/04/23/pbr-route-a-packet-based-on-source-ip-address/, but haven't been successful.

I've narrowed it down to this.  I will change to the VLAN 4 interface, and input "ip policy route-map ISP", it takes it with no errors.  When doing a "sh ip policy" command it shows nothing: no policies on any interfaces.

Why isn't VLAN 4 taking the policy?  I have enabled the sdm routing template. I did read somewhere that someone said to disable CEF; another said it didn't matter after version 12.0. I tried to disable it, but said that wasn't possible.

I'm sure it is one simple thing but not seeing it. Any help you can provide would be very appreciative. If you need more information just let me know.

Thank you

Troy

sh run
Building configuration...

Current configuration : 9480 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname switch3750
!
boot-start-marker
boot-end-marker
!

!

no aaa new-model
clock timezone UTC -6
switch 1 provision ws-c3750-48ts
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name deleted
ip name-server 1.2.3.4
ip name-server 5.6.7.8
ip name-server 9.0.1.2
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
Deleted interfaces
!
interface FastEthernet1/0/24
description Commercial Internet
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
Deleted interfaces
!
interface FastEthernet1/0/33
description To AT&T Router (ISP) IP 172.16.4.20
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
Deleted interfaces
!
interface Vlan4
description 4_ISP
ip address 172.16.4.1 255.255.255.0
ip helper-address 172.16.4.2
!
Deleted interfaces
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip route 172.16.1.0 255.255.255.0 172.16.1.2
ip route 172.16.2.0 255.255.255.0 172.16.4.20
ip route 172.16.3.0 255.255.255.0 172.16.3.2
ip route 172.16.5.0 255.255.255.0 172.16.5.2
ip route 172.16.6.0 255.255.255.0 172.16.6.2
ip route 172.16.7.0 255.255.255.0 172.16.7.2
ip route 172.16.8.0 255.255.255.0 172.16.8.2
ip route 172.16.9.0 255.255.255.0 172.16.9.2
ip route 172.16.10.0 255.255.255.0 172.16.10.2
ip route 172.16.20.0 255.255.255.0 172.16.20.2
ip route 172.16.21.0 255.255.255.0 172.16.21.2
ip route 172.16.22.0 255.255.255.0 172.16.22.2
ip route 172.16.23.0 255.255.255.0 172.16.23.2
ip route 172.16.24.0 255.255.255.0 172.16.24.2
ip http server
ip http secure-server
!
!
access-list 51 remark ISP Policy Based Routing
access-list 51 permit 172.16.4.1
route-map ISP permit 1
match ip address 51
set ip precedence critical
set ip next-hop 172.16.4.20
!
control-plane
!
!
!
end

  • LAN Switching and Routing
3 REPLIES
VIP Super Bronze

Policy Based Routing on a VLAN

Hi,

According to your interface config, connections to your ISP are layer-2 trunks.  If this is the case you can't apply PBR to a layer-2 interface.

HTH

interface FastEthernet1/0/24

description Commercial Internet

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

!

Deleted interfaces

!

interface FastEthernet1/0/33

description To AT&T Router (ISP) IP 172.16.4.20

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

New Member

Policy Based Routing on a VLAN

Hi Reza,

That would make sense as the interface is trunked. In all my reading I didn't see anywhere it stating that.

Thanks, will have to reconfigure and test it out.

New Member

Policy Based Routing on a VLAN

Hi Reza,

After setting the interfaces to layer 3 interfaces I still had the same issue, but figured it out.

Come to find out, the VLAN would not accept the policy with the "set ip precedence priority" command *(even though all documentation online called for it).  I started over, assigned the policy to VLAN 4 and it showed it under the "sh ip policy" command, then rebuilt my policy from there while checking "sh ip policy" after every step.  Upon issuing the "set ip precedence priority" command it was discovered that the policy was dropped from VLAN 4.  When I left that command out, I was able to reassign the policy to the VLAN.

Anyway, its working now.  I do have an issue with DHCP not working for that VLAN, but I think that is because PBR is interfering and routing those to the other router that doesn't have DHCP on it.

Thanks for your help.

4710
Views
0
Helpful
3
Replies
This widget could not be displayed.