Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Policy Based Routing on Catalyst

Hi All,

I have Catalyst 3750 which operates as L3 switch.

8 routed VLANs 10.0.111.0/27 are configured on it.

All these VLANs were created for different types of guest: WiFi, wired and so on. ACLs on Catalyst 3750 protect my LAN from guests and also protect different type of guests from each other.

But guests want to access Internet.

Corporate security policy requires that guests Internet traffic must go through MS ISA server. With Cisco router I can do it with a help of PBR

Something like:

route-map to-isa permit 10

match ip address ACL_THAT_MATCHES_INET_TRAFFIC

set ip next-hop MS_ISA_IP

But how can I do it with Catalyst switch?

3 REPLIES
Community Member

Re: Policy Based Routing on Catalyst

PBR will work on a cat switch 3750 provided you have the EMI IMAGE...might be worth getting.

interface Vlan2

ip address 10.0.111.1 255.255.255.224

ip policy route-map pbr

access-list 10 permit 10.0.111.0 0.0.0.31

route-map pbr permit 10

match ip address 10

set ip next-hop "isa server"

If that doesn't work how bout VACLs?

Community Member

Re: Policy Based Routing on Catalyst

Stick with VACL's if you can, PBR can be process intensive.

Community Member

Re: Policy Based Routing on Catalyst

Than you for advices, but as I know only EMI version of a Catalyst IOS supports this feature.

My C3750-IPSERVICESK9-M, Version 12.2(25)SEC doesn't support this feature.

205
Views
0
Helpful
3
Replies
CreatePlease to create content