07-18-2008 06:24 PM - edited 03-06-2019 12:17 AM
I need help on setting up routing for a single subnet.
At the moment all traffic is routed via the etherchannel(po1) to the R2 Router via ospf. What i would like to do is route a single SVI on the 4506 to R1 instead of R2.
Can i apply a route map on the subnet (10.90.18.0) SVI VLAN18 interface and set the next hop via r1 interface(10.90.252.7)
should i apply the policy on the trunk port or on the SVI?
07-18-2008 07:29 PM
Hi,
You should apply the route-map on the SVI, where the packet is enter into the router.
"Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent."
http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml#wp14035
HTH,
jerry
08-04-2008 03:28 PM
Thanks Jerry,
I have applied the route-map on the 4506 SVI.
route-map Traffic_to_ISP2 permit 10
match ip address 20
set ip next-hop 10.90.252.38
#sh ip access-lists 20
Standard IP access list 20
10 permit 10.90.17.0, wildcard bits 0.0.0.255
interface Vlan17
description Layer3 gateway
ip address 10.90.17.2 255.255.255.0
ip policy route-map Traffic_to_ISP2
#sh ip policy
Interface Route map
Vlan17 Traffic_to_ISP2
#sh route-map
route-map Traffic_to_ISP2, permit, sequence 10
Match clauses:
ip address (access-lists): 20
Set clauses:
ip next-hop 10.90.252.38
Nexthop tracking current: 10.90.252.38
10.90.252.38, fib_nh:18836098,oce:189008EC,status:1
Policy routing matches: 0 packets, 0 bytes
However i am not getting any matches when debugging or any matches on the acl.
A traceroute shows traffic hitting the SVI but the PBR is not working
Protocol [ip]:
Target IP address: 10.64.11.204
Source address: 10.90.17.18
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Type escape sequence to abort.
Tracing the route to
1 10.90.17.2 0 msec 0 msec 9 msec
2 10.90.252.9 0 msec 0 msec 9 msec
7 10.64.11.204 16 msec 17 msec 25 msec
Any ideas?
08-04-2008 06:52 PM
Hi,
Just a question, where do you initiate the ping? On the router where PBR is configured on the SVI? If this is the case, you have to use the command "ip local policy route-map map-tag" to test the PBR.
If you are testing from a PC on VLAN 17, the trace route should hit the ACL and use the PBR.
HTH,
jerry
08-04-2008 10:14 PM
Good question
Traffic is not orginating on the switch which is a 4506 not a router. I am tracerouting from another switch on vlan17.
I am not getting any matches which would suggest the switch has issues with PBR should i be running a different IOS?
at the moment i am running "cat4000-i5s-mz.122-25.EWA13.bin"
08-05-2008 08:43 AM
Hi, Can you post the output of the following command:
show ip route 10.90.252.38
I am wondering is the next hop 10.90.252.38 on the routing table of the 4506.
Regards,
jerry
08-05-2008 01:29 PM
Yes it is directly connected, it is a ptp connection from the 4506 to the router for ISP2.
#sh ip route 10.90.252.38
Routing entry for 10.90.252.36/30
Known via "connected", distance 0, metric 0 (connected, via interface)
08-05-2008 07:26 PM
Hi, I don't see any issue with your configuration.
Like I said before, if you are testing the PBR from any device on VLAN17, the route-map and ACL should catch it. However, if the traceroute/ping is initiate from the 4506 sourced from VLAN17, "ip local policy" should be use to perform the test.
Regards,
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide