Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3560 PBR from VLANs to Router and PIX each with ISP

I want to know is it possible to use a 3560, with Advanced IP Services, to policy based route from VLANs to different ISP's?

Setup looks like:

PIX to 3560

2821 to 3560

VLAN 100 on 3560

VLAN 200 on 3560

Is it possible to send VLAN 100 out the PIX and send VLAN 200 out the 2821?

3 REPLIES

Re: 3560 PBR from VLANs to Router and PIX each with ISP

According to Cisco Documentation, in the link below, PBR is supported only with EMI images. However, I have seem some SMI switches support PBR.

Do a show ver and check the model # whether you have a SMI or EMI image. If you have an SMI image then create a route map and if it lets you do that then in all likelihood PBR is supported on the switch.

http://www.cisco.com/en/US/partner/products/hw/switches/ps5528/prod_bulletin0900aecd801c5bf2.html

HTH,

Sundar

New Member

Re: 3560 PBR from VLANs to Router and PIX each with ISP

I realize that I need an EMI image, thanks. What I want to know is will the above scenario work. I found the following information: "Policy-based routing based on packet length, IP precedence and TOS, set interface, set default next hop, or set default interface are not supported."

Wouldn't I need the "set default next hop" option? According to the documentation, the only option is "set ip next-hop".

Thanks

Re: 3560 PBR from VLANs to Router and PIX each with ISP

You are correct. Route-map support for 3560 is limited and it doesn't give you many options that you would normally see on a router.

I guess you only wanted to policy route the traffic from your SVI (vlan) interfaces to two different ISPs and this can be achieved by using the 'set ip next-hop' command.

You need a config like the one below. You could configure the ACL to disallow policy routing between your local subnets and policy route all other traffic to the ISP of your choice.

int vlan 100

ip policy route-map cisco

route-map cisco permit 10

match ip address 100

set ip next-hop (ISP_1)

access-list 100 deny ip (vlan_100) (vlan_200)

access-list 100 permit ip any any

HTH,

Sundar

235
Views
3
Helpful
3
Replies
CreatePlease to create content