Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PBR Help

I need to do policy based routing based on the incoming IP address. All the addresses are coming in through a VPN concentrator and will be directed to one IP address on the concentrators policy, the concentrator will then pass the traffic to a switch running layer 3 code that will do the PBR. The switch will then need to route the traffic to differnt IP addresses on the same subnet depending on the source IP of the packet. Does anyone have any examples of how to set up a route-map and access list to accomplish this? Thanks!

7 REPLIES
Silver

Re: PBR Help

What kind of switch are you using?

New Member

Re: PBR Help

Cisco 3750

Silver

Re: PBR Help

PBR does not work on 3750.

New Member

Re: PBR Help

I was told by A cisco engineeer that it would but if not, I will use whatever kind of switch I need.

New Member

Re: PBR Help

Note the information in the following article, It shows PBR being allowed on 3750 switches.

http://www.cisco.com/en/US/customer/products/hw/switches/ps5532/products_configuration_guide_chapter09186a00801ee86e.html

New Member

Re: PBR Help

In a similar scenario, I've used the following template:

===============

access-list 101 remark

access-list 101 permit ip 10.10.0.0 0.0.255.255 any

access-list 101 permit ip 10.110.0.0 0.0.255.255 any

route-map WE permit 5

match ip address 101

set ip next-hop

===============

Pls let me know if this works in ur case..There are several other parametrs though, which can be set such as metric, weight, interface, community, metric-type, tag etc.

Rgds\Satya.

New Member

Re: PBR Help

HI Satya,

Thanks for the response. Let me give you a more specific example of what I am trying to do.

Lets say I have an incomming address of 172.16.72.21 and it is trying to access port 14635 on 10.10.10.100, but as this packet comes in I really need it to access server 10.10.10.112 port 14635, Now I also have an address coming in of 192.168.101.211 that needs to access 10.10.10.100 port 15321. These addresses are all coming into my network via Lan-to-Lan VPN tunnels. I only want to have one or two IP's in my local encryption domain list, but I need to be able to point them to a number of other addresses on the same subnet, not on a different port on the router.

Hope this example makes sens!

Thanks

Doug

180
Views
0
Helpful
7
Replies