Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy based routing on a Layer 3 switch

I am doing some lab testing on policy based routing. I am having some issues that I can't see to get working right.

Here is the config:

ip local policy route-map Test-map

!

ip access-list extended icmp

permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255

permit icmp 192.168.2.0 0.0.0.255 192.168.200.0 0.0.0.255

ip access-list extended telnet

permit tcp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255 eq telnet

permit tcp 192.168.2.0 0.0.0.255 192.168.200.0 0.0.0.255 eq telnet

ip access-list extended test

permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255

!

route-map Test-map permit 10

match ip address icmp

set ip next-hop 192.168.1.3

!

route-map Test-map permit 20

match ip address telnet

set ip next-hop 192.168.1.2

The first thing I did was I only had 1 network on this box the 192.168.1.x and when I plugged a pc into a port on the switch and tried to ping the remote network of 192.168.200.1 it will not hit on my access-lists for my policy based routes.

If I do a ping from the switches IOS interface directly the access-lists get hits and the policy based routes work fine.

So I was puzzled by this and figured maybe policy based routes only work if they come from one network to another network. So I setup a 2nd vlan called 192.168.2.x and put my pc in that vlan. I then proceed to ping 192.168.200.1 and still was unable to get any hits on the access-lits or policy based routes.

So what am I doing wrong or am I trying to use policy based routing wrong here?

4 REPLIES
Purple

Re: Policy based routing on a Layer 3 switch

Hi,

You need to apply the route-map to your L3 interfaces where the traffic is coming from e.g.

interface vlan10

ip policy route-map Test-map

The local policy only impacts packets generated by the router itself.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Policy based routing on a Layer 3 switch

I've done that command but then when I do a "show run" I don't see it in the configuration and it doesn't seem to be working.

Also if everything is on the same vlan 100 will the pbr work? or does this require that I use two different vlans? (one for inside and one for outside) so that I have a interface from where the packets are coming from?

New Member

Re: Policy based routing on a Layer 3 switch

The "ip policy route-map Test-map" command needs to be on the layer 3 interface that receives the packets, then it will select the next hop based on your route-map

New Member

Re: Policy based routing on a Layer 3 switch

Oh I already know that. I just ended up calling TAC on this.

Apparently on certain models of switches you have to do the SDM PREFER EXTENDED command to enable the ability to do PBR on Lower model L3 switches.

I am still experimenting with the 6509's.

2681
Views
0
Helpful
4
Replies