Re: what is the usage of pbr on switches

ladan.eftetahi · ‎09-01-2006

Hi everybody

I am going to implement policy-based routing on 37540 switch.I config like this :

ip routing

!

ip dhcp pool vlan1

network 192.168.0.0 255.255.255.0

default-router 192.168.0.244

!

ip dhcp pool vlan2

network 20.20.x.x.255.255.0

default-router 20.x.x.1

!

ip dhcp pool vlan3

network 172.31.131.0 255.255.255.240

default-router 172.31.131.1

!

vlan 2

name test

!

vlan 3

name Arian

!

interface Vlan1

ip address 192.168.0.244 255.255.255.0

!

interface Vlan2

ip address 20.20.x.x.255.255.0

ip policy route-map pbr

!

interface Vlan3

ip address 172.31.131.1 255.255.255.240

!

ip classless

ip route 0.0.0.0 0.0.x.x.168.0.2

ip http server

!

access-list 10 permit 20.20.x.x.0.0.255

route-map pbr permit 10

match ip address 10

set ip next-hop 172.31.131.14

!

i want to ping 20.x.20.1 from my pc with 20.20.20.2 ip address ,& ping 172.31.131.14 or 172.31.131.14 ,but I can't .if my pc be in vlan 2 with 20.x.20.1 default gateway, I should to ping 20.x.20.1 but

I can't.what's the problem. if I want to route vlan 2 to next-hop 172.31.131.14

,I can't never access to vlan 1 or vlan 3 networks despite the fact that with enaqble ip routing in 3750 i expect that I can run intervlan routing.

could you pls guid me.

thanks

ankbhasi · ‎09-02-2006

Hi Ladan,

If your intention is just to have communication between your vlan subnets then you do not need PBR on your switch. PBR is used for source base routing and some other purposes.

As you updated that your pc being in vlan 2 and you are not able to ping your gateway itself which seems to me that there is some connectibity issue or may be your logical interfaces are down.

Can you please attach the output of

sh run , sh ip route, sh vlan , sh interface vlan 2 and sh interface vlan 3.

Regards,

Ankur

mark.mcsherry · ‎09-02-2006

Hi,

I'd go along with the previous post. Most likely you need a 'switchport access vlan 2' on the port that your PC is plugged into.

Mark

ladan.eftetahi · ‎09-02-2006

Hi

thanks for your support.I set 'switchport access vlan 2' on my pc.but I can't ping 20.20.20.1 from my pc when I set policy.

without pbr I can ping 20.20.20.1.I think that the problem is on access-list because when I traceroute ip 192.9.9.3 , I can trace 20.20.20.1 but I can;t ping it.could you pls tell me that my pbr config is true oe not?

sho run

Building configuration...

Current configuration : 2986 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

no aaa new-model

switch 1 provision ws-c3750-24ts

vtp domain vtp-a

vtp mode transparent

ip subnet-zero

ip routing

!

ip dhcp pool vlan1

network 192.168.0.0 255.255.255.0

default-router 192.168.0.244

!

--More-- ip dhcp pool vlan2

network 20.20.20.0 255.255.255.0

default-router 20.20.20.1

!

ip dhcp pool vlan3

network 172.31.131.0 255.255.255.240

default-router 172.31.131.1

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

name test

!

vlan 3

name Arian

!

--More-- !

interface FastEthernet1/0/1

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/2

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/3

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/4

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/5

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/6

spanning-tree portfast

--More-- !

interface FastEthernet1/0/7

spanning-tree portfast

!

interface FastEthernet1/0/8

spanning-tree portfast

!

interface FastEthernet1/0/9

spanning-tree portfast

!

interface FastEthernet1/0/10

switchport access vlan 2

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/11

switchport access vlan 2

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/12

switchport access vlan 2

switchport mode access

--More-- spanning-tree portfast

!

interface FastEthernet1/0/13

spanning-tree portfast

!

interface FastEthernet1/0/14

spanning-tree portfast

!

interface FastEthernet1/0/15

spanning-tree portfast

!

interface FastEthernet1/0/16

spanning-tree portfast

!

interface FastEthernet1/0/17

spanning-tree portfast

!

interface FastEthernet1/0/18

spanning-tree portfast

!

interface FastEthernet1/0/19

spanning-tree portfast

!

--More-- interface FastEthernet1/0/20

spanning-tree portfast

!

interface FastEthernet1/0/21

spanning-tree portfast

!

interface FastEthernet1/0/22

switchport access vlan 3

switchport mode access

spanning-tree portfast

!

interface FastEthernet1/0/23

switchport access vlan 3

switchport mode access

duplex half

spanning-tree portfast

!

interface FastEthernet1/0/24

switchport access vlan 3

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/1

--More-- !

interface GigabitEthernet1/0/2

!

interface Vlan1

ip address 192.168.0.244 255.255.255.0

!

interface Vlan2

ip address 20.20.20.1 255.255.255.0

ip policy route-map pbr

!

interface Vlan3

ip address 172.31.131.1 255.255.255.240

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.2

ip http server

!

access-list 10 permit 20.20.20.0 0.0.0.255

route-map pbr permit 10

match ip address 10

set ip next-hop 172.31.131.14

!

--More-- !

control-plane

!

line con 0

line vty 0 4

no login

line vty 5 15

no login

!

end

Switch#

mark.mcsherry · ‎09-02-2006

Hi,

Can you double check that you are plugged into ports 10, 11 or 12?

If you are, then can you also double check that you have the correct IP address and subnet mask on your PC.

The next thing I'd check is that your cable is ok - should be a straight though in this case.

You might find a 'show mac-address-table' command useful - if you're seeing anything on the link, then it should register your PC's mac address against the port it's plugged into - at least you will know it's communicating at layer 2,

Mark