There's a mobile version of our website.
I have two firewall's directly connected to the L3 switch & L3 switch have the default route pointed towards one of the firewall & my LAN user's have default gateway as L3 Switch. I woluld like to route some LAN IP's to other firewall. I have configured the route-map in the L3 switch & set the next hop for those IP's to other firewall inside interface, but it's not working. can any help me whether it is possible through route map or not
Why are you using a route-map? Route-maps are generally used if you need conditional routing, for example, if you need to set a particular next-hop behavior for traffic matching certain criteria, and deviating from the default routing table. If this is your only goal, you can use VRFs to separate your traffic instead of route-maps, if your platform supports it.
If you have an L3 switch, you have probably activated IP routing on the switch, with the command "ip routing", and added the default route to the existing firewall, with the "ip route 0.0.0.0 0.0.0.0
The reason to use a route map in this kind of situation is that it is part of configuring Policy Based Routing. And PBR is the typical solution to implement when you want to implement something that will route some traffic in a way different from the normal routing table, which seems to be the case here.
I assume from your description that you are attempting to do PBR though you do not specifically say this. So as my first thing, can you confirm that you are attempting to do PBR with this route map?
In my experience there are several things that are common problems with implementation of route maps and PBR. Since you have not provided any detail it is hard to know which is the case in your situation. I would suggest that you check on these possible issues:
- the access list used in the route map may not correctly identify the traffic that you want to route differently. Perhaps you can check the logic of the access list and perhaps post it here so we can understand it
- the route map may not be setting the next hop correctly. Can you verify that the next hop is correct in the route map? And perhaps you can post the details of the route map?
- the route map may not be assigned on the interface where the traffic arrives on the layer 3 switch. Can you check on where the route map is assigned and perhaps post the details of the interface configuration?
Thanks for the Reply.
If yes i am doing PBR to route some traffic to different route other than default gateway. In my case the switch is Cisco 4503 with supervisor II card installed. Could you please confirm whether PBR using route map is possible in this switch or not.
I have checked the release notes for the 4500 switch and find that both PBR and VRF are supported. I did not find anything that describes limitations of these features based on type of supervisor.
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion