Issue while configuring PBR in a 3750/3560 switch ?
Some of the common scenarios we come across
1. We are able to configure route-map but the router does not support the “ip policy route-map” under the interface
2. We are able to configure the command but this does not reflect under the interface while issuing the “show run”
These are two issues, we will be addressing separately.
è For the first issue:
We need to make sure that we are not running an IP Base image. Policy-based routing (PBR) allows superior control by facilitating flow redirection regardless of the routing protocol configured. The IP Services image is required for the same to be supported.
Kindly refer the following document for reference
è For the second issue:
Incase our image is not a Base feature set, and we are facing the second condition mentioned, check the following
n 3750/3560 switches Switch Database Management (SDM) use templates.
Understanding the SDM Templates
You can use SDM templates to configure system resources in the switch to optimize support for specific features, depending on how the switch is used in the network. You can select a template to provide maximum system usage for some functions; for example, use the default template to balance resources, and use access template to obtain maximum ACL usage.
To allocate ternary content addressable memory (TCAM) resources for different usages, the switch SDM templates prioritize system resources to optimize support for certain features. You can select SDM templates for IP Version 4 (IPv4) to optimize these features:
By default these switches use the Default SDM Template which is the default desktop template. This default does not allocate any resources for the PBR and hence we notice the issue of being unable see the command entered under the interface even though it should ideally support it.
n Issue the following command to check the sdm preferred template on your device . Note the line “number of policy based routing aces” showing up as “0”.
Switch# show sdm prefer
Therefore to enable the switch to be able to do Policy Based Routing, we first need to allocate resources for the same.
Here is how we allocate the resources,
This example shows how to configure a switch with the routing template.
Switch(config)# sdm prefer routing
Note that the resources will be allocated only after the reload.
Issue the following command to check the sdm prefer after reload.
Switch# show sdm prefer
Notice now that resources have been allocated for PBR
number of policy based routing aces: 512
n After making sure that resources have been allocated, we will be able to both configure route-maps and also PBR under the interfaces.
Note:- allocating resources in a base image will not help us configure PBR, we would require the IP services image for the same.
Some Points I would like to share here.
1. At times, on certain switches, where everything is switched in the hardware we might not see any hits in the access-list neither in the PBR. The best way to check here if the packets are getting policy routed, is to run a trace from the source to destination.
2. Also note that, when we have “log” statement at the end of an ACL that is called in a PBR , the PBR will not work as expected unless we turn off CEF or by remove the ip route cache cef on interface
Find the following table that shows the different SDM templates available and the resources allocated
lists the approximate numbers of each resource supported in each of the three templates for a desktop switch.
The first eight rows in the tables (unicast MAC addresses through security ACEs) represent approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance. The last row is a guideline used to calculate hardware resource consumption related to the number of Layer 2 VLANs on the switch.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.