Can anyone help with an issue i am having with PBR and an IP Helper. I cannot get devices in the VLAN with the associated SVI to get DHCP addresses, there is no DHCP server in the VLAN so an IP Helper is used but whenever i enable PBR on the SVI, DHCP stops working. The switch is a 6506 Catalyst running Version 12.2(17d)SXB11 of IOS
The SVI config for the VLAN is as below
ip address 10.2.60.254 255.255.255.0
ip helper-address 10.10.80.200
ip helper-address 10.10.80.201
ip policy route-map ACPBR
no ip igmp snooping explicit-tracking
no ipv6 mld snooping explicit-tracking
no ipv6 mld snooping
a route map configured as follows
route-map ACPBR permit 10
match ip address ACPBR_ACL
set ip default next-hop 10.99.1.252
!
route-map ACPBR permit 20
set default interface Null0
!
and an access list as follows
ip access-list extended ACPBR_ACL
deny udp any any eq bootps log
permit ip 10.2.60.0 0.0.0.255 any
So any DHCP traffic should hit the deny command and drop back to the normal routing process, at least thats my understanding. The logs on the 6506 even show the DENY being hit, see below
list ACPBR_ACL denied udp 0.0.0.0(68) -> 255.255.255.255(67), 1 packet
Can anyone advise why this may be happening, if i add the PBR to the SVI DHCP stops working, if i remove it then it starts working so it is definately PBR doing something.
Thanks
Ryan
