Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4216
Views
0
Helpful
7
Replies

enable PBR on Cisco 3560

Go to solution
ejahn
Level 1
Level 1

‎11-23-2016 11:41 AM - edited ‎03-05-2019 07:32 AM

Hello, i have a problem enable policy based routing on 3560. I read lots of articles, but evidently, i missed something.

I would like to know, what everything is needed to enable PBR on 3560.

Here are my steps: 

1. I set sdm prefer routing, reloaded the switch

evidence:

#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv6 multicast groups: 0
number of directly-connected IPv6 addresses: 0
number of indirect IPv6 unicast routes: 0
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 20
number of IPv6 security aces: 25

2. i have IOS with IP SERVICES (C3560-IPSERVICESK9-M), Version 15.0(2)SE2

3. i can setup the access-list, route-map, ip policy (commands are available, everything looks good)

but if i try to look at applied ip policy it shows nothing:

#sh ip policy
Interface Route map

but as you can see, the route-map is here:

#sh route-map
route-map ADMIN, permit, sequence 10
Match clauses:
ip address (access-lists): 170
Set clauses:
ip default next-hop 10.20.1.30
Policy routing matches: 0 packets, 0 bytes

then i noticed, when i enter 'sh ip int vlan 170', which is the VLAN interface where i applied ip policy, this output (excerpt):

...

Policy routing is disabled

So, please, what else could be missing, to enable PBR on this switch ?

Thank you,

Erik

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to ejahn

‎11-23-2016 01:13 PM

Erik,

sorry for the confusion. 

There are numerous commands which are not supported on the 3560, one of them being:

set ip default next-hop

That might be the problem...

This link lists all the unsupported commands (go to 'Unsupported Route Map Commands):

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_50_se/configuration/guide/scg/swuncli.html#wp1088160

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Georg Pauwen
VIP
VIP

‎11-23-2016 11:55 AM

Hello,

as far as I recall, you need to use 'sdm prefer routing' and not desktop routing for PBR to work:

Switch(config)# sdm prefer routing
Switch(config)# end
Switch# reload
Proceed with reload? [confirm]

0 Helpful

Go to solution
ejahn
Level 1
Level 1
In response to Georg Pauwen

‎11-23-2016 12:25 PM

thank you for your reply, the command was 'sdm prefer routing', but output shows 'desktop routing'.

There's nothing i could change on this.

Erik

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to ejahn

‎11-23-2016 12:31 PM

Hello,

the following bug probably applies to your situation:

"show policy-map interface" in 2960, 2970, 3560, 3750 should give error
CSCso80701
Description
Symptom:
"show policy-map interface" shows no matches

Conditions:
This command is run on one of the following switches:
2950
2960
2970
3550
3560
3750

Workaround:
This is a hardware limitation and these switches do not support this output.
However, the following show command can be used as a workaround:
"show mls qos interface statistics".

0 Helpful

Go to solution
ejahn
Level 1
Level 1
In response to Georg Pauwen

‎11-23-2016 01:01 PM

Frankly, i don't know, what to do with the output of your mentioned cmd - if i understood it well, policy-map has more to do with QoS, which is something different then route-maps, where i'm trying to change routing based on certain routing policy...

Nevertheless, thank you for your quick responses.

Erik

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to ejahn

‎11-23-2016 01:13 PM

Erik,

sorry for the confusion. 

There are numerous commands which are not supported on the 3560, one of them being:

set ip default next-hop

That might be the problem...

This link lists all the unsupported commands (go to 'Unsupported Route Map Commands):

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_50_se/configuration/guide/scg/swuncli.html#wp1088160

0 Helpful

Go to solution
ejahn
Level 1
Level 1
In response to Georg Pauwen

‎11-24-2016 12:01 AM

Thank you, this is differerent release, as i wrote in original post i have 15.0(2)SE2, but i searched on cisco my release and there is this command listed under unsupported comands too. But it was for 3560-X and i have 3560G, but anyway, maybe it doesn't matter. 

Later, as i looked over other releases, i found out, that with route-map related commands is almost always some problem, so i really don't know how could i solve my problem, which is routing certain subnet to other gateway than default gw.

Well, i'm probably closing this thread, choosing your last replay as a correct answer and a i will open new thread with the routing solution itself.  

Thank you very much, although you didn't make me happy, but that's not your fault, of course ;) 

Erik

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to ejahn

‎11-24-2016 12:35 AM

Erik,

the layer 3 capabilities of these switches is really quite limited. The 'set ip default next-hop' command is not supported, but the 'set ip next-hop' command is.

So, your PBR should work if you configure this:

route-map ADMIN permit 10
match ip address 170
set ip next-hop 10.20.1.30

0 Helpful
Customers Also Viewed These Support Documents