cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2090
Views
0
Helpful
8
Replies

PBR is not applied

savunia2009
Level 1
Level 1

Hello, 

I have the following problem: 

I have configured PBR (defined an access-list, match and set) and applied it with ip route policy command on SVI interface(vlan 250, see the running config). However, route-map is not listed when I type show ip policy command and in running config as well, packets are not matching the PBR. I use Cisco Catalyst 3650 with 03.03.04SE software and IP Services eval licence (IP Base permanent).

Here is the ouptut from running config:

interface Vlan250
ip address 192.168.250.1 255.255.255.0
service-policy input Ingress-policy
!
MV_L3_SWITCH#sh ip policy
Interface Route map

MV_L3_SWITCH#sh route-map
route-map SSF, permit, sequence 10
Match clauses:
ip address (access-lists): SSF_RAV3
Set clauses:
ip next-hop verify-availability 172.16.13.3 1 track 3 [up]
Policy routing matches: 0 packets, 0 bytes

Here is the output from "sh version": 

License Level: Ipservices eval
License Type: Evaluation
Next reload license Level: Ipservices eval

cisco WS-C3650-24TD (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1849E0NA
6 Virtual Ethernet interfaces
26 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.

Base Ethernet MAC Address : 74:a0:2f:97:03:80
Motherboard Assembly Number : 73-15121-05
Motherboard Serial Number : FDO18490PBK
Model Revision Number : D0
Motherboard Revision Number : A0
Model Number : WS-C3650-24TD
System Serial Number : FDO1849E0NA


Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 28 WS-C3650-24TD 03.03.04SE cat3k_caa-universalk9 INSTALL

Here is the ouptut of "sh sdm prefer": 

This is the Advanced (low scale) template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 4096
Overflow IGMP and Multicast groups: 512
Directly connected routes: 32768
Indirect routes: 7680
Security Access Control Entries: 1536
QoS Access Control Entries: 3072
Policy Based Routing ACEs: 1024
Netflow ACEs: 1024
Input Microflow policer ACEs: 256
Output Microflow policer ACEs: 256
Flow SPAN ACEs: 256
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
SGT/DGT entries: 4096
SGT/DGT Overflow entries: 512
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Could anyone help me please? 

8 Replies 8

Gaurav Mahajan
Level 1
Level 1

Hello,

please share output of show version and show sdm prefer from the switch.

Hello Gaurav Mahajan

I am using sw version 03.03.04SE, IPServices eval licence (the permanent one is the IPBase) and cat3k_caa_universalk9 image. SDM advanced is enabled. The output of sh sdm prefer: "This is the advanced (low scale) template".

Thank you! 

Hi,

Refer the forum below 

https://supportforums.cisco.com/blog/149901/pbr-switches-37503560

license is fine. sdm needs to be changed to routing

Thanks,

Gaurav

MV_L3_SWITCH#sh route-map
route-map SSF, permit, sequence 10
Match clauses:
ip address (access-lists): SSF_RAV3
Set clauses:
ip next-hop verify-availability 172.16.13.3 1 track 3 [up]
Policy routing matches: 0 packets, 0 bytes

Also don't see this device will support "ip next-hop verify-availability" feature.

I have tried with just next hop and it the route-map has been applied so that no I can see it on the interface but the packets did not match even though the acl is very precise. 

I see this feature is supported in the version you are running.

Also as per the output below this SDM template should support PBR.

Just check if the license is expired.

"sh sdm prefer": 

Policy Based Routing ACEs: 1024

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3se/3650/iri-xe-3se-3650-book/iri-pbr.html#GUID-06E58E4A-6D37-4DEE-919A-F7321E4A2329

Feature Information for Policy-Based Routing

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Table 1 Feature Information for Policy-Based Routing

Feature Name

Releases

Feature Information

Policy-Based Routing

Cisco IOS XE Release 3.2SE

Cisco IOS XE Release 3.3SE

The Policy-Based Routing feature is a process whereby a device puts packets through a route map before routing the packets. The route map determines which packets are routed to which device next. Policy-Based Routing introduces a more flexible mechanism for routing packets than destination routing.

In Cisco IOS XE Release 3.2SE, support was added for the Cisco Catalyst 3850 Series Switches.

In Cisco IOS XE Release 3.3SE , support was added for the Cisco Catalyst 3650 Series Switches and Cisco Catalyst 3850 Series Switches.

The following command was introduced or modified: ip policy route-map.

The licence has been upgraded today so it is not expired. However, I guess that when some commands are not supported PBR is simply not applied. I tried without verify availability and it was applied. Also, when I did not specify anything in match it was matching all packets and when I defined a standard acl it was not matching any packets. 

There are only advanced and VLAN options...