Solved: PBR not working properly

UnivoiceLLC · ‎03-29-2013

I am trying to get PBR working porperly and have had no luck please tell me what I am doing wrong..

here is my current config for the PBR NOTE: I subjected 50.196.73.144/28 in to 2 networks 50.196.73.144/29 and 50.196.73.152/29 i am using "sdm prefer extended-match' My goal is to get the Vlan4 or 50.196.73.144/29 to route out the Vlan3 50.197.73.152/29 network via gateway 50.196.73.158 directly connected to port faste0/17 and computer is on faste0/18

now the following

interface FastEthernet0/17

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 4

switchport mode access

interface Vlan1

ip address 50.198.250.125 255.255.255.248

ip access-group 150

in no ip redirects

!

interface Vlan2

ip address 50.198.250.118 255.255.255.248

!

interface Vlan3

ip address 50.196.73.157 255.255.255.248

!

interface Vlan4

ip address 50.196.73.150 255.255.255.248

ip policy route-map comcast2

!

ip default-gateway 50.198.250.126

ip classless

ip route 0.0.0.0 0.0.0.0 50.198.250.126

ip access-list extended acl-pbr

permit ip any any

route-map comcast2 permit 10

match ip address acl-pbr

set ip next-hop 50.196.73.158

!

Thank in advance

anisaini · ‎03-31-2013

Information regarding the platform missing, You can try the below steps to further isolate/fix the issue.

1. modify the acl matching route-map as it has match any any, so just match the specific tarffic of your interest

2. ensure that the traffic of interest hist the interface where PBR is applied

3. some platform will not show the ACL hits in route-map of PBR as this will be fast switched and no cpu processed

4. ensure that you have the correct SDM template enable, like routing or application(for ME switches)

5. check if the device to which you are sending these packets to has reverse route so that the routing path is not broken

6. to ensure that the packets are hitting PBR or if PBR is working, enable the debug ip policy and this will gibe you the clear picture and you can proceed accordingly.

Most likely issues are covered above and hence shd be resolving the issue, if still not working provide follwing

1. debug ip policy

2. wireshark cap on exit interface of this witch

reply if this helps

View solution in original post

blau grana · ‎03-29-2013

Hello Fernando,

Please delete other duplicate post.

What do you mean that PBR is not working properly?

Is it working? Is it not working? How is it working?

Please issue these commands on router:

ip routing

no ip default-gateway 50.198.250.126

And try to change ACL-PBR like this:

ip access-list extended acl-pbr

permit ip 50.196.73.144 0.0.0.7 any

deny ip any any

Are you able to ping 50.196.73.158?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

UnivoiceLLC · ‎03-29-2013

Thank you for the quick replay I ahve done as you say and still having same issue I can post entire config if you like.

Abzal · ‎03-29-2013

Hi,

Is computer on the subnet of VLAN 4? Gateway is properly configured on PC by pointing to VLAN 4 interface?
What is the model of the switch?

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

anisaini · ‎03-31-2013