Yes exact, I want all traffic incoming port g0/23 to be fwd to next-hop ip 192.168.1.1, in fact override the routing-table.

The 192.168.1.0/24 subnet is directly connected on my g0/11 interface. 

correct me if i'm wrong, but I should place the policy route-map commande on interface g0/23...right ? 

thanks Julio

Yes, You are right Karl,

I recommend verify if the path changed from a computer or device behind the port g0/23, do not test from the switch itself.

Your config should work.

:-)

thanks Julio,  That's exactly the setup I have, I have a laptop conneted on port G0/23 with IP 192.168.200.1/24.

When I do a tracroute from the laptop, packet hit 3600 on port g0/23 so first hop is 192.168.200.2, so far so good..... but second hop it's not 192.168.1.1 as pbr is set, instead of that it's 192.168.100.1, who's my next-hop default route... so i'ts look like pbr it's doing the job.

When I do "show sdm prefer current" cli commande :

The current template is "ip" template.

Template values:
...

...
number of ipv4 pbr entries = 0   ## Is this the probleme since it's 0 ##

How do you interpret this : number of ipv4 pbr entries = 0

Thanks for your help :)

Thanks 

Try using an extended ACL, example:

access-list 100 permit ip any any

route-map lan_pbr_traffic permit 5
match ip address 100
set ip next-hop 192.168.1.1

interface GigabitEthernet0/23
no ip policy route-map lan_pbr_traffic    <-- remove it
ip policy route-map lan_pbr_traffic  <-- configure again

Ok! I did it + couple others test... ... First I did what you said but I got same result unfortunately.

After I reloaded the 3600,,just in case...  same result

after that, I removed  policy route-map on interface 0/23, deleted route-map and created it again and apply it on interface.. and sames result, packet still sending to 192.168.100.1

If it is possible, can you enable:

debug ip policy

with debug ip packet, I got this message ( I'm know switchport on my physical port and trying to push trafic to a tunnel interface..)

*Mar 24 13:30:05.962 EDT: IP: s=10.10.10.2 (Vlan555), d=192.168.15.1, len 92, policy match
*Mar 24 13:30:05.962 EDT: IP: route map lan_pbr_trafic, item 4, permit
*Mar 24 13:30:05.962 EDT: IP: s=10.10.10.2 (Vlan555), d=192.168.15.1 (Tunnel1), len 92, policy routed
*Mar 24 13:30:05.962 EDT: IP: Vlan555 to Tunnel1 192.168.15.1
*Mar 24 13:30:05.962 EDT: IP: s=10.10.10.2 (Vlan555), d=192.168.15.1 (Tunnel1), len 92, input feature, Policy Routing(81), rtype 2,
forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

the first fourth log seems to be ok with the PBR, but the fifth are not good...  what's could be the cause...  the SDM template ?

Hi Karl,

Thank you, just a quetion, Is your next hop the other end of the tunnel? or are you pointing the traffic to the IP of the tunnel where the PBR is created?

thanks Julio, below is my config for now :

interface Vlan555
ip address 10.10.10.1 255.255.255.252
ip policy route-map lan_pbr_trafic

interface GigabitEthernet0/21
switchport access vlan 555
switchport trunk native vlan 555
switchport mode trunk

interface Tunnel1
ip address 12.12.12.1 255.255.255.254
tunnel source 192.168.1.0
tunnel destination 192.168.1.1

!
route-map lan_pbr_trafic permit 3
set ip next-hop 12.12.12.0
!
route-map lan_pbr_trafic permit 4
set interface Tunnel1

---------------------

In fact I tested to push trafic both way as you can see with permit 3 and 4. but same bad result...

From cisco...

http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-3_1_S/configuration/guide/3800x3600xscg/swpbr.pdf

Prerequisites for PBR

For Cisco ME 3600X, the PBR feature is supported with the application SDM template. For Cisco ME 3800X, this feature is supported with the scaled license.

Note The PBR feature does not work with the default template.

Mmm your devices is aligned to that prerequisite?

In fact that's the goal of my tread, mu question,

cisco said :

Note The PBR feature does not work with the default template.

Okkk .. They don't give the solution, that's what I'm looking for, a kinf of workaround at least. but, How could I make my me3600 run pbr ?  Cisco gives a notification but don't say how to make pbr works with the 3600... ..