yes you have to pay for it

khhhhhhhh957 · ‎12-01-2016

Hi,

I have a problem.

Here is my schéma :

ISP1 ISP2

: :
: :
: :
: :

......ROUTER......
:
:
:
SWITCH

I would like to make sure that a VLAN goes through the ISP2 and all the other VLANs by the ISP1.

I tried to set up the PBR but it does not work. Do you have ideas ?

Thank you and good day

Mark Malone · ‎12-01-2016

Hi

there are rules for the pbr to work on how it matches with routes below , your config looks good and acl is not set to log, cef should be enabled by default , policy is applied to correct interface so you could be hitting one of these issues below , maybe change it around to one of these see of it works for you

If you debug ip policy it may show its being forwarded normally with policy rejected instead of policy match

http://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html

set ip next-hop

•Specifies the next hop for which to route the packet (the next hop must be adjacent). This behavior is identical to a next hop specified in the normal routing table.

set interface

•Sets output interface for the packet. This action specifies that the packet is forwarded out of the local interface. The interface must be a Layer 3 interface (no switchports), and the destination address in the packet must lie within the IP network assigned to that interface. If the destination address for the packet does not lie within that network, the packet is dropped.

set ip default next-hop

•Sets next hop to which to route the packet if there is no explicit route for this destination. Before forwarding the packet to the next hop, the switch looks up the packet's destination address in the unicast routing table. If a match is found, the packet is forwarded by way of the routing table. If no match is found, the packet is forwarded to the specified next hop.

set default interface

•Sets output interface for the packet if there is no explicit route for this destination. Before forwarding the packet to the next hop, the switch looks up the packet's destination address in the unicast routing table. If a match is found, the packet is forwarded via the routing table. If no match is found, the packet is forwarded to the specified output interface. If the destination address for the packet does not lie within that network, the packet is dropped.

khhhhhhhh957 · ‎12-01-2016

Hello,

Thanks for your reply, but I tried all the solutions and none worked. I have the impression that BPR is not used.

Mark Malone · ‎12-01-2016

did you run the debug to see whats happening with the policy

khhhhhhhh957 · ‎12-06-2016

Yes, but nothing appears

Mark Malone · ‎12-06-2016

Your running an advancedipservices license yes ?

khhhhhhhh957 · ‎12-06-2016

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(3)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 05-Jun-15 13:24 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

403.RO-2911.01 uptime is 29 minutes
System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.154-3.M3.bin"
Last reload type: Normal Reload
Last reload reason: power-on

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FCZ203640LC
3 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 CISCO2911/K9 FCZ203640LC

Technology Package License Information for Module:'c2900'

------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc None None None
data None None None
NtwkEss None None None
CollabPro None None None

Configuration register is 0x2102

Mark Malone · ‎12-06-2016

ipbase does not support PBR that's why its not working its an advanced feature set, you need a higher spec license , you could test by applying an evalution license like a demo license for 60 days and see if it works ok on higher spec license

• Evaluation/emergency license: Comes preloaded in the software activation code release. This allows for a 60-day trial period of the feature or feature sets/image. The emergency license is best used when the customer has received a new unit (through a return materials authorization [RMA]), has no Internet connection to transfer licenses over, and would like to get a device up and running immediately. Without any further delay or phone calls, the emergency license can be activated for 60 days after accepting an end user license agreement (EULA) on the command-line interface (CLI) or Cisco License Manager interface.

• Evaluation license/demo license: Provides a 60-day demo license for licensed features or feature sets/image.

• Extension license: License extension available by calling the Cisco Technical Assistance Center (TAC), and upon approval, a defined time frame is offered based on a joint agreement (more or less than 60 days).

For further detail, refer to http://www.cisco.com/go/sa.

khhhhhhhh957 · ‎12-06-2016

Thanks a lot for your help !

I'll look for another license.

Mark Malone · ‎12-06-2016

yes you have to pay for it through a reseller but I would test it first you can get the higher spec for free for 60 days usually to test features , that way you can be sure that's your issue , whenever I have used pbr its always been on higher end license to support it

khhhhhhhh957 · ‎12-06-2016

Hi,

I looked for the 2911 router but advancedipservices does not exist and in the following link ( http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-packaging/product_bulletin_c25-566278.html ) they say that PBR is part of IPBase ..

Good day

khhhhhhhh957 · ‎12-08-2016

I found the solution, PBR is part of the license datak9. Thanks a lot for your help.

PBR with two ISP