Doing fine, but busy as i'm leaving job at end of May so some loose ends to tie up.
You are right in what you say about the deny statements. These make sure that traffic from the mail servers to the internal vlans are not policy routed. The problem with relying on the implict deny at the end is that it would never get to that rule as you have a permit ip any in the access-list before that so without the explicit denies all traffic would be policy routed.
OK, I just wanted to make sure that I was on your page and no tmissing something. :-)
I never ask you questions to challenge you -- only to learn from you.
Good luck at your new job.
Thanks, no new job as yet, taking some time off.
You can challenge me any time as i make as many mistakes as the next man and i certainly don't take it personally.
From 3750 Q&A
Q. What features are only supported on the IP Services Image?
A. The following features and functionality are supported with the IP Services Image:
â¢ Dynamic IP routing protocols for load balancing and constructing scalable LANs:
- Open Shortest Path First (OSPF)
- Enhanced IGRP (EIGRP)
- Border Gateway Protocol (BGPv4)
â¢ Equal-cost routing for load balancing and redundancy
â¢ Fallback bridging for forwarding of non-IP traffic between two or more VLANs
â¢ Protocol-Independent Multicast (PIM) for IP multicast routing within a network that enables the network to receive the multicast feed requested and for switches not participating in the multicast to be pruned-support for PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode
â¢ Distance Vector Multicast Routing Protocol (DVMRP) tunneling for interconnecting two multicast-enabled networks across non-multicast
â¢ Policy-based Routing (PBR) allows superior control by enabling flow redirection regardless of the routing protocol configured
â¢ Private VLAN (PVLAN) provides the ability to restrict communications between hosts at layer 2 through the use of primary and secondary VLANs.
So you need IP Services for PBR and you would need to enable Routing SDM.
Thanks alot, infact I'm obliged with your prompt replies. I did enabled sdm routing (had to reload it) but am not sure if policy based routing could be enabled the way you described it.
Will the 'policy-map' or 'policy-manager' command help?
No, if you did
switch(config)# sdm prefer routing
and then reloaded the switch if the "ip policy route-map ..." is not available under the interface then you need to use the IP Services image.