Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
9
Replies

Policy Based Routing trouble with inter-vlan routing for single host device

CKluck001
Level 1
Level 1

‎11-16-2016 10:24 AM - edited ‎03-05-2019 07:29 AM

So I have a strange network at the moment, between two firewall/internet company's. I have few policy's that are routed out to another gateway but my internal vlan doesn't seam to be working it seams.  

Quick Example 

I have a WS-C4500 with 2 networks connected to it - 10.10.0.1/16 and 10.26.141.1/24. 

I have a Server vlan 104, 10.26.104.1/24 that can gets routed out through 10.10.0.1/16 and that works with just fine and everything can hit it. Now I created a PBR on this vlan and I want to route out 10.26.104.10/24 to my 10.26.141.0/24 network. 

so i have 1 access list:

ip access-list extended Net-Route
permit ip host 10.26.104.10 any

and 1 pbr

route-map NetRoute permit 10
match ip address Net-Route
set ip next-hop 10.26.141.1

Is there anything I missing for my intervlan not working? 

Thanks everyone. 

Labels:
0 Helpful
9 Replies 9

Georg Pauwen
VIP
VIP

‎11-16-2016 12:35 PM

Hello,

where is the next hop 10.26.141.1 ? Try to set the interface instead and see if that makes a difference...

0 Helpful

CKluck001
Level 1
Level 1
In response to Georg Pauwen

‎11-16-2016 12:41 PM

That IP 10.26.141.1 is my firewall after that 69.168.242.xx Address.

The cisco interface port 10.26.141.2

0 Helpful

lohit prasad
Level 1
Level 1
In response to CKluck001

‎11-16-2016 12:52 PM

You may have to apply PBR for ingress and egress with differnent route map that will help you in hitting traffic to sort out problem

0 Helpful

CKluck001
Level 1
Level 1
In response to lohit prasad

‎11-16-2016 12:57 PM

So are you saying a PBR on the Cisco and then a PBR on my firewall. 

0 Helpful

Georg Pauwen
VIP
VIP
In response to CKluck001

‎11-16-2016 01:14 PM

Hello,

my bad, I forgot that the 3850 doesn't even support 'set interface' in route maps. Either way, try and configure:

3850#(config-if)# ip route-cache policy
3850(config)# ip local policy route-map NetRoute

on your switch as well...

0 Helpful

CKluck001
Level 1
Level 1
In response to Georg Pauwen

‎11-16-2016 01:24 PM

OH crap sorry I gave you my wrong switch, been one of those days. My Layer 3 is my C4500X

0 Helpful

Georg Pauwen
VIP
VIP
In response to CKluck001

‎11-16-2016 01:40 PM

Hello,

on a side note, make sure you are not hitting this bug:

PBR: Not working in XE 3.5.0E under IPBASE license
CSCuq03562
Description
IPv4 PBR will not be functional in 4500 under 3.5.xE having IPBASE license

Symptom:
PBR can be configured but will not function as expected in IPBASE license.

Conditions:
4500 under 3.5.0E having IPBASE license

Workaround:
None

Further Problem Description:
IPv4 PBR in 4500 under 3.5.0E having IPBASE license will not work. If customer switches to ENTSERVICES license then it will work.

0 Helpful

CKluck001
Level 1
Level 1
In response to Georg Pauwen

‎11-16-2016 01:45 PM

So do I need to remove my -

(config)#ip policy route-map NetRoute on my Vlan 104 

And then have this - 

(config)#ip local policy route-map NetRoute

0 Helpful

Georg Pauwen
VIP
VIP
In response to CKluck001

‎11-16-2016 01:48 PM

Hello,

this was for the 3850, since you have a 4500x, I don't know if this applies at all. The 'ip local policy' command is in addition to anything else, don't remove your ip policy route-map'...

Have you checked if the bug applies to your switch ? Are you running IPBase ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card