Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2639
Views
0
Helpful
19
Replies

Policy Based Routing with Catalyst 4500

eduarddav
Level 1
Level 1

‎11-30-2013 12:41 PM - edited ‎03-04-2019 09:43 PM

Hi,

I have a Cisco Catalyst 4500 and i want to associate a route map for PBR to one of his interfaces.

1) i found out that i can only associate it to interface vlans and not to regular Gigabit interfaces - is it impossible to associate a route map to a layer 2 (switchport) interface?

2) And if it is impossible to associate a route map to a layer 2 (switchport) interface how where should o associate the route map on the switch in order to inspect all outgoing traffic?

3) How to add a general permit to a route map - is it enough to add the line "route-map test permit 40" without anything else or should i add an access list that match anything?

Thanks

Labels:
0 Helpful
19 Replies 19

Jon Marshall
Hall of Fame
Hall of Fame
In response to eduarddav

‎12-03-2013 05:58 AM

Traffic is only examined by PBR when it is incoming on an interface. So if you have vlans on your switch and L3 vlan interfaces for those vlans then if you apply PBR to those interfaces it will examine traffic coming from clients in those vlans.

My understanding is that you don't want this to happen.

So as regards your switch connection to the rest of IT. It sounds like a vlan is in use. Whatever that vlan is, do you have a L3 interface for it ?

When you checked the arp table what was the other IP address ? Whatever it was it is the IP used the same as the one used in your static routes ie. the next hop ?

Jon

0 Helpful

eduarddav
Level 1
Level 1
In response to Jon Marshall

‎12-03-2013 06:07 AM

Yes, i have an Interface Vlan for the IT connectivity (i.e. - a layer 3 virtual interface). So i have associated the route map there (we haven't tested it yet, but... we'll test it later today).

Question about route maps - when traffic is examined against a route map - which IP is checked at the match close - the packets destination or source address?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to eduarddav

‎12-03-2013 06:21 AM

With PBR you use an extended access-list so both are checked eg.

access-list permit ip host 192.168.5.1 host 192.168.6.1

in the above both source and destination IP need to matched to carry out whatever action you have defined with the "set" statement in your route map.

Jon

0 Helpful

eduarddav
Level 1
Level 1
In response to Jon Marshall

‎12-03-2013 06:35 AM

Ok, thanks.

And the entire setup as I described should work?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to eduarddav

‎12-03-2013 06:42 AM

Can't say for sure because -

a) we haven't actually verified the topology ie. how your switch connects back to the other switch. From what we have covered it sounds like that is what is happening but can't say for sure.

and more importantly

b) in all this discussion we haven't actually discussed the actual route map and what exactly you want it to achieve.

So for us to say yes it will definitely work would be irresponsible. But from what you have described and assuming your PBR config is correct i would think it work.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card