Solved: Policy based routing with Intervlan routing

knamikhazehaqq · ‎01-15-2011

Hi.

I have 3560 with attached 3 networks, 172.16.1.0/24 172.16.2.0/24 and 172.16.4.0/24, all of them have a vlan interface, 172.16.1.254, 172.16.2.254, and 172.16.4.254, I have enabled intervlan routing with command ip routing and they have route beetwen each other. Now I want to create PBR and let them go to the internet from different gateways.

so i did 3 access list:

access-list 20 permit 172.16.1.0 0.0.0.255

access-list 10 permit 172.16.2.0 0.0.0.255

access-list 30 permit 172.16.4.0 0.0.0.255

and 3 pbr

route-map supnet permit 20
match ip address 10
set ip next-hop 172.16.2.3

route-map blade permit 20
match ip address 30
set ip next-hop 172.16.4.250

route-map main permit 20
match ip address 20
set ip next-hop 172.16.1.4

attached them to corresponding vlan interfaces and everything ok they have different gateways to internet but now I dont have routing beetwen them

can anyone help to fix it?

lgijssel · ‎01-15-2011

The problem is your policy route only checks on source addresses.

You must change the acl's to match anything but the local destinations.

This requires changing them to extended acl's. Example for acl 20:

access-list 120 deny 172.16.1.0 0.0.0.255 172.16.0.0 0.0.3.255

access-list 120 permit 172.16.1.0 0.0.0.255 any

Of course you must change the matching statement in the route-map as well.

regards,

Leo

View solution in original post

lgijssel · ‎01-15-2011