10-11-2021 05:39 AM - edited 10-11-2021 05:51 AM
Hi,
We have a new Catalyst 9600 that should replace an older Catalyst 6500 acting as our client's gateway.
Since we have dedicated uplink interfaces for each lab, we are using route-map to route traffic to them.
On the new 9600, we could not add the ip policy to the inteface vlan with the following error showing in the logs:
*Oct 11 08:08:56.427: %FMANRP_PBR-3-UNSUPPORTED_RMAP: Route-map wwsp has unsupported options for Policy-Based Routing. It has been removed from the interface, if applied
After speaking with TAC, they mentioned that verify-availability command is not supported on the 9600 and we should find another way.
This is an example of how our route-maps are configured:
route-map test, permit, sequence 40
Match clauses:
ip address (access-lists): test
Set clauses:
ip next-hop verify-availability 10.10.10.20 10 track 15 [up]
ip next-hop 10.10.20.20
track 15 interface GigabitEthernet1/3/8 line-protocol
Are there any good alternatives for verify-availability? For us it's a must. We use those configs for years on the 6500.
Thanks in advance.
10-11-2021 08:56 AM
Hello,
you could achieve the same result with an IP SLA and an EEM script that checks the availability of the next hop. If it is not reachable, the EEM script changes the next hop in the route map accordingly, and vice versa.
The config would look like this:
track 1 ip sla 1 reachability
!
ip sla 1
icmp-echo 10.10.10.20 source-ip 10.10.10.10
frequency 5
!
ip sla schedule 1 start-time now life forever
!
event maanger applet POLICY_MAP_DOWN
event track1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "route-map test permit 40"
action 4.0 cli command "match ip address test"
action 5.0 cli command "ip next-hop 10.10.20.20"
action 6.0 cli command "end"
!
event maanger applet POLICY_MAP_UP
event track1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "route-map test permit 40"
action 4.0 cli command "match ip address test"
action 5.0 cli command "ip next-hop 10.10.10.20"
action 6.0 cli command "end"
10-18-2021 02:15 AM
Hi Georg, sorry for the delay.
Thanks for your solution
We've tried to run what you suggested.
Under : event maanger applet POLICY_MAP_DOWN
We can't run this : event track1 state down
There is no "event track" option
There is event ipsla, but there is no option for a name, only a group-name and some other options
We are running version 17.3.14
10-18-2021 04:08 AM
Hello,
I think you need DNA Advantage to have full EEM capability...can you check what license you have installed (sh lic) ?
10-11-2021 09:15 AM - edited 10-11-2021 09:40 AM
you ask "Are there any good alternatives for verify-availability? For us it's a must. We use those configs for years on the 6500."
if you configure simple PBR (match + ip next-hop) and the switch learn the 10.10.10.20 route from static route (for example)
then you can simply attach ip sla / track to static route
and if the track goes down for this static route then both the static route and the ip next-hop command (inside the route-map) will no longer be used
The next-hop ip command works like this:
The set ip next-hop command verifies the existence of the next hop specified, and…
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide