Hi Antonio I am also running ospf  on the device so ip routing was already configured. Any other ideas ?

Thanks,

Marc

Hi Antonio ,

I believe I have worked it out . It seems that unlike a standard router like asr or 2800 series, The 3650X  does not  support configuration of the commands" ip wccp" and "ip policy" at the same time under its interfaces.Therefore you can either do WCCP or PBR.   In the end I continued to do the WCCP only on the 3650X an the PBR was done on another upstream router.

Thanks & Regards,

Marc

Hello

Looking at cisco navigator 3650x supports PBR on 12.2 and 15.1 -15.3 universal ip services

Res
Paul

Sent from Cisco Technical Support iPad App

Hello, In addition to Paul's confirmation that PBR is supported on the platform, here is the software configuration guide for PBR on the 3560X and 3750X - version 12.2 55 SE

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swiprout.html#wp1228588

To use PBR, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates, see Chapter 8 "Configuring SDM Templates."

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Well guys, I've already established based on documentation and cisco Feature Navigator that PBR >> should << be supported.

I'm trying to find out why it doesn't actually work.

I'm running the latest IOS for the 3560-X c3560e-universalk9-mz.150-2.SE2

I tried both with sdm template "dual-ipv4-and-ipv6 routing" and "routing" (IPv4 PBR should work with both these templates based on cisco documentation).

I'm basically trying to set it up in the same I have it working on a 6506-E.

Configuring ACLs and route-maps works just fine, but when applying "ip policy route-map RM-NAME" to an interface it doesn't do anything. It takes in the command without any error but it doesn't show up in the config.

Like:

My3560X#sh run interface Vlan10

interface Vlan10

ip address 172.16.10.1 255.255.255.0

no ip unreachables

no ip proxy-arp

end

My3560X#conf t

My3560X(config)#interface Vlan10

My3560X(config-if)#ip policy route-map NAT-POLICY

My3560X(config-if)#end

My3560X#sh run interface Vlan10

interface Vlan10

ip address 172.16.10.1 255.255.255.0

no ip unreachables

no ip proxy-arp

end

So as you can see command does nothing.

I thought maybe it doesn't work on vlan interfaces (even if the documentation says it does)...I also tried on a physical routed interface....same result.

So what am I missing?

Hello, So if I understood you correctly, you have an ip services license which supports PBR and you followed the correct steps of changing the SDM template, and still does not apply the route map policy...

Could you kindly show the output of 'show sdm prefer'

I'd say a TAC case is required here.

Just as a note though, once you configure SDM templates, you do need to reload the switch. But you may have done this.

====================
Conf t
!
sdm prefer routing
!
End
Copy run start

Reload
====================
Then try PBR configuration

Hope this helps

Sent from Cisco Technical Support iPhone App

Hi,

I already tried changing the sdm template a few times (rebooted each time)

3560X#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  3K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    10.875k
    number of directly-connected IPv4 hosts:        3K
    number of indirect IPv4 routes:                 7.875k
  number of IPv6 multicast groups:                  64
  number of directly-connected IPv6 addresses:      0
  number of indirect IPv6 unicast routes:           32
  number of IPv4 policy based routing aces:         0.5K
  number of IPv4/MAC qos aces:                      0.375k
  number of IPv4/MAC security aces:                 0.875k
  number of IPv6 policy based routing aces:         0
  number of IPv6 qos aces:                          0
  number of IPv6 security aces:                     58

3560X#sh license
Index 1 Feature: ipservices
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Priority: Medium
        License Count: Non-Counted

Index 2 Feature: ipbase
        Period left: Life time
        License Type: Permanent
        License State: Active, Not in Use
        License Priority: Medium
        License Count: Non-Counted

Index 3 Feature: lanbase
        Period left: 0  minute  0  second

Unfortunately we don't have an active cisco support contract so I guess I can't ask TAC for help

Can you post the PRB config (ACL, route map, etc)?  Sanitize if need be, but this smells like a config issue.  Everything else seems to be in place for a successful config.

Hello

Where are you trying to aplly PBR - SVI or switchport? ( if its on a switchport it will not work - the ports needs to be routed ports)

example:

int fax/x

ip po ?

Interface IP configuration subcommands:

  access-group  Specify access control for packets

  admission     Apply Network Admission Control

  arp           Configure ARP features

  dhcp          Configure DHCP parameters for this interface

  igmp          IGMP interface commands

  verify        verify

  vrf           VPN Routing/Forwarding parameters on the interface

int fa0/0

no switchport

ip policy ?

route-map  Policy route map

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

d.draghichi, you would be correct in your analysis. The route map works somewhat like an ACL in that it works top-down until there's a match.  If there's no match, then it forwards traffic based on the routing table.  So, you can say that there is an implicit 'permit' in place here.