Solved: How to configure policy based routing on 3750 - Page 2

Jason Flory · ‎01-29-2013

Hello everyone

In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.

Created access list to identify traffic:

access-list 10 permit 10.2.3.59 (test workstation on vlan 3)

Created policy:

route-map TestASA permit 10

match ip address 10

set ip next-hop 10.2.0.3

Assigned policy to the user vlan3:

ip policy route-map TestASA

Results:

It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.

Any help would be appreciated

Jason Flory · ‎02-27-2013

I gave both you credit on this answer.

andre.ortega · ‎02-28-2013

That is nice.

Thanks.

Shaun Whitehorse · ‎01-09-2014

I'm in the exact same situation as you at a customer site and this all makes perfect sense. I need to send a specific vlan (/24) network out to a specific IP address (internet drain). BUT this /24 range also needs to be able to stay local and hit local resources (other vlans). What I don't understand in your example case is - what exactly is 10.2.4.240. I don't see that explained in the thread anywhere? It just shows up later in the 'deny' config lines.

Shaun Whitehorse · ‎01-09-2014

n/m, looks like that is your test box. it changed from

10.2.3.59 in the original post.

andre.ortega · ‎01-09-2014

The 10.2.4.240 is just a host that he wants so select instead of the whole subnet.

I believe that in your case you should create a acl pointing the whole subnet.