Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
0
Helpful
4
Replies

PBR and VRF on C3750

Rob Gagnon
Level 1
Level 1

‎03-21-2017 01:09 PM - edited ‎03-08-2019 09:51 AM

Hello,

I've been trying to get a local policy based route with VRF working on a 3750 running IOS 12.2(44)SE5.

Here's the relevant config:

ip vrf Test
rd 65500:10

interface Loopback1
ip vrf forwarding Test
ip address 172.31.16.1 255.255.255.255

interface GigabitEthernet1/0/11
description Next-Hop
no switchport
ip vrf forwarding Test
ip address 172.17.16.29 255.255.255.252


router eigrp 1
!
address-family ipv4 vrf Test
redistribute static route-map eigrp-redist


ip access-list standard STATIC-SLA
permit 172.21.4.236

ip access-list extended LOCALPBRACL
permit icmp host 172.31.16.1 host 172.21.4.236

route-map LOCALPBR permit 10
match ip address LOCALPBRACL
set ip next-hop in-vrf Test
set ip next-hop 172.17.16.30

route-map eigrp-redist permit 20
match ip address STATIC-SLA


ip local policy route-map LOCALPBR


ip sla 20
icmp-echo 172.21.4.236 source-ip 172.31.16.1
vrf Test
ip sla schedule 20 life forever start-time now


track 20 ip route 172.21.4.236 255.255.255.255 reachability
delay down 15


ip route vrf Test 172.21.4.236 255.255.255.255 172.17.16.30 track 20


3750#sho route-map
route-map LOCALPBR, permit, sequence 10
Match clauses:
ip address (access-lists): LOCALPBRACL
Set clauses:
ip next-hop vrf Test 172.17.16.30
Policy routing matches: 358 packets, 24106 bytes

3750#debug ip policy

Mar 16 12:45:04: IP: s=172.31.16.1 (local), d=172.21.4.236, len 64, policy match
Mar 16 12:45:04: IP: route map LOCALPBR, item 10, permit
Mar 16 12:45:04: IP: s=172.31.16.1 (local), d=172.21.4.236, len 64, policy rejected -- normal forwarding

This appears to be a very similar issue as another older post 

https://supportforums.cisco.com/discussion/11264676/multi-vrf-and-policy-based-routing-catalyst-3750

I have this working properly, (though slightly different config) on a 4500 running IOS-XE 03.06.05.E.

Any help would be greatly appreciated.

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-21-2017 09:55 PM

First make sure you are using an sdm template that supports PBR.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_58_se/configuration/guide/3750scg/swsdm.html

Next, as a matter of interest, if you match "ip" insyead of "icmp" does that work?  It may just be a limitation on that platform and software version with the match criteria.

Lastly, 12.2 is pretty old.  Any reason why you can't run something a bit more modern?

0 Helpful

Rob Gagnon
Level 1
Level 1
In response to Philip D'Ath

‎03-22-2017 07:12 AM

Hi Philip,

First off, thanks very much for the input!

I'm using the desktop routing SDM template:

3750#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K

I also tried changing the ACL to permit IP.

Extended IP access list LOCALPBRACL
10 permit ip host 172.31.16.1 host 172.21.4.236 (1 match)

The result appears to be the same :

Mar 22 08:36:13: IP: s=172.31.16.1 (local), d=172.21.4.236, len 64, policy match
Mar 22 08:36:13: IP: route map LOCALPBR, item 10, permit
Mar 22 08:36:13: IP: s=172.31.16.1 (local), d=172.21.4.236, len 64, policy rejected -- normal forwarding


Entry number: 20
Owner:
Tag:
Type of operation to perform: echo
Target address: 172.21.4.236
Source address: 172.31.16.1
Request size (ARR data portion): 28
Operation timeout (milliseconds): 5000
Type Of Service parameters: 0x0
Verify data: No
Vrf Name: Test
Schedule:
Operation frequency (seconds): 60
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
Number of statistic hours kept: 2
Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
History Statistics:
Number of history Lives kept: 0
Number of history Buckets kept: 15
History Filter Type: None
Enhanced History:

Round Trip Time (RTT) for Index 20
Type of operation: icmp-echo
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 08:41:13.944 CDT Wed Mar 22 2017
Latest operation return code: Timeout
Number of successes: 0
Number of failures: 52
Operation time to live: Forever

This is the latest Cisco recommended software for the 3750:

https://software.cisco.com/download/release.html?mdfid=278169764&flowid=&softwareid=280805680&release=12.2.55-SE11&relind=AVAILABLE&rellifecycle=ED&reltype=latest

If you know of another version that's newer and will work on a 3750, I can give it a shot. I'm thinking this may either be a bug or a limitation of IOS.

0 Helpful

Rob Gagnon
Level 1
Level 1
In response to Rob Gagnon

‎03-22-2017 01:44 PM

Just realized that I wrote the wrong IOS version. It's running 12.2(55)SE11.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Rob Gagnon

‎03-22-2017 01:59 PM

Time to buy a new Cisco 3850 or perhaps an ASR920 or maybe even an ME3800X ...

0 Helpful
Customers Also Viewed These Support Documents