cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1687
Views
15
Helpful
6
Replies

PBR configuration issues

DVorobev
Level 1
Level 1

Hi everyone!

I have 2 almost identical Catalyst switches (WS-C3560G-24TS and WS-C3560G-48TS) with C3560-ADVIPSERVICESK9-M license 12.2(44)SE2 IOS version. Theese two switches act as a HSTP pair.

Some strang things happened, when I've tried to set up PBR.

On C3560G-24TS aka SW_1:

 

ip access-list extended VLAN196-ROUTE-MAP
 permit ip 10.19.196.0 0.0.0.255 any
!
route-map VLAN96-RM permit 10
 match ip address VLAN196-ROUTE-MAP
 set ip default next-hop 192.168.94.2 <------(IP address of a WS-C3560G-48TS, HSRP neighbour)
!

interface Vlan196
ip address 10.19.196.2 255.255.255.0
ip policy route-map VLAN196-RM
standby ip 10.19.196.1

 

And that's all. But when I tried to repeat theese steps in WS-C3560G-48TS, something broke my brain: if I enter set ip default next-hop command, then the route-map policy magically dissaperas from VL196 interface. But if I enter set ip next-hop (without default), then the route map policy stays in the VL196 interface.

But I need exactly default next-hop.

Please, help!

 

Regards, Denis.

 

1 Accepted Solution

Accepted Solutions

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swuncli.html#wpxref73623

above is the doc. for some commend that found but unsupported in 12.2(52)SE.
so check version and read which command is unsupported.

View solution in original post

6 Replies 6

Hello,

 

what are you trying to accomplish ? Be aware of the differences between both set actions, and make sure that the result is what you want:

 

The set ip default next-hop command verifies the existence of the destination IP address in the routing table, and…

 

- if the destination IP address exists, the command does not policy route the packet, but forwards the packet based on the routing table.

- if the destination IP address does not exist, the command policy routes the packet by sending it to the specified next hop.

 

The set ip next-hop command verifies the existence of the next hop specified, and…

 

- if the next hop exists in the routing table, then the command policy routes the packet to the next hop.

- if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.

I want to use default next-hop instead of next-hop, because I have an ip route 0/0 192.168.2.1 rule and I want to have another default gateway for one VLAN aka network.

See attached crude scheme: VLAN30 (and other VLANs) have Internet access via 192.168.2.1. For some reasons, VLAN196 has to be routed outside via 10.19.252.118, but they have to have an access to the all entire internal network. I don't know, how to accomplish this not using PBR and default next-hop.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swuncli.html#wpxref73623

above is the doc. for some commend that found but unsupported in 12.2(52)SE.
so check version and read which command is unsupported.

Unfortunately, I have 12.2(44)SE2, not 12.2(52)SE and there is no default next-hop command listed in unsupported:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_44_se/configuration/guide/scg1/swuncli.pdf

But this for 2960 not 3550.

i will check (44) and see if it unspport or not.

I've done some additional research and I think, that you're right. Even in the latest release for 3560 (12.2.55-se) the set ip default next-hop command is unsupported.

Think, that I should use set ip next-hop  in combination with PBR ACL.