Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1160
Views
0
Helpful
4
Replies

pbr issue on 3750E switch

Madhan Kumar
Level 1
Level 1

‎12-20-2010 11:25 PM - edited ‎03-06-2019 02:38 PM

Hi all,

I have implemented pbr on 3750E switch recently. The switch is having 10 vlans and configured with a default route also. After implementing the PBR I am getting some issues on intervlan routing even I am using deny statements. Is there anyway to change the priority I mean the routing table first and then the PBR?. Kindly help me

Rgds

R.MADHANKUMAR

Labels:
0 Helpful
4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

‎12-21-2010 12:50 AM

Hello Madhan,

If using PBR on 3560/3750, there are a few caveats:

  • You need to use the IP Services IOS feature set.
  • Your SDM template must support PBR, which is currently sdm prefer routing or sdm prefer dual-ipv4-and-ipv6 routing
  • The deny statements in the route-map are not supported (i.e. it is not permitted to use route-map XXX deny).
  • If possible, avoid using deny statements even in the ACLs used by these route-maps. Packets that match a deny entry in the ACL are sent to the CPU, which could cause high CPU utilization

These information are based on the Configuration Guide for 3750 switches at:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/swiprout.html

Try to correct your PBR configuration according to these guidelines, and if your issue still persists please include a detailed description of what is not working properly and also include the complete configuration of your PBR including route-maps and ACLs.

Best regards,

Peter

0 Helpful

Madhan Kumar
Level 1
Level 1
In response to Peter Paluch

‎12-21-2010 09:47 PM

Hello Peter,

Thanks for your reply. I am using WS-C3750E-24TDE switch which is having universal IOS. Is this switch will support ip-services?.

Find my config here.

access-list 110 deny   ip host 192.168.11.11 10.68.100.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.101.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.102.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.103.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.104.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 192.168.13.0 0.0.0.255
access-list 110 permit ip host 192.168.11.11 any
route-map pbr permit 10
match ip address 110
set ip next-hop 10.68.202.2

ip route 0.0.0.0 0.0.0.0 10.68.200.2

interface Vlan150
description Server Farm
ip address 192.168.11.1 255.255.255.0
ip policy route-map pbr

My server is 192.168.11.11 and it is reaching its next-hop 10.68.202.2. But from 192.168.11.0/24 subent I am not able to reach another vlans. This ios not supporting to enable default-next-hop.

Thanks & Regards

R.MADHANKUMAR

0 Helpful

Bharat Negi
Level 1
Level 1
In response to Madhan Kumar

‎12-22-2010 04:13 AM

Hi

Try adding

route-map pbr permit 20

Regards

Bharat

0 Helpful

Madhan Kumar
Level 1
Level 1
In response to Bharat Negi

‎12-22-2010 04:29 AM

Hi Bharath,

Thanks for your reply. I can add another PBR, but what might be the access-list?. Also if I am adding another PBR the cpu utilization will go high?

rgds

R.MADHANKUMAR

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card