cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

pbr issue on 3750E switch

Madhan Kumar
Beginner
Beginner

Hi all,

I have implemented pbr on 3750E switch recently. The switch is having 10 vlans and configured with a default route also. After implementing the PBR I am getting some issues on intervlan routing even I am using deny statements. Is there anyway to change the priority I mean the routing table first and then the PBR?. Kindly help me

Rgds

R.MADHANKUMAR

4 REPLIES 4

Peter Paluch
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

Hello Madhan,

If using PBR on 3560/3750, there are a few caveats:

  • You need to use the IP Services IOS feature set.
  • Your SDM template must support PBR, which is currently sdm prefer routing or sdm prefer dual-ipv4-and-ipv6 routing
  • The deny statements in the route-map are not supported (i.e. it is not permitted to use route-map XXX deny).
  • If possible, avoid using deny statements even in the ACLs used by these route-maps. Packets that match a deny entry in the ACL are sent to the CPU, which could cause high CPU utilization

These information are based on the Configuration Guide for 3750 switches at:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_55_se/configuration/guide/swiprout.html

Try to correct your PBR configuration according to these guidelines, and if your issue still persists please include a detailed description of what is not working properly and also include the complete configuration of your PBR including route-maps and ACLs.

Best regards,

Peter

Hello Peter,

Thanks for your reply. I am using WS-C3750E-24TDE switch which is having universal IOS. Is this switch will support ip-services?.

Find my config here.

access-list 110 deny   ip host 192.168.11.11 10.68.100.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.101.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.102.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.103.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 10.68.104.0 0.0.0.255
access-list 110 deny   ip host 192.168.11.11 192.168.13.0 0.0.0.255
access-list 110 permit ip host 192.168.11.11 any
route-map pbr permit 10
match ip address 110
set ip next-hop 10.68.202.2

ip route 0.0.0.0 0.0.0.0 10.68.200.2

interface Vlan150
description Server Farm
ip address 192.168.11.1 255.255.255.0
ip policy route-map pbr

My server is 192.168.11.11 and it is reaching its next-hop 10.68.202.2. But from 192.168.11.0/24 subent I am not able to reach another vlans. This ios not supporting to enable default-next-hop.

Thanks & Regards

R.MADHANKUMAR

Hi

Try adding

route-map pbr permit 20

Regards

Bharat

Hi Bharath,

Thanks for your reply. I can add another PBR, but what might be the access-list?. Also if I am adding another PBR the cpu utilization will go high?

rgds

R.MADHANKUMAR

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: