Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
2
Replies

PBR on 3560G with 1811 and 1841 attached

Go to solution
IM-Design
Level 1
Level 1

‎10-31-2012 05:24 AM - edited ‎03-07-2019 09:46 AM

Hi,

My question is wrt policy-based routing on my network. Our switch is a 3560G 24PS running Adv Ip Services image. It is connected to an 1841 and an 1811 each with a dual-wan connection . The 3560 defines 6 vlans and we are using PBR to route some vlans via the 1841 and some vlans via the 1811.

From a client on one vlan a traceroute to a client on another vlan goes through the 1811 before being routed back to the 3560. Is it possible to use PBR to detect traffic that is destined for another vlan on the same switch and then route it directly?

Im trying to paste in the config from my putty seesion, but am unable at this time?

            

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
SOcchiogrosso
Level 4
Level 4
In response to IM-Design

‎10-31-2012 06:05 AM

Anything you match to ACL you can policy route.You do need to be careful with policy routing because it is easy to create assyemtric routing issues.

Currently your PBR looks to be routing by the source IP.

You might need to deny the local VLAN subnets to other local VLAN subnets on the same switch, make sure those deny rules are placed before the permit statement. So enter ACL config mode and change your ACLs that might help. Keep in mind though your PBR is doing exactly what is was configured to do.

http://ccie-or-null.net/2012/01/09/working-with-cisco-access-control-lists-acls/


--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/

View solution in original post

0 Helpful
2 Replies 2

Go to solution
IM-Design
Level 1
Level 1

‎10-31-2012 05:25 AM

Here are the relevant parts of the config on the 3560


interface GigabitEthernet0/1
description Cisco 1811 Router at 192.168.5.3
!
interface GigabitEthernet0/3
description Cisco 1841 Router at 192.168.5.1
!

interface Vlan10
ip address 192.168.10.2 255.255.255.0
ip helper-address 192.168.10.6
ip pim sparse-dense-mode
ip policy route-map RM_IMD
ntp broadcast
!
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.10.6
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
!
...

access-list 110 permit ip 192.168.10.0 0.0.0.255 any
access-list 125 permit ip 192.168.25.0 0.0.0.255 any

...

route-map RM_IMD permit 10
match ip address 110
set ip next-hop 192.168.5.1
!
route-map RM_IMDGuest permit 10
match ip address 125
set ip next-hop 192.168.5.1
!

0 Helpful

Go to solution
SOcchiogrosso
Level 4
Level 4
In response to IM-Design

‎10-31-2012 06:05 AM

Anything you match to ACL you can policy route.You do need to be careful with policy routing because it is easy to create assyemtric routing issues.

Currently your PBR looks to be routing by the source IP.

You might need to deny the local VLAN subnets to other local VLAN subnets on the same switch, make sure those deny rules are placed before the permit statement. So enter ACL config mode and change your ACLs that might help. Keep in mind though your PBR is doing exactly what is was configured to do.

http://ccie-or-null.net/2012/01/09/working-with-cisco-access-control-lists-acls/


--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card