PBR on 3560G with c3560-advipservicesk9-mz.122-46.SE

IM-Design · ‎02-03-2012

Hi,

I have a 3560G switch with c3560-advipservicesk9-mz.122-46.SE and 2 routers. The switch has vlans defined. I want to route all traffic on vlan 25 out of one of the routers exclusively.

Here is what I have attempted:

-Set the SDM template to routing & reload

-Define an access-list for the vlan traffic

-Define the route-map

-Apply the route-map to the vlan interface

When I attempt the last step I receive the following syslog error:

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM_IMDGuest not supported for Policy-Based Routing

Also, the route-map is removed from the vlan interface after this error is thrown.

Im 99% confident that PBR is supported on this switch (am I wrong?).

Here is the relevant show output:

...

access-list 125 permit ip 192.168.25.0 0.0.0.255 any

route-map RM_IMDGuest permit 10

match ip address 125

set ip next-hop 192.168.5.3

!

...

sw3560IMD#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  3K
number of IPv4 IGMP groups + multicast routes:    1K
number of IPv4 unicast routes:                    11K
    number of directly-connected IPv4 hosts:        3K
    number of indirect IPv4 routes:                 8K
number of IPv4 policy based routing aces:         0.5K
number of IPv4/MAC qos aces:                      0.5K
number of IPv4/MAC security aces:                 1K

sw3560IMD#show route-map
route-map RM_IMDGuest, permit, sequence 10
Match clauses:
ip address (access-lists): 125
Set clauses:
ip next-hop 192.168.5.3
Policy routing matches: 5 packets, 809 bytes
sw3560IMD# show run int vlan25
Building configuration...

Current configuration : 168 bytes
!
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.5.5
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
end

**UPDATE: I just tried the above commands again and it seemed to accept them? So now Im still confused. How do I test to see if PBR is working correctly?

Message was edited by: Charles Van Dusen

Reza Sharifi · ‎02-03-2012

Do a traceroute to the specific destination and see if 92.168.5.3 appears in the path.

HTH

IM-Design · ‎02-03-2012

Hi Reza,

Thanks for the quick reply.

I did a couple of traceroutes and the 192.168.5.3 address does appear in the path.

The problem I am still seeing is that I cannot browse the web or sucessfully traceroute to an internet ip if I am connected to the vlan which I am trying to force out of one of my 2 routers using route-maps.

So, I had to change my approach until I can figure this out, so I have updated the 3560 with a different route map, acl, and vlan configuration:

Here it is:

interface Vlan25

ip address 192.168.25.2 255.255.255.0

ip helper-address 192.168.5.5

ip pim sparse-dense-mode

ip policy route-map RM_IMDGuest

ntp broadcast

!

...

access-list 125 permit ip 192.168.25.0 0.0.0.255 any

route-map RM_IMDGuest permit 10

match ip address 125

set ip next-hop 192.168.5.1

!

So, what I am trying to do is have all clients who are connected to vlan 25 use the router at 192.168.5.1. When I fire up a client on that vlan, I am not able to ping an internet ip or browse. When I attempt a tracert to the same ip which I tried to ping, I only see 2 'hops':

1 6 ms 6 ms 6 ms 192.168.25.2

2 3 ms 3 ms 3 ms 192.168.5.1

3 all subsequent requests time out

...

From the 3560 itself I can ping and traceroute to the same ip, but the traceroute goes through the 192.168.5.3 router rather than the 192.168.5.1. I guess this is expected since the 192.168.5.3 router is also connected and I have a default route in the 3560 'ip route 0.0.0.0 0.0.0.0 192.168.5.3'.

If I have the 3560 configured correctly, then I am wondering if its a problem with the configuration of 192.168.5.1 (which is a cisco 1841).

Any ideas?

Charlie