02-03-2012 07:20 AM - edited 03-07-2019 04:43 AM
Hi,
I have a 3560G switch with c3560-advipservicesk9-mz.122-46.SE and 2 routers. The switch has vlans defined. I want to route all traffic on vlan 25 out of one of the routers exclusively.
Here is what I have attempted:
-Set the SDM template to routing & reload
-Define an access-list for the vlan traffic
-Define the route-map
-Apply the route-map to the vlan interface
When I attempt the last step I receive the following syslog error:
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM_IMDGuest not supported for Policy-Based Routing
Also, the route-map is removed from the vlan interface after this error is thrown.
Im 99% confident that PBR is supported on this switch (am I wrong?).
Here is the relevant show output:
...
access-list 125 permit ip 192.168.25.0 0.0.0.255 any
route-map RM_IMDGuest permit 10
match ip address 125
set ip next-hop 192.168.5.3
!
...
sw3560IMD#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
sw3560IMD#show route-map
route-map RM_IMDGuest, permit, sequence 10
Match clauses:
ip address (access-lists): 125
Set clauses:
ip next-hop 192.168.5.3
Policy routing matches: 5 packets, 809 bytes
sw3560IMD# show run int vlan25
Building configuration...
Current configuration : 168 bytes
!
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.5.5
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
end
**UPDATE: I just tried the above commands again and it seemed to accept them? So now Im still confused. How do I test to see if PBR is working correctly?
Message was edited by: Charles Van Dusen
02-03-2012 08:33 AM
Do a traceroute to the specific destination and see if 92.168.5.3 appears in the path.
HTH
02-03-2012 01:56 PM
Hi Reza,
Thanks for the quick reply.
I did a couple of traceroutes and the 192.168.5.3 address does appear in the path.
The problem I am still seeing is that I cannot browse the web or sucessfully traceroute to an internet ip if I am connected to the vlan which I am trying to force out of one of my 2 routers using route-maps.
So, I had to change my approach until I can figure this out, so I have updated the 3560 with a different route map, acl, and vlan configuration:
Here it is:
interface Vlan25
ip address 192.168.25.2 255.255.255.0
ip helper-address 192.168.5.5
ip pim sparse-dense-mode
ip policy route-map RM_IMDGuest
ntp broadcast
!
...
access-list 125 permit ip 192.168.25.0 0.0.0.255 any
route-map RM_IMDGuest permit 10
match ip address 125
set ip next-hop 192.168.5.1
!
So, what I am trying to do is have all clients who are connected to vlan 25 use the router at 192.168.5.1. When I fire up a client on that vlan, I am not able to ping an internet ip or browse. When I attempt a tracert to the same ip which I tried to ping, I only see 2 'hops':
1 6 ms 6 ms 6 ms 192.168.25.2
2 3 ms 3 ms 3 ms 192.168.5.1
3 all subsequent requests time out
...
From the 3560 itself I can ping and traceroute to the same ip, but the traceroute goes through the 192.168.5.3 router rather than the 192.168.5.1. I guess this is expected since the 192.168.5.3 router is also connected and I have a default route in the 3560 'ip route 0.0.0.0 0.0.0.0 192.168.5.3'.
If I have the 3560 configured correctly, then I am wondering if its a problem with the configuration of 192.168.5.1 (which is a cisco 1841).
Any ideas?
Charlie
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide