Solved: Re: PBR on cisco 3560 - Page 2

esnw33430 · ‎05-04-2010

Hello all

I'm having a problem configuring PBR on a switch......

we have a 3560 with the IPservices IOS installed an SDM set to routing, we need 3 vlans (each has their own router / ISP) and they all need to share a single printer / copier.

so:

vlan1 (users and isp1)

vlan2 (users and isp2)

vlan3 (users and isp3)

all the users in all vlans need to access the same printer / copier, any ideas?

I posted a similar question a while back but we found the ios was incompatable with pbr, we now have a switch with ipservices ios installed
(12.2(53)SE1 )

cheers

Graham

Federico Coto Fajardo · ‎05-04-2010

Just for you to have it clear.

PBR (Policy-Based Routing) can be enabled on routers or switches that operate at Layer 3 of the OSI model.

It is a feature that allows you to manipulate how the routing decisiones are going to be made (instead of relying solely on the IP routing table).

So, when a packet reaches a router, instead of having the router look at the routing table (normal behavior), you can configure PBR to make the router take different decisions (prior to looking at the routing table).

i.e

You can tell a router to forward packets via interface1 when the packets come from VLAN1

You can tell the same router to forward packets via interface2 when the packets come from VLAN2

So, as you see, PBR allows routing decisions to be made on other factors beside the normal destination IP address (normal routing table).

PBR will intercept packets and apply these policies when PBR is enabled on the same device that makes the routing decisions.

That's why you cannot configure PBR on the 3560 if it is not involved in the routing path (only in the switching path)

Federico.

esnw33430 · ‎05-04-2010

ok i cant give up on this, we still need to get printing going on this site.

i have found a pair of routers that will allow me to add static routes........

what do i need to do?

Federico Coto Fajardo · ‎05-04-2010

Ok, that's better...

Sorry to insist, but you can't change the default gateway on the VLANs?

I insist because if the default gateway still goes to the routers that you don't control, there's no much to do.

Federico.

esnw33430 · ‎05-04-2010

i'm just looking into if i can change the gateway address assigned by dhcp on the routers
.

so assume that i can get the router to assign a gateway address of the vlan:

vlan1 192.168.1.2

vlan2 192.168.2.2

vlan3 192.168.3.2

cheers

Graham

Federico Coto Fajardo · ‎05-04-2010

If you can get the router to assign via DHCP the gateway 192.168.x.2 (where x is the VLAN number), then configure the new routers to have that IP.

So, the default gateway that the hosts are going to receive is the new router.

Since you manage this router, then you can configure the routes accordingly.

I will say to try this:

VLAN 1

VLAN 2

VLAN 3

All of them connected to the 3560.

Then the 3560 connects to the router.

This new router will do the InterVLAN routing between the VLANs, so that you have communication between the VLANs and you can print.

Let me know if you're going to do it like that to help you with the commands.

Federico.

esnw33430 · ‎05-04-2010

ok rember these are not cisco routers (i wish they were as I could have done the intervlan routing without issue on those).

they are thomson tg585v7 as supplied by the isp, they do dhcp and dns etc but as yet i find no config for vlan capability on this router.

the 3rd vlan has a 2wire router that i dont have access to at this time but i know that one also does static routes.

Federico Coto Fajardo · ‎05-04-2010

Ok, when the router is limited on its number of interfaces (only one for example), you need InterVLAN routing.

How many ports does this router has?

If you can have 1 physical port connection for each VLAN, then you don't need InterVLAN routing, only need static routes (the ports on the router has to be routed ports).

If this is not the case, the easiest solution is this:

Just point the default gateway to be the 3560 and we do the routing there.

Federico.

esnw33430 · ‎05-04-2010

i think we should do the routing on the switch, reason being that each on the vlans has its own connection to the internet.

they must all use their own internet connection but be able to print to the same copier.

so if i can get the dhcp to assign the vlan ip as its gateway....... we use the switch to do the routing and then use static any any routes pointing back to the internet routers?

esnw33430 · ‎05-04-2010

the ports are not routed, man i i could just use a cisco router and a single internet connection lol

Federico Coto Fajardo · ‎05-04-2010

Let's do the routing on the 3560, default gateway to the ISP routers, problem solved.

Federico.

esnw33430 · ‎05-04-2010

ok so i config the 3560 to do inter vlan routing and have the dhcp assign the

gateway address as the vlan interface ip

i then set static routes to say any any to the isp router and we are done?

Federico Coto Fajardo · ‎05-04-2010

Exactly.

We should have done this since we started ;-)

Federico.