Solved: PBR on VLAN Interface at c3850 Universal image fails

Netmart · ‎03-06-2018

Hello,

Please see description of case below and provide me with any advice.

Thank you.

Goal:

All internet related traffic [public IPs] with source VLAN 10 should hit PBR and traffic is supposed to be forwarded to next hop as determined by route-map.

Result:

After applying PBR, route-map seems not to be hit.

Device

WS-C3850-48T 03.06.00E cat3k_caa-universalk9

License
Slot# License name Type Count Period left
----------------------------------------------------------
1 ipservices permanent N/A Lifetime

License Level on Reboot: ipservices

Slot# License name Type Count Period left
----------------------------------------------------------
2 ipservices permanent N/A Lifetime

License Level on Reboot: ipservices

rtr#sh sdm prefer
Showing SDM Template Info

This is the Advanced (high scale) template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 8192
Overflow IGMP and Multicast groups: 512
Directly connected routes: 16384
Indirect routes: 7680
Security Access Control Entries: 3072
QoS Access Control Entries: 3072
Policy Based Routing ACEs: 1024
Netflow ACEs: 768
Wireless Input Microflow policer ACEs: 256
Wireless Output Microflow policer ACEs: 256
Flow SPAN ACEs: 512
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
SGT/DGT entries: 4096
SGT/DGT Overflow entries: 512
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Config at rtr:

interface Vlan10
description VLAN0010
ip address 192.168.10.254
ip policy route-map VLAN10_Internet

!

route-map VLAN10_Internet permit 10
match ip address VLAN10_Internet
set ip next-hop 10.50.0.10

ip access-list extended VLAN10_Internet
deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.15.255.255
deny ip 192.168.10.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.10.0 0.0.0.255 any

===================================

rtr#sh route-map VLAN10_Internet
route-map VLAN10_Internet, permit, sequence 10
Match clauses:
ip address (access-lists): VLAN10_Internet
Set clauses:
ip next-hop 10.50.0.10
Policy routing matches: 0 packets, 0 bytes

Julio E. Moisa · ‎03-07-2018

Hi

The configuration looks good, just included the following line:

route-map VLAN10_Internet permit 100

It will work over the data plane, could you please provide a traceroute from one of the computers. Some sites mention a Bug, but please let me verify that.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCui59593/?referring_site=bugquickviewredir

Thank you

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎03-07-2018

Hi

The configuration looks good, just included the following line:

route-map VLAN10_Internet permit 100

It will work over the data plane, could you please provide a traceroute from one of the computers. Some sites mention a Bug, but please let me verify that.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCui59593/?referring_site=bugquickviewredir

Thank you

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Netmart · ‎03-07-2018

Thank you very much, it seems to work now.

Julio E. Moisa · ‎03-07-2018

You are welcome. Have a great day!

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<