Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1639
Views
4
Helpful
4
Replies

PBR with Cisco VSS

Go to solution
Ahmed Shahzad
Level 1
Level 1

‎03-31-2011 01:27 AM - edited ‎03-06-2019 04:21 PM

Hi,

I am trying to configure PBR on SVI of Cisco VSS but it is not working:

IOS version is:

Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1)

Configuration is given below:

access-list 20 permit 10.153.5.41 // trying to define another default gateway for this appliance.


route-map PBR_WSA permit 10
match ip address 20
set ip default next-hop 10.154.16.1

int vlan 3005
ip policy route-map PBR_WSA

Please note that there is a default route exist in the routing table.

Can you guide me where is the prbolem; either it is a bug or issue in configuration.

Best Regards,

Shahzad.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ahmed Shahzad

‎03-31-2011 02:52 AM 

mshahzad@hotmail.com
Thanks Jon.
I have tried both options set ip default next-hop and set ip next-hop but it does not work.
Please note that I want packet route using routing table except default route and then the PBR.
Any idea how to achieve it.

How are you verifying it doesn't work ? Some people simply check the acl for hitcounts but because of hardware switching you often don't see hitcounts. Are you tracerouting to the destination ?

As for use routing table (except default-route) and then PBR as far as i know you can't do this. You either use the routing table (including default-route) and then PBR or use PBR and then routing table. So the only way to use the routing table first and then PBR would be to remove the default-route and include all the other traffic in your PBR config ie. send the traffic for your specific host to one next-hop and then send all other traffic to another next-hop. This would work fine if you only had the one L3 vlan interface eg. vlan 3005 in your example, but i suspect on your 6500s you have many other L3 vlan interfaces and they use the default-route as well ?

So when you say it isn't working do you mean PBR isn't working at all or just that you cannot get it to use routing table (without default) and then PBR ?

If it isn't working at all then i can't see anything wrong with your config although i usually use extended acls in the PBR config because i have seen issues sometimes when you don't.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-31-2011 02:38 AM

Shahzad

"set ip default next-hop" means use the routing table first and if there is no route then use the next-hop configured with PBR. But because you have a default-route in the routing table there is a route to the destination and this will be used.

You need to use "set ip next-hop" which means use PBR before consulting the routing table.

Jon

Go to solution
Ahmed Shahzad
Level 1
Level 1
In response to Jon Marshall

‎03-31-2011 02:44 AM

Thanks Jon.

I have tried both options set ip default next-hop and set ip next-hop but it does not work.

Please note that I want packet route using routing table except default route and then the PBR.

Any idea how to achieve it.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ahmed Shahzad

‎03-31-2011 02:52 AM 

mshahzad@hotmail.com
Thanks Jon.
I have tried both options set ip default next-hop and set ip next-hop but it does not work.
Please note that I want packet route using routing table except default route and then the PBR.
Any idea how to achieve it.

How are you verifying it doesn't work ? Some people simply check the acl for hitcounts but because of hardware switching you often don't see hitcounts. Are you tracerouting to the destination ?

As for use routing table (except default-route) and then PBR as far as i know you can't do this. You either use the routing table (including default-route) and then PBR or use PBR and then routing table. So the only way to use the routing table first and then PBR would be to remove the default-route and include all the other traffic in your PBR config ie. send the traffic for your specific host to one next-hop and then send all other traffic to another next-hop. This would work fine if you only had the one L3 vlan interface eg. vlan 3005 in your example, but i suspect on your 6500s you have many other L3 vlan interfaces and they use the default-route as well ?

So when you say it isn't working do you mean PBR isn't working at all or just that you cannot get it to use routing table (without default) and then PBR ?

If it isn't working at all then i can't see anything wrong with your config although i usually use extended acls in the PBR config because i have seen issues sometimes when you don't.

Jon

0 Helpful

Go to solution
Ahmed Shahzad
Level 1
Level 1

‎03-31-2011 03:01 AM

Thanks Jon,

I am checking counts on "show route-map PBR_WSA" and could not found any hit.

There are number of SVIs and the requirement is one host behind an SVI use routing table (except default route) and a customize L3 interface for all other traffic.

Best Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card