cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2965
Views
5
Helpful
10
Replies

Policy Based Routing and 3750 switches

expertirs
Level 1
Level 1

Hello!

I have a simple design with 3750.

I configured a route-map which define a next hop.

I defined this route-map on a policy on a vlan interface.

When I test some ping and a debug ip policy and it seems that my policy never match.

Is there any mechanism that prevent the switch from using PBR? I think of CEF ...... don't know....

Thanks

10 Replies 10

cadet alain
VIP Alumni
VIP Alumni

Hi,

Post your config and topology.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

Thanks for your reply.

Here are the design and the configuration

Hi,

can you make a pdf for topology because I can't open visio files.

What does sh standby 46 outputs?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I changed the attachment.

Hi,

ok I saw it. You want the communication between the 2 hosts to take the path you drawed  going to the firewall which is the next-hop you set ?

But the Pc on the left is in Vlan 13 not vlan 46 so you got to apply the policy under vlan 13 interface.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

On 6500 chassis, I also have a policy on vlan 13 to configure the next hop on the vlan 46. This configuration works.

On the 3750 switches, I have a policy on vlan 46 to have a next hop on vlan 48 which is the firewall : my packet never match the policy....

I think that there are 2 behaviours because of the hardware itself?

No,

it's just that this traffic leaves vlan 46 so it is egress never ingress and PBR is only for ingress traffic.

If the 6500 supports you should modify your policy to set the next-hop to the firewall IP using the recursive keyword.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Did you changte the sdm template to routing on the C3750 ?

sdm prefer routing

reload

I think this is required for PBR to work,

GN

Yes, I changed the SDM template.

Hi Dominique,

just to be clearer the 6500 on its PBR sets as next hop an address in vlan 46, I suppose it sets the HRSP address 192.168.46.254. Can you confirm? If not please clarify.

The PBR on the 3750 sets as next hop IP 192.168.48.251. What is it? Is it the FW I guess, right?

What is the original destination of the traffic coming from vlan 13 (source and destination IP addresses please)?

Can you print the output of a ping from a host in vlan 13?

Riccardo

Review Cisco Networking for a $25 gift card