cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8828
Views
0
Helpful
3
Replies

Policy Based Routing on a VLAN

falcon.minot
Level 1
Level 1

Hello,

We upgraded our network from a basic flat network to a VLAN network. All is working fine except for one area. We have 2 ISP routers connecting to our main switch. Traffic to the primary router is working (default route) but am unable to get specific traffic routed to the other router.

Physical layout:

2811 Router (default route)         1841 Router (VLAN 4 traffic)

      ^----------------- 3750 switch --------------^

Below is a copy of my running config (deleted sensitive info & changed IPs). I am trying to setup Policy Based Routing as from what I've read that sounds like the best solution for me. I have multiple VLANs setup, and am needing VLAN 4 traffic to be routed to the 1841 router on port 33 of the main switch. I have tried following several online walkthroughs, such as http://www.ciscozine.com/2013/04/23/pbr-route-a-packet-based-on-source-ip-address/, but haven't been successful.

I've narrowed it down to this.  I will change to the VLAN 4 interface, and input "ip policy route-map ISP", it takes it with no errors.  When doing a "sh ip policy" command it shows nothing: no policies on any interfaces.

Why isn't VLAN 4 taking the policy?  I have enabled the sdm routing template. I did read somewhere that someone said to disable CEF; another said it didn't matter after version 12.0. I tried to disable it, but said that wasn't possible.

I'm sure it is one simple thing but not seeing it. Any help you can provide would be very appreciative. If you need more information just let me know.

Thank you

Troy

sh run
Building configuration...

Current configuration : 9480 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname switch3750
!
boot-start-marker
boot-end-marker
!

!

no aaa new-model
clock timezone UTC -6
switch 1 provision ws-c3750-48ts
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name deleted
ip name-server 1.2.3.4
ip name-server 5.6.7.8
ip name-server 9.0.1.2
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
Deleted interfaces
!
interface FastEthernet1/0/24
description Commercial Internet
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
Deleted interfaces
!
interface FastEthernet1/0/33
description To AT&T Router (ISP) IP 172.16.4.20
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
Deleted interfaces
!
interface Vlan4
description 4_ISP
ip address 172.16.4.1 255.255.255.0
ip helper-address 172.16.4.2
!
Deleted interfaces
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip route 172.16.1.0 255.255.255.0 172.16.1.2
ip route 172.16.2.0 255.255.255.0 172.16.4.20
ip route 172.16.3.0 255.255.255.0 172.16.3.2
ip route 172.16.5.0 255.255.255.0 172.16.5.2
ip route 172.16.6.0 255.255.255.0 172.16.6.2
ip route 172.16.7.0 255.255.255.0 172.16.7.2
ip route 172.16.8.0 255.255.255.0 172.16.8.2
ip route 172.16.9.0 255.255.255.0 172.16.9.2
ip route 172.16.10.0 255.255.255.0 172.16.10.2
ip route 172.16.20.0 255.255.255.0 172.16.20.2
ip route 172.16.21.0 255.255.255.0 172.16.21.2
ip route 172.16.22.0 255.255.255.0 172.16.22.2
ip route 172.16.23.0 255.255.255.0 172.16.23.2
ip route 172.16.24.0 255.255.255.0 172.16.24.2
ip http server
ip http secure-server
!
!
access-list 51 remark ISP Policy Based Routing
access-list 51 permit 172.16.4.1
route-map ISP permit 1
match ip address 51
set ip precedence critical
set ip next-hop 172.16.4.20
!
control-plane
!
!
!
end

3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

According to your interface config, connections to your ISP are layer-2 trunks.  If this is the case you can't apply PBR to a layer-2 interface.

HTH

interface FastEthernet1/0/24

description Commercial Internet

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

!

Deleted interfaces

!

interface FastEthernet1/0/33

description To AT&T Router (ISP) IP 172.16.4.20

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

Hi Reza,

That would make sense as the interface is trunked. In all my reading I didn't see anywhere it stating that.

Thanks, will have to reconfigure and test it out.

Hi Reza,

After setting the interfaces to layer 3 interfaces I still had the same issue, but figured it out.

Come to find out, the VLAN would not accept the policy with the "set ip precedence priority" command *(even though all documentation online called for it).  I started over, assigned the policy to VLAN 4 and it showed it under the "sh ip policy" command, then rebuilt my policy from there while checking "sh ip policy" after every step.  Upon issuing the "set ip precedence priority" command it was discovered that the policy was dropped from VLAN 4.  When I left that command out, I was able to reassign the policy to the VLAN.

Anyway, its working now.  I do have an issue with DHCP not working for that VLAN, but I think that is because PBR is interfering and routing those to the other router that doesn't have DHCP on it.

Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: