04-28-2007 07:51 AM - edited 03-05-2019 03:44 PM
I have a problem when i try to apply a policy map to a routing interface on a Cisco3560
I have firstly defined the access-list and the route-map. But the problem occurs when trying to apply the ip policy to the physical interface.
ip access-list extended SOFT
permit ip 10.187.237.0 0.0.0.128 172.134.0.0 0.0.255.255
permit ip 12.34.108.0 0.0.0.255 172.134.0.0 0.0.255.255
permit ip 10.200.81.32 0.0.0.15 172.134.0.0 0.0.255.255
permit ip 10.187.239.0 0.0.0.128 172.134.0.0 0.0.255.255
permit ip 10.34.106.0 0.0.0.255 172.134.0.0 0.0.255.255
permit ip 10.200.81.48 0.0.0.15 172.134.0.0 0.0.255.255
ip access-list extended TEST_SOFT
permit ip 12.34.105.0 0.0.0.255 172.134.0.0 0.0.255.255
permit ip 10.187.238.0 0.0.0.255 172.134.0.0 0.0.255.255
permit ip 10.200.81.64 0.0.0.15 172.134.0.0 0.0.255.255
permit ip host 10.187.239.14 172.134.0.0 0.0.255.255
permit ip host 10.187.239.17 172.134.0.0 0.0.255.255
route-map soft_pbr permit 10
match ip address TEST_SOFT
set ip default next-hop 10.200.81.231
!
route-map soft_pbr permit 20
match ip address SOFT
set ip default next-hop 10.200.81.104
interface fast 0/16
ip policy route-map soft_pbr
( the interface will take the command, and this is also the same on a Vlan interface, but doesn't show in the config)
When i then look at the interface it doesn't show the Policy map statement,
interface FastEthernet0/16
description ####*Temporary**
no switchport
ip address 10.200.81.238 255.255.255.240 secondary
ip address 10.200.72.157 255.255.255.192
speed 100
duplex full
standby 91 ip 10.200.72.156
standby 91 priority 150
standby 91 preempt
spanning-tree portfast
######3560_1#sh route-map soft_pbr
route-map swift_pbr, permit, sequence 10
Match clauses:
ip address (access-lists): TEST_SOFT
Set clauses:
ip default next-hop 10.200.81.231
Policy routing matches: 0 packets, 0 bytes
route-map soft_pbr, permit, sequence 20
Match clauses:
ip address (access-lists): SOFT
Set clauses:
ip default next-hop 10.200.81.104
Policy routing matches: 0 packets, 0 bytes
I never see the packet count increasing, even though there is traffic passing through the interface.
!
CLSPRA3560_1#sh version
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 22-Nov-05 23:18 by yenanh
Image text-base: 0x00003000, data-base: 0x01191EEC
ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)
CLSPRA3560_1 uptime is 4 weeks, 1 day, 5 hours, 38 minutes
System returned to ROM by power-on
System restarted at 12:03:22 CET Fri Mar 30 2007
System image file is "flash:c3560-advipservicesk9-mz.122-25.SED1.bin"
I have also tried using VLANs and turning the port into a switchport again, and using normal numbered access-lists. Just wondering whether this is a feature of this train of code or, is there a switch, to turn the policy database?
Thanks for any help in advance.
04-28-2007 09:01 AM
Hi there,
To use PBR on your 3560, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates:
HTH, please rate if it does help,
Mohammed Mahmoud.
04-30-2007 12:09 AM
Yep, agreed. I struggled with this one for about two days last month !!! I should have RTFM!!! As soon as you enable the routing template (reboot required)you can use PBR.
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide