policy route-map not sticking to 3750 interfaces?

Jeff Cooper · ‎04-23-2013

Hello all,

I have a client with a 3750x stack. We've upgraded it to IP Services. We have a simple PBR setup. One access-list to forward traffic from a specific LAN ip to another gateway on the network.

I go to vlan1 (default vlan) to apply the PBR and the command takes with no errors, but do a "show run" and it doesn't show up under the interface.

I go to vlan1 and apply a PBR that doesn't exist and the command takes with no errors, and is listed under the interface in the config

I can apply the PBR globally and appears to work, but we can't have it there based on other issues it creates.

How do i apply a PBR to a 3750 vlan interface?

Thx

-------

config: (all tracks are up)

C3750_stack#show sdm prefer

The current template is "desktop routing" template.

ip access-list extended Data2EState
deny ip host 192.168.1.50 192.168.37.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.37.0 0.0.0.255

ip access-list extended PBX2EState
permit ip host 192.168.1.50 192.168.37.0 0.0.0.255
!

route-map Vlan1PolicyMap permit 37
match ip address PBX2Estate
set ip next-hop verify-availability 192.168.1.253 10 track 37
set ip next-hop verify-availability 192.168.1.1 20 track 255
!
route-map Vlan1PolicyMap permit 1037
match ip address Data2EState
set ip next-hop verify-availability 192.168.1.1 10 track 255
set ip next-hop verify-availability 192.168.1.253 20 track 37

Anukalp S · ‎04-24-2013

Hi Jeff,

Could you share show version of your 3750 switch, just want to see device image.

Maximilian88 · ‎04-24-2013

Look at https://learningnetwork.cisco.com/thread/46218, maybe you have not the right license.

dc-csa-blr · ‎04-24-2013

Hi Jeff,

Please go through bellow and then check it again.

Switch(config)# sdm prefer routing

Switch(config)#do wr

Switch(config)#exit

Switch#reload

HTH.

Cheers!!!

Jeff Cooper · ‎04-24-2013

thanks all for your responses. I have attached the show ver. I think it's a bug in the image we're running. HTH, yeah we went thru that sequence a couple times. We're currently running the demo license for ipservices to get this going while the ipservices license is on order.

I worked on this subsequently for a couple more hours last night. I was able to apply the PBR in question, if i only put in the match commands in the policies for example. Once i started applying actions, ie set ip next hop, the PBR would remove itself from the interface. Sometimes I could get two or three of the set ip commands in, other times i could get five or six. Always the same commands, and never all of them. And there was never a predictable sequence of what sequence of adding commands caused the PBR to drop off the interface. As well, I tried set ip with and without verify availability. It was overall, a very uncisco like experience from all my years.

Hence, I'm thinking it's a bug in the 12.x IOS i'm running and am trying to get it bumped to 15.x (latest). Only thing that makes sense.

As always tho, if someone has thoughts, comments, experience, please let me know! I'll report back after the IOS upgrade when it's worked out.

Anukalp S · ‎04-24-2013

Hi Jeff,

Pls upgrade your device image to "ipservices" and then execute "sdm prefer routing" command and reload device. After that you will able to configure PBR over interfaces.

Jeff Cooper · ‎04-24-2013

correct me if i'm wrong, but i believe i am already

License Level: ipservices

License Type: Evaluation

Next reload license Level: ipservices

license boot level ipservices

license boot level ipservices switch 2

C3750_stack#show license

Index 1 Feature: ipservices

Period left: 8 weeks 3 days

License Type: Evaluation

License State: Active, In Use

License Priority: Low

License Count: Non-Counted

Anukalp S · ‎04-24-2013

Ok. try reloading your device and see if device run with "IPService" image as currently i could see device is running with C3750E-UNIVERSALK9-M and after reloading it should be C3750E-IPSERVICESK9-M.

Jeff Cooper · ‎04-28-2013

Ok. After some more research, it appears some commands supported on router-based PBR are not supported under 12.x for layer 3 switches. There's actually a cisco doc with a list of commands. So what I was running into I guess was the switch seeing that the command wasn't supported in the PBR and dropping the PBR. I ran logging and ran into the same error that the cisco doc stated would happen if you tried to do some of the "excluded" commands. One of which apparently is set next hop. We haven't upgraded the switch to 15.x yet. One would expect the excluded pbr commands to be included in the upgraded IOS.

Here's the error cut/paste from the cisco doc and found I was getting the same one.

You should be aware of unsupported commands—refer to Unsupported Route Map Commands if this configuration exists:

!
access-list 10 permit 20.20.20.0 0.0.0.255
route-map pbr permit 10
match ip address 10
set ip default next-hop 12.12.12.12
!

An error message is generated if you try to configure the policy route map on the interface:

CAT3550(config)# int vlan 3
CAT3550(config-if)# ip policy route-map pbr
CAT3550(config-if)# end
CAT3550#
00:02:29: %PBR-3-UNSUPPORTED_RMAP: Route-map pbr not supported for Policy-Based Routing