Solved: Hi Richard,Cisco 3850 even

RICHARD MESSINGER · ‎11-19-2014

Something odd I am seeing.

Trying to use a 3850 L3 switch running IP Services, XE ver 03.03.03SE, to do some policy routing on one of the VLAN interfaces.

Interface VLAN 10

ip address 208.x.y.z 255.255.255.0

ip policy route-map Use_Route1

It seems to take the command but when I look back with a show run interface vlan 10, it is not there.

Also when I look at the show route policy it indicates that 0 packets have been processed.

Is this a bug or am I missing something?

Santhoshkumar Duraiswamy · ‎11-22-2014

Hi Richard,

Cisco 3850 even running on full IP services image will not support verify-availability command to track with IP SLA.

If you enable terminal monitor or configure the device using console you can see the syslog message when you try to configure the route-map with set ip next-hop verify-availability command

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map <name> not supported for Policy-Based Routing

You can see the route-map command showing up in the config BUT as soon as you try to apply to interface vlan10 the command will be not be applied and PBR will not work.

I hope Cisco find way to fix this!!

Workaround:

You can use EEM Applet with IP SLA

event manager applet internet_up

event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up"

action 2.0 cli command "enable"

action 3.0 cli command "config t"
action 3.2 cli command "interface Vlan10"
action 3.3 cli command "ip policy router-map Use_Internet"
action 3.4 cli command "exit"

event manager applet internet_down

event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down"

action 2.0 cli command "enable"

action 3.0 cli command "config t"
action 3.2 cli command "interface Vlan10"
action 3.3 cli command "no ip policy router-map Use_Internet"
action 3.4 cli command "exit"

repeat the same process for other IP SLA tracking you have

hope this helps

Santhosh

View solution in original post

John Blakley · ‎11-19-2014

I don't have 3850s in my environment, but a lot of the time you need to change the sdm template that the switch is using. Take a look here:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_management/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_01011.html

HTH, John *** Please rate all useful posts ***

RICHARD MESSINGER · ‎11-19-2014

thanks for the pointer, but it seems like the sdm prefer advanced was already in place so this is not the answer at this time.

andy.winford · ‎09-28-2016

I have a similar problem but in my case the 3850 is running 03.02.03.SE IP Base and will not accept the ip policy route-map command on the VLAN interface. Do I need to IP Services running to support a per VLAN i?

Thanks...

houtan haddadlarijani · ‎11-19-2014

Hi,

Try "sdm prefer routing" on global configuration mode. I've had a similar problem before and this command could solve it.

RICHARD MESSINGER · ‎11-19-2014

this command is not accepted by the 3850. Just "sdm prefer advanced" which was already in place.

houtan haddadlarijani · ‎11-19-2014

would you share your route-map configuration?

RICHARD MESSINGER · ‎11-20-2014

Here are redacted parts of the config:

ip access-list extended FORCE_TRAFFIC_OUT_TWInternet
permit ip 199.mmm.nnn.0 0.0.0.255 any
permit ip 72.kkk.lll.0 0.0.0.255 any
permit ip 208.aaa.bbb.0 0.0.0.255 any
permit ip 199.iii.jjj.0 0.0.0.255 any
ip access-list extended Subnets_To_Internet
permit ip 208.ccc.ddd.0 0.0.0.255 any
permit ip 208.eee.fff.0 0.0.0.255 any
permit ip 74.ggg.hhh.0 0.0.0.255 any

...

route-map Use_Internet permit 10
match ip address Subnets_To_Internet
set ip next-hop verify-availability 208.xxx.yyy.8 2 track 1
!
route-map Use_Internet permit 20
match ip address FORCE_TRAFFIC_OUT_TWInternet
set ip next-hop verify-availability 208.xxx.yyy.2 1 track 2

IP SLA's are working correctly

Interface Vlan 10

ip address 208.xxx.yyy.13 255.255.255.224

It accepts the "ip policy router-map Use_Internet" command but does not show up

Running ios-xe version 03.03.03 with Ipservices

houtan haddadlarijani · ‎11-20-2014

Ok, This is what i thought

As 3850s do not support "sdm prefer routing", the only way you can make it work, is remove "verify-availability" and only use "set ip next-hop" command without tracking .

HTH

aossamashalaby · ‎08-02-2015

i really appropriate this answer, it helps me in my working environment so much

thank you RICHARD MESSINGER

Santhoshkumar Duraiswamy · ‎11-22-2014

Hi Richard,

Cisco 3850 even running on full IP services image will not support verify-availability command to track with IP SLA.

If you enable terminal monitor or configure the device using console you can see the syslog message when you try to configure the route-map with set ip next-hop verify-availability command

%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map <name> not supported for Policy-Based Routing

You can see the route-map command showing up in the config BUT as soon as you try to apply to interface vlan10 the command will be not be applied and PBR will not work.

I hope Cisco find way to fix this!!

Workaround:

You can use EEM Applet with IP SLA

event manager applet internet_up

event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up"

action 2.0 cli command "enable"

action 3.0 cli command "config t"
action 3.2 cli command "interface Vlan10"
action 3.3 cli command "ip policy router-map Use_Internet"
action 3.4 cli command "exit"

event manager applet internet_down

event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down"

action 2.0 cli command "enable"

action 3.0 cli command "config t"
action 3.2 cli command "interface Vlan10"
action 3.3 cli command "no ip policy router-map Use_Internet"
action 3.4 cli command "exit"

repeat the same process for other IP SLA tracking you have

hope this helps

Santhosh

Sonain Zia · ‎04-23-2015

Hi Santhosh,

Do we need to configure authentication for applet to run commands or it will handle it automatically?

Regards,

Sonain

Route-Map not taken on 3850 IP Services