route-map not working on cisco 3750

Jputhusseril · ‎12-30-2014

Hello All,

Im trying to use route-map using next hop. For some reason I am not getting any matching packets. SDM is setup for desktop routing.

I am not getting any matches on my route-map nor my ACL.

Code is 12.2(55)SE5

Config

interface Vlan11
description OAD_NAP Data Network
ip address 10.248.60.254 255.255.255.0
ip helper-address 172.17.101.1
ip helper-address 172.17.104.1
ip helper-address 172.17.108.114
no ip redirects
no ip proxy-arp

ip policy route-map ROUTE-OADFW
end

access-list 100 permit ip host 10.248.60.240 host 172.20.1.1 log
access-list 100 permit ip 10.248.60.0 0.0.0.255 172.20.1.0 0.0.0.255

!
route-map ROUTE-OADFW permit 10
match ip address 100
set ip next-hop 10.248.31.254
!

Don't know if this makes a difference 10.248.31.254 (FW) is not the next hop but it is in the routing table so the 3750 knows how to get their.

sho route-map

route-map ROUTE-OADFW, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 10.248.31.254
Policy routing matches: 0 packets, 0 bytes
oan-u101-asw-01#

Very straight forward I thought :) Any help really appreciated.

schaef350 · ‎12-30-2014

You will have to look and see how / if recursive routing lookups work on the 3750. Check out this post:

https://supportforums.cisco.com/discussion/10029671/route-maps-3750

Please rate helpful posts! :-)

- Be sure to rate all helpful posts

Jputhusseril · ‎12-31-2014

I don't see recursive as an option. Any other ideas I can do to get the traffic to a non directly connected newtwork?

schaef350 · ‎12-31-2014

The 3750 doesn't support any type of tunneling so nothing off hand in that regard.

You could forward it to a next hop device (without a recursive look up) that then also uses a policy based route to keep it moving in the right direction. It would get a little tricky but doable. Be sure to document / diagram whats happening! :-)

Be sure to rate helpful posts! :-)

- Be sure to rate all helpful posts

Jputhusseril · ‎01-14-2015

Question just to reassure myself.

I dont need an ip any any at the end of my acl to allow regular traffic if I am reading this correctly. My route-map would only look for matching ACL any traffic that does not match would take the normal path correct? I dont want to drop any traffic while doing this change.

access-list 100 permit ip host 10.248.60.240 host 172.20.1.1 log
access-list 100 permit ip 10.248.60.0 0.0.0.255 172.20.1.0 0.0.0.255

Jon Marshall · ‎01-14-2015

Any traffic not matched in the route-map acl(s) would be routed normally ie. it would use the IP routing table.

Jon

Jputhusseril · ‎01-14-2015

Thanks Jon for clarification.

acampbell · ‎12-30-2014

Hi,

You need to look at the config guide

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swiprout.html#wp1392257

Look at step 4

Step 4

set ip next-hop ip-address [...ip-address]

Specify the action to take on the packets that match the criteria. Set next hop to which to route the packet (the next hop must be adjacent).

The address you re using as the next hop is NOT adjacent

Regards
Alex

Regards, Alex. Please rate useful posts.

paul driver · ‎01-02-2015

Hello

Try the using:
- a recursive next hop
- enabling proxy arp on SVI 11

route-map ROUTE -OADFW permit 10
match ip address 100
set ip next-hop recursive 10.248.31.254

sh sdm prefer
debug ip packet detail 100
debug ip policy

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul