06-10-2016 01:45 AM - edited 03-08-2019 06:08 AM
Hi.
I have Cisco 3750G with IP Service k9-mz.150-2.SE4 IOS. In my network i have 4 VLan with 4 internet gateways. I define 4 static route for each gateways and with PBR for matching this static routes. If i use "set ip next-hop" all the traffic goes through the specific gateway an interVlan routing is not working (I need interVlan routing because clients in different Vlans must see each other), and if i use "set ip default next-hop", i was unable to assigned it to Vlan (Route-map lan14 not supported for Policy-Based Routing).
SDM template is on routing an ip routing is enabled.
here is my config for 2 of these Vlans:
interface Vlan7
ip address 192.168.7.254 255.255.255.0
ip access-group 107 in
!
interface Vlan14
ip address 192.168.14.254 255.255.255.0
ip access-group 114 in
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.70.254
ip route 0.0.0.0 0.0.0.0 192.168.140.254
!
access-list 107 permit udp any eq bootpc any eq bootps
access-list 107 permit ip 192.168.7.0 0.0.0.255 any
access-list 114 permit udp any eq bootpc any eq bootps
access-list 114 permit ip 192.168.14.0 0.0.0.255 any
route-map lan7 permit 10
match ip address 107
set ip next-hop 192.168.70.254
!
route-map lan14 permit 10
match ip address 114
set ip next-hop 192.168.140.254
!
Where is my mistake in config?
Please help me, I'm stuck here almost for three weeks.
Solved! Go to Solution.
06-10-2016 05:16 AM
Hi
You created 2 route-map to set next-hop for some traffic classified with an acl.
If you want to manager all other traffic you need to create an empty instance of your route-map
Example:
route-map lan7 permit 10
match.....
route-map lan7 permit 20 ==> add this instance and leave it empty. You'll tell to the switch/router that it has to keep other traffic but nothing to apply.
Hope this clear.
06-10-2016 05:16 AM
Hi
You created 2 route-map to set next-hop for some traffic classified with an acl.
If you want to manager all other traffic you need to create an empty instance of your route-map
Example:
route-map lan7 permit 10
match.....
route-map lan7 permit 20 ==> add this instance and leave it empty. You'll tell to the switch/router that it has to keep other traffic but nothing to apply.
Hope this clear.
06-10-2016 06:51 AM
Hi.
Thanks for reply.
I will check it tomorrow and let you know the result.
06-10-2016 08:01 AM
Ok. And I'm re-reading your post and also the configuration of PBR is not correct under L3 interfaces like Carlos said
06-10-2016 07:23 AM
Hi!
PBR is not even being applied in any of the SVIs, configuration should be like this:
interface Vlan7
ip address 192.168.7.254 255.255.255.0
ip policy route-map lan7
!
interface Vlan14
ip address 192.168.14.254 255.255.255.0
ip policy route-map lan14
Have a nice day, best regards!
JC
06-11-2016 01:21 AM
Hi.
Thanks for reply.
I was applying PBR to SVIs, But without default next-hop all the traffic (InterVlan Routing) goes through the route-map and when i set next-hop with default i was unable to assigned with this error UNSUPPORTED_PBR-3 pbr can't be assigned to vlan interface
MJ.Khaani
06-11-2016 10:35 PM
Hi MJ!
Please refer to the following links for the guidelines you have to follow in order to use PBR in your switch:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swiprout.html#wp1228588
Please put special interest in this guideline and confirm you have your SDM template as routing :
- To use PBR, you must first enable the routing template by using the sdm prefer routing global configuration command. PBR is not supported with the VLAN or default template. For more information on the SDM templates, see Chapter8, “Configuring SDM Templates”
Please let me know if you still have problems applying PBR.
Hope it helps, best regards!
JC
06-11-2016 10:48 PM
Hi Carlos!
Thanks for reply.
SDM template must be on rounting to use PBR on VLAN.
The first answer fixed my problem with InterVlan thanks to supportlan.
MJ.Khaani
06-12-2016 12:29 PM
Ok sir,
However be aware that applying the solution you were given will only cause disastrous results to your switch.
Regards.
06-12-2016 12:41 PM
Hi guys,
I'm sorry but as I said 2 days ago, I've missed the issue that Carlos pointed out when I was reading the post through my mobile.
What I said 2 days ago, was: For sure the configuration of PBR under L3 is bad. You need to use the command ip policy route-map.
Without this command, you are not doing PBR but a workaround that can cause some issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide