05-30-2012 07:39 AM - edited 03-07-2019 06:59 AM
Hi,
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, please help to advice where I can find the configuration example?
Best Regards,
05-30-2012 10:24 AM
You need something like this (I did only basic configs)
ip access-list extended HTTP
permit tcp any any eq 80
route-map PBR permit 10
match ip access-group name HTTP
set ip next-hop
route-map PBR permit 20
interface
ip policy route-map PBR
But if your proxy supports WCCP, probably, better way is to use this protocol instead of PBR.
03-28-2013 08:29 AM
I am trying someting similar please see my config I need help routing the traffic for the 50.196.73 network on Vlan4 out Vlan3..
interface Vlan3
ip address 50.196.73.157 255.255.255.248
ip policy route-map pbr
!
interface Vlan4
ip address 50.196.73.150 255.255.255.248
!
access-list 10 permit 50.196.73.152 0.0.0.7
route-map pbr permit 10
match ip address 10
set ip next-hop 50.196.73.158
03-28-2013 11:29 AM
Hi,
The PBR policy must be applied on the ingress interface so VLAN4 here and not VLAN3
Regards
Alain
Don't forget to rate helpful posts.
03-28-2013 12:20 PM
Thnank you sir so now I have is this correct I will test but i beleive I tried earlier today with no luck the gateway for the machines on VLAN4 is 50.196.73.150
interface Vlan3
ip address 50.196.73.157 255.255.255.248
!
interface Vlan4
ip address 50.196.73.150 255.255.255.248
ip policy route-map pbr
!
!
access-list 10 permit 50.196.73.144 0.0.0.7
route-map pbr permit 10
match ip address 10
set ip next-hop 50.196.73.158
03-28-2013 01:43 PM
You have changed the subnet in your ACL from 50.196.73.152 to 50.196.73.144. Unfortunately no host connected to vlan 4 will match the new subnet in the ACL and your PBR will not be effective.
If you use the original ACL then PBR should work.
HTH
Rick
03-28-2013 02:30 PM
Thank you sir but interface Vlan4 ip address 50.196.73.150 255.255.255.248 is in network 50.196.73.144 the space is from 50.196.73.144-50.196.73.151 usable 50.193.73.145-50.196.73.150 so wouldn;t the ACL be correct?
03-28-2013 03:04 PM
Indeed you are correct and your ACL and the PBR should work. I was doing the math for the subnets and the masking of the ACL in my head and got confused. I apologize for that.
HTH
Rick
03-28-2013 04:07 PM
I was afraid I was right since it does not work :( any ideas? Below is a small list of config VLan 2 seems to pass to Vlan 1 and out default Gateway however I am attempting to route Vlan4 out Vlan3 using gateway 50.198.250.158 interface Vlan1 ip address 50.198.250.125 255.255.255.248 ip access-group 150 in no ip redirects ! interface Vlan2 ip address 50.198.250.118 255.255.255.248 interface Vlan3 ip address 50.196.73.157 255.255.255.248 ! interface Vlan4 ip address 50.196.73.150 255.255.255.248 ip policy route-map pbr ! ip default-gateway 50.198.250.126 ip classless ip route 0.0.0.0 0.0.0.0 50.198.250.126 ip http server ip http secure-server ! ! access-list 10 permit 50.196.73.144 0.0.0.7 route-map pbr permit 10 match ip address 10 set ip next-hop 50.196.73.158 !
03-28-2013 08:03 PM
Fernando
I am not sure why your PBR is not working and so am not sure that any of my suggestions will fix it, but I do have some suggestions that you might try.
1) Most of my experience with PBR has used extended access lists in the route map. Logically I would think that your standard access list should work. But my first suggestion is to change your access list and create an extended access list and use the extended access list in the route map.
2) Going back to the idea of using a standard access list, since you want all traffic arriving on that VLAN interface to be routed out VLAN 3 I suggest that you change the access list to something like this
access-list 10 permit any
3) Getting around possible issues with the access list, since you want all traffic arriving on that interface routed out vlan 3 I would suggest try removing the match ip address statement from the route map. So the route map would have a set statement but no match statement.
Give these a try and let us know if any of them help.
HTH
Rick
03-29-2013 07:19 AM
ok here is the latest made changes but nothing here is current config of interfaces in question.. interface Vlan3 ip address 50.196.73.157 255.255.255.248 ! interface Vlan4 ip address 50.196.73.150 255.255.255.248 ip policy route-map comcast2 ip access-list extended acl-pbr permit ip any any route-map comcast2 permit 10 match ip address acl-pbr set ip next-hop 50.196.73.158 Do you have a sample config that works? Also I am running ios ver.. c3550-ipservicesk9-mz.122-44.SE6.bin
03-29-2013 07:35 AM
I also tested by removing the match ip address statement and nothing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide