[c-nsp] 3560/3750 policy routing

Metalíza metaliza at nithia.cz
Tue Nov 3 02:57:16 EST 2009 

Peter Rathlev wrote:
> On Mon, 2009-11-02 at 17:21 -0500, Ryan West wrote: 
>   
>>> We're using a couple of 3560s for PBR with no problems forwarding
>>> 100 Mbps+. There's no CPU load from the forwarding itself. We
>>> haven't tried actually pushing it yet but are planning to try
>>> sometime soon.
>>>
>>> The 3560 needs the "routing" SDM template for this to work; I guess
>>> the 3750 also needs this.
>>>       
>> What IOS version? I definitely had the proper SDM template applied, it
>> won't work otherwise.
>>     
>
> It has been running IOS 12.2(50)SE1 IP Services "all its life" (some
> months).
>   

Hi guys,

I have a similar problem:

We have been using PBR for forwarding through an IP-in-IP tunnel:

interface Tunnel0
ip address 192.168.1.2 255.255.255.252
tunnel source 147.32.98.1
tunnel destination 147.32.127.190
tunnel mode ipip

ip access-list extended private-2-hill
permit ip 10.13.0.0 0.0.255.255 147.32.112.0 0.0.15.255
permit ip 10.13.0.0 0.0.255.255 147.32.30.0 0.0.1.255
permit ip 10.13.0.0 0.0.255.255 147.32.99.0 0.0.0.255
!
route-map private-2-hill permit 10
match ip address private-2-hill
set interface Tunnel0
!
interface Vlan201
ip address 10.13.0.1 255.255.0.0
ip policy route-map private-2-hill
!
local policy route-map private-2-hill 

This had been all functional on 3560 with 12.2(44)SE. At first there had 
been set ip next-hop, but that hadn't worked, so I've switched to set 
interface.

After replacement of IOS to 12.2(52)SE the "set interface" command was 
refused after appliance of route map to an SVI. But local PBR still 
worked. So I've changed to set ip next-hop (which has been accepted by 
IOS) but with no effect in forwarding (but the local PBR still have 
worked - because of the SW-based traffic?).

After some debugging I've realized that there is broken PBR in the 
12.2(52)SE for the 3560.

Or am I wrong and have missed something?

-- 
-----------------------------------------------------------

                 Metaliza @ NitHiA
                 icq #: 63193671
                 skype: metaliza001

More information about the cisco-nsp mailing list