[c-nsp] 3560/3750 policy routing
Metalíza
metaliza at nithia.cz
Tue Nov 3 02:57:16 EST 2009
Peter Rathlev wrote:
> On Mon, 2009-11-02 at 17:21 -0500, Ryan West wrote:
>
>>> We're using a couple of 3560s for PBR with no problems forwarding
>>> 100 Mbps+. There's no CPU load from the forwarding itself. We
>>> haven't tried actually pushing it yet but are planning to try
>>> sometime soon.
>>>
>>> The 3560 needs the "routing" SDM template for this to work; I guess
>>> the 3750 also needs this.
>>>
>> What IOS version? I definitely had the proper SDM template applied, it
>> won't work otherwise.
>>
>
> It has been running IOS 12.2(50)SE1 IP Services "all its life" (some
> months).
>
Hi guys,
I have a similar problem:
We have been using PBR for forwarding through an IP-in-IP tunnel:
interface Tunnel0
ip address 192.168.1.2 255.255.255.252
tunnel source 147.32.98.1
tunnel destination 147.32.127.190
tunnel mode ipip
ip access-list extended private-2-hill
permit ip 10.13.0.0 0.0.255.255 147.32.112.0 0.0.15.255
permit ip 10.13.0.0 0.0.255.255 147.32.30.0 0.0.1.255
permit ip 10.13.0.0 0.0.255.255 147.32.99.0 0.0.0.255
!
route-map private-2-hill permit 10
match ip address private-2-hill
set interface Tunnel0
!
interface Vlan201
ip address 10.13.0.1 255.255.0.0
ip policy route-map private-2-hill
!
local policy route-map private-2-hill
This had been all functional on 3560 with 12.2(44)SE. At first there had
been set ip next-hop, but that hadn't worked, so I've switched to set
interface.
After replacement of IOS to 12.2(52)SE the "set interface" command was
refused after appliance of route map to an SVI. But local PBR still
worked. So I've changed to set ip next-hop (which has been accepted by
IOS) but with no effect in forwarding (but the local PBR still have
worked - because of the SW-based traffic?).
After some debugging I've realized that there is broken PBR in the
12.2(52)SE for the 3560.
Or am I wrong and have missed something?
--
-----------------------------------------------------------
Metaliza @ NitHiA
icq #: 63193671
skype: metaliza001
More information about the cisco-nsp
mailing list