[c-nsp] 3560/3750 policy routing
ML
ml at kenweb.org
Tue Nov 3 08:27:23 EST 2009
Metalíza wrote:
> Peter Rathlev wrote:
>> On Mon, 2009-11-02 at 17:21 -0500, Ryan West wrote:
>>>> We're using a couple of 3560s for PBR with no problems forwarding
>>>> 100 Mbps+. There's no CPU load from the forwarding itself. We
>>>> haven't tried actually pushing it yet but are planning to try
>>>> sometime soon.
>>>>
>>>> The 3560 needs the "routing" SDM template for this to work; I guess
>>>> the 3750 also needs this.
>>>>
>>> What IOS version? I definitely had the proper SDM template applied, it
>>> won't work otherwise.
>>>
>>
>> It has been running IOS 12.2(50)SE1 IP Services "all its life" (some
>> months).
>>
>
> Hi guys,
>
> I have a similar problem:
>
> We have been using PBR for forwarding through an IP-in-IP tunnel:
>
> interface Tunnel0
> ip address 192.168.1.2 255.255.255.252
> tunnel source 147.32.98.1
> tunnel destination 147.32.127.190
> tunnel mode ipip
>
> ip access-list extended private-2-hill
> permit ip 10.13.0.0 0.0.255.255 147.32.112.0 0.0.15.255
> permit ip 10.13.0.0 0.0.255.255 147.32.30.0 0.0.1.255
> permit ip 10.13.0.0 0.0.255.255 147.32.99.0 0.0.0.255
> !
> route-map private-2-hill permit 10
> match ip address private-2-hill
> set interface Tunnel0
> !
> interface Vlan201
> ip address 10.13.0.1 255.255.0.0
> ip policy route-map private-2-hill
> !
> local policy route-map private-2-hill
> This had been all functional on 3560 with 12.2(44)SE. At first there had
> been set ip next-hop, but that hadn't worked, so I've switched to set
> interface.
>
> After replacement of IOS to 12.2(52)SE the "set interface" command was
> refused after appliance of route map to an SVI. But local PBR still
> worked. So I've changed to set ip next-hop (which has been accepted by
> IOS) but with no effect in forwarding (but the local PBR still have
> worked - because of the SW-based traffic?).
>
> After some debugging I've realized that there is broken PBR in the
> 12.2(52)SE for the 3560.
>
> Or am I wrong and have missed something?
>
I had the same problem on an ME3400. I could not use the remote end of
a GRE tunnel for PBR.
More information about the cisco-nsp
mailing list