[c-nsp] 3560/3750 policy routing

Metalíza metaliza at nithia.cz
Wed Nov 18 00:25:03 EST 2009 

ML wrote:
> Metalíza wrote:
>> Peter Rathlev wrote:
>>> On Mon, 2009-11-02 at 17:21 -0500, Ryan West wrote: 
>>>>> We're using a couple of 3560s for PBR with no problems forwarding
>>>>> 100 Mbps+. There's no CPU load from the forwarding itself. We
>>>>> haven't tried actually pushing it yet but are planning to try
>>>>> sometime soon.
>>>>>
>>>>> The 3560 needs the "routing" SDM template for this to work; I guess
>>>>> the 3750 also needs this.
>>>>>       
>>>> What IOS version? I definitely had the proper SDM template applied, it
>>>> won't work otherwise.
>>>>     
>>>
>>> It has been running IOS 12.2(50)SE1 IP Services "all its life" (some
>>> months).
>>>   
>>
>> Hi guys,
>>
>> I have a similar problem:
>>
>> We have been using PBR for forwarding through an IP-in-IP tunnel:
>>
>> interface Tunnel0
>> ip address 192.168.1.2 255.255.255.252
>> tunnel source 147.32.98.1
>> tunnel destination 147.32.127.190
>> tunnel mode ipip
>>
>> ip access-list extended private-2-hill
>> permit ip 10.13.0.0 0.0.255.255 147.32.112.0 0.0.15.255
>> permit ip 10.13.0.0 0.0.255.255 147.32.30.0 0.0.1.255
>> permit ip 10.13.0.0 0.0.255.255 147.32.99.0 0.0.0.255
>> !
>> route-map private-2-hill permit 10
>> match ip address private-2-hill
>> set interface Tunnel0
>> !
>> interface Vlan201
>> ip address 10.13.0.1 255.255.0.0
>> ip policy route-map private-2-hill
>> !
>> local policy route-map private-2-hill
>> This had been all functional on 3560 with 12.2(44)SE. At first there 
>> had been set ip next-hop, but that hadn't worked, so I've switched to 
>> set interface.
>>
>> After replacement of IOS to 12.2(52)SE the "set interface" command 
>> was refused after appliance of route map to an SVI. But local PBR 
>> still worked. So I've changed to set ip next-hop (which has been 
>> accepted by IOS) but with no effect in forwarding (but the local PBR 
>> still have worked - because of the SW-based traffic?).
>>
>> After some debugging I've realized that there is broken PBR in the 
>> 12.2(52)SE for the 3560.
>>
>> Or am I wrong and have missed something?
>>
>
> I had the same problem on an ME3400.  I could not use the remote end 
> of a GRE tunnel for PBR.

Finally I have solved it!

It's simple:-)

set ip next-hop 192.168.1.1 192.168.1.2

More generallly:

set ip next-hop <remote end-point> <local end-point>

-- 
-----------------------------------------------------------

                 Metaliza @ NitHiA
                 icq #: 63193671
                 skype: metaliza001

More information about the cisco-nsp mailing list