Re: [c-nsp] 3560/3750 policy routing

Tue, 17 Nov 2009 21:34:02 -0800 

ML wrote:

Metalíza wrote:

Peter Rathlev wrote:
On Mon, 2009-11-02 at 17:21 -0500, Ryan West wrote: 
We're using a couple of 3560s for PBR with no problems forwarding
100 Mbps+. There's no CPU load from the forwarding itself. We
haven't tried actually pushing it yet but are planning to try
sometime soon.

The 3560 needs the "routing" SDM template for this to work; I guess
the 3750 also needs this.

What IOS version? I definitely had the proper SDM template applied, it
won't work otherwise.


It has been running IOS 12.2(50)SE1 IP Services "all its life" (some
months).


Hi guys,

I have a similar problem:

We have been using PBR for forwarding through an IP-in-IP tunnel:

interface Tunnel0
ip address 192.168.1.2 255.255.255.252
tunnel source 147.32.98.1
tunnel destination 147.32.127.190
tunnel mode ipip

ip access-list extended private-2-hill
permit ip 10.13.0.0 0.0.255.255 147.32.112.0 0.0.15.255
permit ip 10.13.0.0 0.0.255.255 147.32.30.0 0.0.1.255
permit ip 10.13.0.0 0.0.255.255 147.32.99.0 0.0.0.255
!
route-map private-2-hill permit 10
match ip address private-2-hill
set interface Tunnel0
!
interface Vlan201
ip address 10.13.0.1 255.255.0.0
ip policy route-map private-2-hill
!
local policy route-map private-2-hill
This had been all functional on 3560 with 12.2(44)SE. At first there had been set ip next-hop, but that hadn't worked, so I've switched to set interface.
After replacement of IOS to 12.2(52)SE the "set interface" command was refused after appliance of route map to an SVI. But local PBR still worked. So I've changed to set ip next-hop (which has been accepted by IOS) but with no effect in forwarding (but the local PBR still have worked - because of the SW-based traffic?).
After some debugging I've realized that there is broken PBR in the 12.2(52)SE for the 3560. 

Or am I wrong and have missed something?
I had the same problem on an ME3400. I could not use the remote end of a GRE tunnel for PBR. 

Finally I have solved it!

It's simple:-)

set ip next-hop 192.168.1.1 192.168.1.2

More generallly:

set ip next-hop <remote end-point> <local end-point>

--
-----------------------------------------------------------

                Metaliza @ NitHiA
                icq #: 63193671
                skype: metaliza001

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to