RE: SVI PBR

From: Tim Gregory (tgregory@lincoln.ac.uk)
Date: Tue Aug 29 2006 - 13:10:30 ART

• Next message: Tim Gregory: "RE: SVI PBR"
• Previous message: Joe Freeman: "RE: SVI PBR"
• Maybe in reply to: Tim Gregory: "SVI PBR"
• Next in thread: Tim Gregory: "RE: SVI PBR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
 
i;ve tried all you've suggested before I posted this :] setting the interface doesn't seem to be supported on 3560s as if I set the interface as the tunnel, the interface accepts the ip policy route command, but it doens't show up in the running config, and it doesn't show up in the output of "show ip policy" i've set the SDM config to routing so the switch does support this.
 
Thing is, it sort of works for off packets, if I do a show route map, it shows like 1 or 2 packets have been policy routed, from a constant ping, also the access-list shows a few matches...
 
Also, i've tried prefix lists, standard, extended, named ACLs.. all the same results.. I think its something to do with the way an SVI switches packets, because not every packet is routed... route once switch many, however im not sure if "ip route-cache policy" makes the interface check every packet....
 
Thanks anyway.

________________________________

From: Max Bozeman [mailto:maxbozeman@excite.com]
Sent: Tue 29/08/2006 16:48
To: tgregory@lincoln.ac.uk; ccielab@groupstudy.com
Subject: RE: SVI PBR

Have never tried this on a switch, but if the tunnel is terminated on the switch, then here are a couple of suggestions:

1. If you are trying to send all IP traffic down the tunnel, then use a standard access-list.

2. Instead of setting next-hop, set the interface to the tunnel interface.

having said that without seeing the full config (and possibly labbing it) I couldn't tell you why yours is not working.

 --- On Tue 08/29, Tim Gregory < tgregory@lincoln.ac.uk > wrote:

From: Tim Gregory [mailto: tgregory@lincoln.ac.uk]

To: ccielab@groupstudy.com

Date: Tue, 29 Aug 2006 15:56:36 +0100

Subject: SVI PBR

Hi Guys..<br><br>When you configure PBR on a SVI, does it behave normally?<br><br>Basically I've got a scenario where I need to take some traffic coming<br>from a particular subnet and force it down a gre tunnel, so I've<br>configured the interface like this..<br><br>interface Vlan24<br> ip address 10.1.24.129 255.255.255.128<br> ip helper-address 194.80.56.107<br> ip route-cache policy<br> ip policy route-map force-tunnel<br><br>route-map force-tunnel permit 10<br> match ip address route2blue<br> set ip next-hop 10.254.253.1<br><br>ip access-list extended route2blue<br> permit icmp 10.1.24.128 0.0.0.127 any<br> permit ip 10.1.24.128 0.0.0.127 any<br><br><br><br><br>But traffic still follows the normal ip routing table path, I can't for<br>the life of my figure out why its not being routed down the next hop of<br>10.254.253.1.... Im sure its something very basic :[<br><br>Thanks...<br><br>_______________________________________________________________________<br>Subscription
information may be found at: <br>http://www.groupstudy.com/list/CCIELab.html>

• Next message: Tim Gregory: "RE: SVI PBR"
• Previous message: Joe Freeman: "RE: SVI PBR"
• Maybe in reply to: Tim Gregory: "SVI PBR"
• Next in thread: Tim Gregory: "RE: SVI PBR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:59 ART