Policy Based Routing on Cisco L3 Switch 3550 with IOS 12.1(22)
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by Al on April 30, 2008, 11:48 am
Please log in for more thread options I have a 3550 L3 switch and I am trying to implement policy based routing. My setup is as follows: PC1 | | | Switch 3550------- Appliance 1 | \ | \ | \ Firewall1 Firewall 2 | | | | VPN 1 VPN 2 | | | | |__Firewall 3__| | | | PC3 Currently, the switch sends all traffic bound for PC2 through Firewall 1 I want traffic from Appliance 1 going to PC2 to pass through Firewall 2 instead. To do this, I went into the Switch config and added the following: access-list 123 permit ip y.y.y.y 0.0.0.255 x.x.x.x 0.0.0.255 route-map test_map permit 10 match ip address 123 set ip next-hop 192.168.0.1 (IP of inside interface of Firewall 2) int vlan1 ip policy route-map test_map As far as I can tell, It's set up according to examples in Cisco documentation, but doesn't work. Can anyone see something I missed? Thanks. Al | |||||||||||||
|
Posted by on April 30, 2008, 12:25 pm
Please log in for more thread options http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example0918= 6a00802135d3.shtml Policy Routing with Catalyst 3550 Series Switch Configuration Example "You must modify the SDM template, such that it supports the 144-bit Layer 3 TCAM" Get that bit? | |||||||||||||
|
Posted by Al on May 1, 2008, 12:56 pm
Please log in for more thread options I performed this step at the very beginning... After logging into the
switch I entered the command: sdm prefered routing I then rebooted the switch. Once the switch reloaded, I entered the Access-list, route-maps, etc. When I do a show sdm prefered, the IOS confirms the current template is the Routing Template. Al. | |||||||||||||
| Similar Threads | Posted |
| Policy Based Routing on Cisco L3 Switch 3550 with IOS 12.1(22) | April 30, 2008, 11:48 am |
| PIX 7.0 policy based routing? | October 24, 2005, 8:57 am |
| policy based routing | November 4, 2005, 5:14 am |
| Policy based routing on a ASA | February 2, 2007, 5:03 pm |
| PIX 525, I think I need Policy-based routing?? | April 23, 2007, 9:45 pm |
| Policy based routing | April 30, 2008, 11:30 am |
| Policy Based Routing and/or NAT | May 7, 2008, 8:15 am |
| HSRP and Policy based Routing | October 26, 2005, 10:12 pm |
| Policy Based Routing Question | November 13, 2005, 7:38 pm |
| Policy Based Routing with 2 providers | April 18, 2008, 1:12 am |
| Policy routing based on destination port (layer4) | January 11, 2006, 12:02 pm |
| policy based routing for multiple tracking options question | April 9, 2006, 8:42 pm |
| intervlan routing and policy routing C3750 or C 4948 | October 19, 2005, 6:38 pm |
| Cisco 3550 VLAN-Internet routing problem | March 25, 2006, 7:15 am |
| Expandin Subnet on Cisco 3550 Layer 3 Switch | March 23, 2006, 4:31 pm |
>
> I have a 3550 L3 switch and I am trying to implement policy based
> routing. My setup is as follows:
>
> =A0 =A0 =A0 =A0 PC1
> =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 =A0 =A0 =A0 |
> =A0Switch 3550------- Appliance 1
> =A0 =A0| =A0 =A0 =A0 =A0 =A0 =A0 =A0\
> =A0 =A0| =A0 =A0 =A0 =A0 =A0 =A0 =A0 \
> =A0 =A0| =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0\
> Firewall1 =A0 =A0 =A0 =A0Firewall 2
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0VPN 1 =A0 =A0 =A0 =A0 =A0 =A0VPN 2
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 |__Firewall 3__|
> =A0 =A0 =A0 =A0 =A0 =A0 =A0|
> =A0 =A0 =A0 =A0 =A0 =A0 =A0|
> =A0 =A0 =A0 =A0 =A0 =A0 =A0|
> =A0 =A0 =A0 =A0 =A0 PC3
>
> Currently, the switch sends all traffic bound for PC2 through Firewall
> 1
>
> I want traffic from Appliance 1 going to PC2 to pass through Firewall
> 2 instead.
>
> To do this, I went into the Switch config and added the following:
>
> access-list 123 permit ip y.y.y.y 0.0.0.255 x.x.x.x 0.0.0.255
> route-map test_map permit 10
> =A0 match ip address 123
> =A0 set ip next-hop 192.168.0.1 (IP of inside interface of Firewall 2)
> int vlan1
> ip policy route-map test_map
>
> As far as I can tell, It's set up according to examples in Cisco
> documentation, but doesn't work. Can anyone see something I missed?