Guest

IP Routed Protocols

Policy Routing with Catalyst 3550 Series Switch Configuration Example

Cisco - Policy Routing with Catalyst 3550 Series Switch Configuration Example

Document ID: 47900

Updated: Nov 16, 2005

   Print

Introduction

This document provides a sample configuration for policy routing on Catalyst 3550 series switches. Catalyst 3550 series switches have hardware based forwarding, thus forwarding information is programmed in Ternary Content Addressable Memory (TCAM). In order for the TCAM to support Policy Based Routing (PBR), it should be formatted by changing the Switch Database Management (SDM) template. You must modify the SDM template, such that it supports the 144-bit Layer 3 TCAM. Refer to Understand and Configure the Switching Database Manager on Catalyst 3550 Series Switches for more information about SDM.

Note: The Catalyst 3550 has limitations on the route-maps commands you can use.

Prerequisites

Requirements

Ensure that you are knowledgable of these areas before you attempt this configuration:

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco IOS® Software Release 12.1.19-EA1a

  • Cisco Catalyst 3550

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Before you can enable policy routing, you must configure one of these commands in the global configuration mode, and then the configuration must be written and the switch reloaded:

  • sdm prefer extended-match

  • sdm prefer access extended-match

  • sdm prefer routing extended-match

CAT3550(config)# access-list 10 permit 20.20.20.0 0.0.0.255
CAT3550(config)# route-map pbr permit 10
CAT3550(config-route-map)# match ip address 10
CAT3550(config-route-map)# set ip next-hop 12.12.12.12

CAT3550(config)# int vlan 3
CAT3550(config-if)# ip policy route-map pbr
CAT3550(config-if)#
06:12:31: %L3TCAM-3-SIZE_CONFLICT: PBR requires enabling extended routing

CAT3550# show run int vlan 3
Building configuration...

Current configuration : 60 bytes
!
interface Vlan3
ip address 55.55.55.1 255.255.255.0

!--- Command not taken - you need to enable SDM.

end

CAT3550# conf t
Enter configuration commands, one per line. End with CNTL/Z.
CAT3550(config)# sdm prefer extended-match
Changes to the running SDM preferences have been stored, but cannot take effect 
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
CAT3550(config)# end

CAT3550# write
06:14:11: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
[OK] 

ltd-1-2# reload
Proceed with reload? [confirm]

You should be aware of unsupported commands—refer to Unsupported Route Map Commands if this configuration exists:

!
access-list 10 permit 20.20.20.0 0.0.0.255
route-map pbr permit 10
match ip address 10
set ip default next-hop 12.12.12.12
!

An error message is generated if you try to configure the policy route map on the interface:

CAT3550(config)# int vlan 3
CAT3550(config-if)# ip policy route-map pbr
CAT3550(config-if)# end
CAT3550#
00:02:29: %PBR-3-UNSUPPORTED_RMAP: Route-map pbr not supported for Policy-Based Routing

Network Diagram

This document uses this network setup:

cat3550pbr-1.gif

Configurations

This document uses this configuration:

The configuration takes traffic source from 20.20.20.X (access-list 10) and sends it to 30.30.30.2—the configuration overrides the default gateway set to 10.10.10.2.

CAT3550 (Cisco Catalyst 3550)
CAT3550# show running-config 
Building configuration...
.
.
!
interface Vlan1
 ip address 10.10.10.1 255.255.255.0
!
interface Vlan2
 ip address 20.20.20.1 255.255.255.0
 ip policy route-map pbr
!
interface Vlan3
 ip address 30.30.30.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip classless
ip http server
!
!
access-list 10 permit 20.20.20.0 0.0.0.255
route-map pbr permit 10
 match ip address 10
 set ip next-hop 30.30.30.2
!
.
!
end

When the set ip next-hop command is put the matching traffic cannot be seen in the output and it is an expected behavior on a switch. This is because a switch works on hardware only, and the show commands only present the information that is handled in software. The set ip next-hop is working all the time in hardware, because the routing table and process never get checked by the switch. It receives a packet and if that falls into the route-map statements then it is sent directly to the next hop that you specified, without checking the routing table.

The set ip default next-hop command first checks the entire routing table to see if there is another route to the destination. If no route is found, then the default next-hop is used.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Note: Refer to Important Information on Debug Commands before you use debug commands.

  • debug ip policy—Shows packets that are 'policy routed' or 'policy rejected'. An example of the debug ip policy command output is:

  *Dec 5 13:33:23.607: IP: s=20.20.20.3 (Vlan2), d=200.200.200.4, len 100, policy match
  *Dec 5 13:33:23.607: IP: route map pbr, item 10, permit
  *Dec 5 13:33:23.607: IP: s=20.20.20.3 (Vlan2), d=200.200.200.4 (Vlan3),len 100, policy routed
  *Dec 5 13:33:23.607: IP: Vlan2 to Vlan3 30.30.30.1
  *Dec 5 13:33:23.707: IP: s=20.20.20.3 (Vlan2), d=200.200.200.4, len 100, policy match
  *Dec 5 13:33:23.707: IP: route map pbr, item 10, permit
  *Dec 5 13:33:23.707: IP: s=20.20.20.3 (Vlan2), d=200.200.200.4 (Vlan3),len 100, policy routed
  *Dec 5 13:33:23.707: IP: Vlan2 to Vlan3 30.30.30.1
  *Dec 5 13:33:23.847: IP: s=20.20.20.3 (Vlan2), d=200.200.200.4, len 100, policy match
  *Dec 5 13:33:23.847: IP: route map pbr, item 10, permit

Related Information

Updated: Nov 16, 2005
Document ID: 47900