Difference between revisions of "Route-map Cisco IOS"
From Teknologisk videncenter
m (→Example) |
m (→Example) |
||
| Line 56: | Line 56: | ||
Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway | Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway | ||
<source lang=cli> | <source lang=cli> | ||
| − | |||
| − | |||
| − | |||
ip access-list extended RFC1918 | ip access-list extended RFC1918 | ||
| − | remark 172.16/12 network not | + | remark 172.16.0.0/12 network not present internally |
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 | deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 | ||
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 | deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 | ||
permit ip 192.168.1.0 0.0.0.255 any | permit ip 192.168.1.0 0.0.0.255 any | ||
| + | ! | ||
| + | ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 | ||
! | ! | ||
route-map HETH permit 5 | route-map HETH permit 5 | ||
| Line 70: | Line 69: | ||
! | ! | ||
route-map HETH permit 10 | route-map HETH permit 10 | ||
| + | match ip address prefix-list DEFAULT | ||
set ip next-hop 10.0.0.34 | set ip next-hop 10.0.0.34 | ||
| − | |||
| − | |||
</source> | </source> | ||
Revision as of 10:46, 13 December 2009
Policy-Based Routing or PBR with Cisco IOS.
Contents
Enabling PBR on 3560 Switch platform
On the 3560 Switch platform you get the message %PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing when you apply a route-map to a Interface.
This is because the SDM (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory (TCAM). The TCAM is used for forwarding lookups. See [1]. There are some unsupported commands on IOS 12.2-25[2]
CEF uses default Source/Destination load sharing, ensuring same path for the packetstreams.[3]
Looking at the default configuration the switch had the following SDM configuration.
Core2#<input>sh sdm prefer</input>
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: <notice>0</notice>
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1KChanging SDM Bias
Core2(config)#<input>sdm prefer routing</input>
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Core2(config)#<input>^Z</input>
Core2#
1d00h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.0.0.30)
Core2#<input>reload</input>After reboot
Core2#<input>sh sdm prefer</input>
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: <notice>512</notice>
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1KExample
Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway
ip access-list extended RFC1918
remark 172.16.0.0/12 network not present internally
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
route-map HETH permit 5
match ip address RFC1918
set ip next-hop 10.0.0.30
!
route-map HETH permit 10
match ip address prefix-list DEFAULT
set ip next-hop 10.0.0.34Notes DT3 projekt
- ip route 0.0.0.0 0.0.0.0 dhcp on gateways
config Core 2
Core2(config)#<input>sdm prefer routing</input>
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Core2#<input>reload</input>ip prefix-list HETH seq 5 permit 0.0.0.0/0
access-list 64 permit 192.168.1.0 0.0.0.255
route-map HETH permit 5
match ip address prefix-list HETH
!
route-map HETH permit 10
match ip address 64
set ip next-hop 10.0.0.30 ! Gateway 1
!
route-map HETH permit 20
set ip next-hop 10.0.0.34
!
interface Port-channel2 ! 10.0.0.41
ip policy route-map HETH
!
interface Port-channel5 ! 10.0.0.45
ip policy route-map HETH
!
interface Port-channel6 ! 10.0.0.49
ip policy route-map HETH
!
interface Port-channel9 ! 10.0.0.37
ip policy route-map HETH
config Core 1
Core1(config)#<input>sdm prefer routing</input>
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Core1#<input>reload</input>ip prefix-list HETH seq 5 permit 0.0.0.0/0
access-list 64 permit 192.168.1.0 0.0.0.255
route-map HETH permit 5
match ip address prefix-list HETH
!
route-map HETH permit 10
match ip address 64
set ip next-hop 10.0.0.10 ! Gateway 1
!
route-map HETH permit 20
set ip next-hop 10.0.0.18
!
interface Port-channel3 ! 10.0.0.21
ip policy route-map HETH
!
interface Port-channel4 ! 10.0.0.5
ip policy route-map HETH
!
interface Port-channel7 ! 10.0.0.1
ip policy route-map HETH
!
interface Port-channel8 ! 10.0.0.25
ip policy route-map HETH
traceroute ip
172.16.4.16
192.168.3.1
y
10
traceroute ip
172.16.4.16
192.168.2.1
y
10