|
Posted by on April 30, 2008, 12:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi all,
>
> I have a 3550 L3 switch and I am trying to implement policy based
> routing. My setup is as follows:
>
> =A0 =A0 =A0 =A0 PC1
> =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 =A0 =A0 =A0 |
> =A0Switch 3550------- Appliance 1
> =A0 =A0| =A0 =A0 =A0 =A0 =A0 =A0 =A0\
> =A0 =A0| =A0 =A0 =A0 =A0 =A0 =A0 =A0 \
> =A0 =A0| =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0\
> Firewall1 =A0 =A0 =A0 =A0Firewall 2
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0VPN 1 =A0 =A0 =A0 =A0 =A0 =A0VPN 2
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 |
> =A0 =A0 |__Firewall 3__|
> =A0 =A0 =A0 =A0 =A0 =A0 =A0|
> =A0 =A0 =A0 =A0 =A0 =A0 =A0|
> =A0 =A0 =A0 =A0 =A0 =A0 =A0|
> =A0 =A0 =A0 =A0 =A0 PC3
>
> Currently, the switch sends all traffic bound for PC2 through Firewall
> 1
>
> I want traffic from Appliance 1 going to PC2 to pass through Firewall
> 2 instead.
>
> To do this, I went into the Switch config and added the following:
>
> access-list 123 permit ip y.y.y.y 0.0.0.255 x.x.x.x 0.0.0.255
> route-map test_map permit 10
> =A0 match ip address 123
> =A0 set ip next-hop 192.168.0.1 (IP of inside interface of Firewall 2)
> int vlan1
> ip policy route-map test_map
>
> As far as I can tell, It's set up according to examples in Cisco
> documentation, but doesn't work. Can anyone see something I missed?
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example0918=
6a00802135d3.shtml
Policy Routing with Catalyst 3550 Series Switch Configuration Example
"You must modify the SDM template, such that it supports the 144-bit
Layer 3 TCAM"
Get that bit?
|