Cisco 3550 - IP policy Routing
Hi everyone
I have a problem that really freaked me out
It's related to Ip policy routing on cisco 3550
We have 4 3com SW which are connected to our cisco 3550,(Trunk links)
I've created 4 vlans and their appropriate interface vlan on c3550 I've configured c3550 as DHCP server too (DHCP network range : 192.168.200.0)
The defualt route for the c3550 is to our 3570 SW (c3570 192.168.53.129) and then goes to Internet
We have a lan manager which NAT the invalid IP addresses to have internet access , it have 2 interfaces connected to c3550 (1 interface have valid IP and the other Invalid IP (192.168.199.2)
I want the traffic related to those clients which get IP address from C3550 DHCP , goes to LAN manager so I use route map and IP policy but when I set the ip policy on the interface vlan the clients wouldn't be able to ping the defualt gateway anymore
Trunk
3com --------->
3com --------->
3com ---------> Defualt route to
3com ---------> CISCO 3550 -----------------------> c3570 192.168.53.129----- > Core Router ----> Internet
| |
| | Vlan 205
| |
| |
LAN Manager
cisco 3550 configurations :
!
ip dhcp pool Call-Center
network 192.168.200.0 255.255.255.224
default-router 192.168.200.1
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Technical
network 192.168.200.64 255.255.255.192
default-router 192.168.200.65
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Commercial
network 192.168.200.128 255.255.255.192
default-router 192.168.200.129
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Officail
network 192.168.200.192 255.255.255.192
default-router 192.168.200.193
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Financial
network 192.168.200.32 255.255.255.224
default-router 192.168.200.33
netbios-name-server 192.168.199.2
lease 7
interface FastEthernet0/3
description Call Center //----------------> this port on c3550 is connected to one of the 3com switches
switchport trunk encapsulation dot1q
switchport mode trunk
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/10 //--------------> this port connected to LAN MAnager invlaid interface
switchport access vlan 205
switchport mode access
no cdp enable
spanning-tree portfast
!
interface Vlan200
description Call-Center
ip address 192.168.200.1 255.255.255.224
ip policy route-map InternalLAN //-----------> When I set this command the clients cannot ping 192.168.200.1 anymore
!
interface Vlan201
description Technical
ip address 192.168.200.65 255.255.255.192
ip policy route-map InternalLAN
!
interface Vlan202
description Commercial
ip address 192.168.200.129 255.255.255.192
ip policy route-map InternalLAN
!
interface Vlan203
description Official
ip address 192.168.200.193 255.255.255.192
ip policy route-map InternalLAN
!
interface Vlan204
description Financial
ip address 192.168.200.33 255.255.255.224
ip policy route-map InternalLAN
!
interface Vlan205
ip address 192.168.199.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.53.129
access-list 150 permit ip 192.168.200.0 0.0.0.255 any
route-map test2 permit 10
match ip address 150
set ip next-hop 192.168.198.2
SDM is set to extended-match
c3550#sh sdm prefer
The current template is the default extended-match template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1K VLANs.
number of unicast mac addresses: 5K
number of igmp groups: 1K
number of qos aces: 1K
number of security aces: 1K
number of unicast routes: 4K
number of multicast routes: 1K
On 3com switches when I put a port on vlan 200 it get an IP address from cisco DHCP pool and it can ping the defualt gateway but when I apply the
ip policy on interface vlan 200 it cannot ping it's defualt gateway (192.168.200.1) anymore
this Senario is exactly the same as here on cisco website:http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00802135d3.shtml
I've changed the port connected to LAN manager to routed port but , I had the same problem
I've also apply the ip policy on vlan 1 and it didn't work too....
and cisco 3550 doesnt support this set command :
Unsupported Route Map Commands
match length
route-map map-tag deny
set automatic-tag
set dampening half-life reuse suppress max-suppress-time
set default interface
set interface
set ip default next-hop
set ip destination ip-address mask
set ip df
set ip precedence value
set ip qos-group
set tag tag-value
set ip tos
I have a problem that really freaked me out
It's related to Ip policy routing on cisco 3550
We have 4 3com SW which are connected to our cisco 3550,(Trunk links)
I've created 4 vlans and their appropriate interface vlan on c3550 I've configured c3550 as DHCP server too (DHCP network range : 192.168.200.0)
The defualt route for the c3550 is to our 3570 SW (c3570 192.168.53.129) and then goes to Internet
We have a lan manager which NAT the invalid IP addresses to have internet access , it have 2 interfaces connected to c3550 (1 interface have valid IP and the other Invalid IP (192.168.199.2)
I want the traffic related to those clients which get IP address from C3550 DHCP , goes to LAN manager so I use route map and IP policy but when I set the ip policy on the interface vlan the clients wouldn't be able to ping the defualt gateway anymore
Trunk
3com --------->
3com --------->
3com ---------> Defualt route to
3com ---------> CISCO 3550 -----------------------> c3570 192.168.53.129----- > Core Router ----> Internet
| |
| | Vlan 205
| |
| |
LAN Manager
cisco 3550 configurations :
!
ip dhcp pool Call-Center
network 192.168.200.0 255.255.255.224
default-router 192.168.200.1
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Technical
network 192.168.200.64 255.255.255.192
default-router 192.168.200.65
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Commercial
network 192.168.200.128 255.255.255.192
default-router 192.168.200.129
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Officail
network 192.168.200.192 255.255.255.192
default-router 192.168.200.193
netbios-name-server 192.168.199.2
lease 7
!
ip dhcp pool Financial
network 192.168.200.32 255.255.255.224
default-router 192.168.200.33
netbios-name-server 192.168.199.2
lease 7
interface FastEthernet0/3
description Call Center //----------------> this port on c3550 is connected to one of the 3com switches
switchport trunk encapsulation dot1q
switchport mode trunk
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/10 //--------------> this port connected to LAN MAnager invlaid interface
switchport access vlan 205
switchport mode access
no cdp enable
spanning-tree portfast
!
interface Vlan200
description Call-Center
ip address 192.168.200.1 255.255.255.224
ip policy route-map InternalLAN //-----------> When I set this command the clients cannot ping 192.168.200.1 anymore
!
interface Vlan201
description Technical
ip address 192.168.200.65 255.255.255.192
ip policy route-map InternalLAN
!
interface Vlan202
description Commercial
ip address 192.168.200.129 255.255.255.192
ip policy route-map InternalLAN
!
interface Vlan203
description Official
ip address 192.168.200.193 255.255.255.192
ip policy route-map InternalLAN
!
interface Vlan204
description Financial
ip address 192.168.200.33 255.255.255.224
ip policy route-map InternalLAN
!
interface Vlan205
ip address 192.168.199.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.53.129
access-list 150 permit ip 192.168.200.0 0.0.0.255 any
route-map test2 permit 10
match ip address 150
set ip next-hop 192.168.198.2
SDM is set to extended-match
c3550#sh sdm prefer
The current template is the default extended-match template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1K VLANs.
number of unicast mac addresses: 5K
number of igmp groups: 1K
number of qos aces: 1K
number of security aces: 1K
number of unicast routes: 4K
number of multicast routes: 1K
On 3com switches when I put a port on vlan 200 it get an IP address from cisco DHCP pool and it can ping the defualt gateway but when I apply the
ip policy on interface vlan 200 it cannot ping it's defualt gateway (192.168.200.1) anymore
this Senario is exactly the same as here on cisco website:http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00802135d3.shtml
I've changed the port connected to LAN manager to routed port but , I had the same problem
I've also apply the ip policy on vlan 1 and it didn't work too....
and cisco 3550 doesnt support this set command :
Unsupported Route Map Commands
match length
route-map map-tag deny
set automatic-tag
set dampening half-life reuse suppress max-suppress-time
set default interface
set interface
set ip default next-hop
set ip destination ip-address mask
set ip df
set ip precedence value
set ip qos-group
set tag tag-value
set ip tos
Maybe this is too obvious, but you're invoking Policy Route-Map InternalLAN, but no such route map exists.
Do you mean for it to say "ip policy route-map test2" ?
Do you mean for it to say "ip policy route-map test2" ?
ASKER
no that was my mistake in copy/paste
the route map is ok ,, I created 2 route map,,,test2 and nternalLAN
the route map is ok ,, I created 2 route map,,,test2 and nternalLAN
Please upgrade it to EMI image!
ASKER
It's already EMI
here is sh ver :
System image file is "flash:/c3550-ipservices-m
here is sh ver :
System image file is "flash:/c3550-ipservices-m
this commands belongs to BGP config not policy routing....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
woow
exactly right...
I should understand it before....
anyway
thank u thank u thank u, Tony
exactly right...
I should understand it before....
anyway
thank u thank u thank u, Tony
You able to confgure VRF-lite, whic is eating less proccess, and you able to add the vrf the default gw the lan magager!