Archive for July, 2013

Policy Based Routing using the Cisco Catalyst 3750

I’ve recently had the need to route specific VLANs using a switch.

Many would ask, ‘Why not just use a router?’, but obviously the ability to have mulitple VLAN interfaces on a switch is a common occurence nowadays and therefore this is where I will show you how to route a specific VLAN using a switch.

 

Firstly, out of the box, the Catalyst 3750 acts as a switch. All of its resources are used to be a switch and very little else.

The first job we need to do is to make sure the switch runs as a router. It needs to be able to reserve some of its resources to routing based commands and procedures, so firstly to change the switch to the routing template you issue the following command;

Switch(config)# sdm prefer routing extended-match

Switch(config)# end
Switch# wr mem
Switch# reload
Proceed with reload? [confirm]

 

It may be worth noting that the ‘reload’ command issues a cold reboot tot he switch, so just make sure you aren’t doing this in the middle of the day or something like that, without scheduled downtime!

You can find a more detailed list of the changes made when switching the template at the following URL – http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_53_se/configuration/guide/swsdm.html#wpxref88774

 

Once the switch is operational again, the first thing to do is to jump in to configuration mode, and create the route-map. The route-map will contain the next hop for the specific interface / VLAN.

An example of this would be 

CAT3750(config)# access-list 10 permit 20.20.20.0 0.0.0.255
CAT3750(config)# route-map pbr permit 10
CAT3750(config-route-map)# match ip address 10
CAT3750(config-route-map)# set ip next-hop 12.12.12.12

CAT3750(config)# int vlan 3
CAT3750(config-if)# ip policy route-map pbr

 This would create an access list by which a condition is made, (for example the source IP must match whatever is defined), and also the location. I would generally leave this open to any, just for ease unless it is needed.

It would then pass to the VLAN 3 ID, and look-up the route-map policy to say, you are from here, you should hop to this IP, instead of the default ip route specified on the router.

 

It’s a great tool for using for when trying to divert some traffic over a slower connection, and more heavy traffic over a better connection.

Advertisements

2 Comments