Cisco Switching/Routing :: 3750 Route Map Counters
Mar 19, 2012
We're running a simple policy map on a 3750 stack (IOS version 12.2(53)SE2), but the route-map counters do not show any matches:
NYKIRDRCX01#sh route-map
route-map remote-route, permit, sequence 51
Match clauses:
ip address (access-lists): remoteACL
Set clauses:
ip next-hop 192.168.101.5
Policy routing matches: 0 packets, 0 bytes
However, I've confirmed via our netflow monitor that the traffic we're trying to send to the appropriate next hop is, indeed, getting there correctly.
I've seen issues in the past with a 3750 not reporting counters correctly.
View 2 Replies
ADVERTISEMENT
Jun 10, 2010
I try to enter the command "ip policy route-map" on 3750's interface. But the command doesn't appear. Why? Whereas I see several times that this command is possible on this switch. What I have to do to enter this command?
View 3 Replies
View Related
Nov 19, 2012
I have a 3750 stack with several vlans and svi's. We have had no need to route between them until now. Here is what I have done...
Created the vlans.. vlan 1 and vlan 25
Given each vlan an ip address vlan 1 10.0.0.2 and vlan 25 is 192.168.5.250
no shut on everything
ip routing
sdm routing preferred
default route 0.0.0.0 0.0.0.0 (isp)
If I'm on the switch I can ping anything on vlan 1 and anything on vlan 25 (the device I'm pinging on vlan25 is the svi and a dsl router 192.168.5.1) From a computer on vlan 1 I can ping the gateway/svi for vlan 1 and the svi for vlan 25 but no devices including the dsl router which pinged fine. If I put the computer on an access port for vlan 25 I can ping everything just fine on vlan 25 but not vlan 1 (gateway set correctly)
As a test I put in a static route ip route 195.113.20.11 255.255.255.255 192.168.5.1
I did a traceroute from the switch and it comes through great. I did a traceroute from the computer and it hits my gateway of 10.0.0.2 vlan 1 and stops.
View 13 Replies
View Related
May 2, 2012
I have Catalyst 3750. and 2 ISPs
I wanted to use, let say on port5 of Catalyst 3750 only 2nd the ISP will route to this port.
The rest is pointed to the 1st ISP.
Im thinking of using VLAN..
View 7 Replies
View Related
Feb 16, 2012
I have a 3750 switch and I am trying to configure PBR (route-maps) in it.But when I try to apply the policy to a vlan interface the policy does not show in the interface.So I can not use PBR to choose my default gateway!Question: Does PBR work in a 3750 switch? Can PBR be configured in a vlan interface? There is any problem with the IOS that I do not know?
View 5 Replies
View Related
Jul 27, 2010
IP SLA configuration fails over but cannot ping the 4.2.2.2 via Site B. Here is the output on Cisco 3750...
SW2#show runBuilding configuration...
Current configuration : 2901 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname SW2!boot-start-markerboot-end-marker!!!!no aaa
[Code].....
View 5 Replies
View Related
Feb 6, 2013
I have a Cisco 3750 stack with 5 members.
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 24 WS-C3750G-24T 12.2(55)SE6 C3750-IPSERVICESK9-M
2 24 WS-C3750G-24T 12.2(55)SE6 C3750-IPSERVICESK9-M
* 3 24 WS-C3750G-24T 12.2(55)SE6 C3750-IPSERVICESK9-M
4 52 WS-C3750G-48TS 12.2(55)SE6 C3750-IPSERVICESK9-M
5 52 WS-C3750G-48TS 12.2(55)SE6 C3750-IPSERVICESK9-M
I have recently set the sdm prefer template to routing to allow route-maps and rebooted the stack:
3750GCORE#show sdm preferThe current template is "desktop routing" template.The selected template optimizes the resources inthe switch to support this level of features for8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K number of IPv4 IGMP groups + multicast routes: 1K number of IPv4 unicast routes: 11K number of directly-connected IPv4 hosts: 3K number of indirect IPv4 routes: 8K number of IPv4 policy based routing aces: 0.5K number of IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 1K
I still cannot apply a route map to a vlan interface however:
I have preconfigured the route map as per below to take traffic from one particular client and pass it to the inside interface of our ASA firewall:(yes i know 192.9.0.0 is a public network, its an inherited problem that is in process of being remedied!)
ip access-list extended TEST
permit ip host 192.9.216.234 any
permit icmp host 192.9.216.234 any
permit tcp host 192.9.216.234 any
route-map TEST_MAP permit 9
match ip address TEST
set ip default next-hop 192.9.201.10
When i do the following I get this error from debug:
3750GCORE#config t
Enter configuration commands, one per line. End with CNTL/Z.
3750GCORE(config)#int vlan 216
3750GCORE(config-if)#ip policy route-map TEST_MAP
3750GCORE(config-if)#
007804: Feb 8 03:16:55: %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map TEST_MAP not supported for Policy-Based Routing
when I show the running config, the route-map is not there.3750GCORE#show running-config int vlan 216Building configuration...Current configuration : 205 bytes!interface Vlan216
no ip redirectsip directed-broadcast 101end
why TEST_MAP is not supported?
View 2 Replies
View Related
Jun 20, 2012
I have a 3750 at a branch running EIGRP connected to two routers that both have configured:
access-list 1 deny 0.0.0.0
access-list 1 permit any
access-list 2 permit 0.0.0.0
access-list 2 deny any
router eigrp 1distribute-list 1 out FastEthernet0/0distribute-list 2 in FastEthernet0/0
Due to this recently applied config the switch become unreachable from the outside and cannot ping anything. Everything connected to it works fine. I was able to remote into it from a switch behind it and noticed that the 3750 has no default route in the routing table. I do see a default route in the eigrp topology table. How to make the switch learn a default route maintaining the existing configuration on the routers.
View 3 Replies
View Related
Feb 13, 2013
I'm attempting to redistribute a static route into EIGRP on a 3750 switch and pass it to an upstream router, sadly however this isn't working, or at least the route isn't being recieved on the upstream router. [code]
View 10 Replies
View Related
Mar 26, 2013
We have a 14 offfice MPLS network. All offices have Cisco 3750s running OSPF which replicate route tables via our providers BGP peers. I am introducing a new network in our SF office which is not directly connected so in SF we have a static route "ip route 172.16.20.0 255.255.255.0 192.168.100.1. I want our other offices to learn this route route via OSPF so that they know how to get to the new network. My problem is that of course remote sites do not see our static routes and i have tried to add this via ospf but the switch will not propagate this route because it is not directly connected to the switch in SF.
router ospf 1
log-adjacency-changes
network 10.2.0.0 0.0.0.255 area 2.2.2.2
[Code]......
View 5 Replies
View Related
Dec 12, 2012
Cannot set route map on interface vlan. which in non default vrf on Cisco 3750.IOS c3750-ipservicesk9-mz.122-55.SE.bin sdm prefer route in enable ip vrf users rd 200:0 route-target export 200:0 route-target import 200:0 interface Vlan201 description Users 1 ip vrf forwarding users ip address 10.31.76.1 255.255.252.0 ip helper-address 10.31.4.57 route-map fromuser permit 10 match ip address fromuser set ip next-hop 10.31.128.155 When I enter "ip policy route-map fromuser" to interface Vlan 201 I heve the message:
% Remove VRF configuration from interface Vlan201 first
View 5 Replies
View Related
Apr 23, 2013
I have a client with a 3750x stack. We've upgraded it to IP Services. We have a simple PBR setup. One access-list to forward traffic from a specific LAN ip to another gateway on the network.
I go to vlan1 (default vlan) to apply the PBR and the command takes with no errors, but do a "show run" and it doesn't show up under the interface.
I go to vlan1 and apply a PBR that doesn't exist and the command takes with no errors, and is listed under the interface in the config
I can apply the PBR globally and appears to work, but we can't have it there based on other issues it creates.
config: (all tracks are up)
C3750_stack#show sdm prefer
The current template is "desktop routing" template.
[Code]....
View 8 Replies
View Related
Jun 3, 2013
Actually i have a design from my customer who have ( Cisco core switch 3750 (allports fiber ports) which is connected to L2 switches , these switches carry servers and end users .the only routing protocol on the access switches is static route ,
My question how can i route the traffic from the server to the end user , as the the server is not direct connect to the core switch.
View 6 Replies
View Related
Nov 1, 2012
I am trying to configure policy based routing however when i try to apply to an interface vlan. The configuration does not show in the interface.
route-map OTHER_ROUTE permit 10
match ip address OTHER_ROUTE
set ip next-hop x.x.x.x
[Code]....
View 4 Replies
View Related
Oct 15, 2012
i wonder if i can make a backup static route for an existing link over wan using the below diagram
the Core Switch type is 3750 in both sides i`m using only static routing for all destination like
Core1:
ip route 192.168.8.0 255.255.255.0 172.10.10.30
Core2:
ip route 172.17.200.0 255.255.255.0 192.168.100.105
requirements is to track the reachibility for the core ip address from both sides & change the routing automatically to the backup tunnel line
View 1 Replies
View Related
Apr 22, 2012
Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , below is the configuration.
In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .
sh boot
coreswitch#sh boot
BOOT path-list : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin
[Code].....
View 9 Replies
View Related
May 30, 2013
We have a cisco 3750-48 port switch.We have a few SVI's configured and some static routes configured.I had created a new interface vlan and gave it an IP. I can ping the gateway.
Now I want to add a static route to go out that interface.when I add: ip route 10.x.x.x 255.255.255.0 10.52.10.1
it eccepts it (no errors) But, it does not show in the routing table nor in the config? How to add the static route to go out that vlan interface.
View 15 Replies
View Related
May 15, 2012
I notice strange input rates on the interfaces of a 881 router:
show int fa4
..
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec
..
30 second input rate 85000 bits/sec, 11 packets/sec
30 second output rate 16000 bits/sec, 9 packets/sec
221434 packets input, 287889736 bytes
..
..
142286 packets output, 15683576 bytes, 0 underrun
How can 11 packets/sec be 85000 bits/sec -- average packet size of 8KB?. The total packets input (221434 packets versus 287+ MB) also shows this kind of a 10KB+ average packet size. There is ahardly any traffic through the router when the above snapshot was taken so 11 packets/sec sounds right, but not the 85Kbits/sec.
The router is running c880data-universalk9-mz.151-4.M4.bin and config is simple with a single Vlan (inside NAT) with a public IPs on fa4 and a couple of IPs for dynamic NAT. Everything works fine except for these interface counters that look worng.
View 1 Replies
View Related
Oct 16, 2012
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
View 2 Replies
View Related
Dec 5, 2012
Ive got a 494810ge switch, and this parameters are important for me:
sh int gi 1/4 counters detail
Port InBytes InUcastPkts InMcastPkts InBcastPkts
Gi1/4 252819467437788 173264735013 10827 760
Port OutBytes OutUcastPkts OutMcastPkts OutBcastPkts
Gi1/4 36657317030233 280590958051 5248439 5443194
Port InPkts 64 OutPkts 64 InPkts 65-127 OutPkts 65-127
Gi1/4 558420918 205564441592 2627477631 60865368994
[code]....
Some parameters i can get by snmp (InBytes,InUcastPkts,InMcastPkts, and so on from out), but how can i take other parameters? I would like to do it by snmp but i did not find proper oids. Now I making a sheme like this: eem every 90 seconds takes this info and writes it down to file into nvram and then send it by scp to server, where file is processed by monitoring system script. It is not very good, cause cisco system cpu sometimes spikes of this and i dont know a resourse of nvram, how much times can i write to it?
View 2 Replies
View Related
Oct 28, 2012
how I can check the qos counters and stats for interfaces on my cat 6509 ?
View 1 Replies
View Related
Dec 9, 2012
vlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
View 5 Replies
View Related
Feb 16, 2012
I have a new MPLS circuit being stood up for my site; it’s going to replace a site to site VPN connection to our "Headquarters." I want to test this without affecting my production networks. Without getting into alot of details, the admin at the remote site is not very cooperative and basically doesn't want to set this up and I don't have access to his switching/routing. He is prepared to do minimal tasks if necessary. Ultimately, I am looking to test the new Vlan, once successful, route the traffic away from the Site to Site VPN connection to the MPLS circuit. Here is what I plan on doing, I need to determine if it is going to work.
LAN in my office uses EIGRP for routing. MPLS (10.1.1.253) uses OSPF (area 0) and BGP. Currently, traffic destined to headquarters (10.10.1.1/24) uses the default route on a CAT3750 pointing to the firewall (ASA5520) (10.1.1.254).Create new VLAN/DHCP scope to use as a test Vlan to test the new MPLS circuit. 10.1.199.0/24Create static routes on 3750 destined for headquarters for L2L VPN traffic pointing to firewall so traffic to headquarters remains on the L2L connection. ip route 10.10.1.1 255.255.255.0 10.1.1.254 (once I share routes with OSPF, routes to Headquarters will be advertised over the MPLS)Create OSPF instance on the 3750 advertising only the new subnet so that the MPLS network knows to route this traffic over the MPLS for return traffic from headquarters. (this is where it is grey as I don’t know OSPF at all) The switch has a L3 interface which the MPLS router uses as its gateway, so there is direct communication.router-ospf 0 network 10.1.199.0 0.0.0.255 area 0 4. On 3750 create a PBR for the new subnet so that it is routed over the MPLS, (imagine test PC is 10.1.199.100), the remaining production subnets will use the static routes and ignore the OSPF routes because of the shorter administrative distance.Will the PBR route win over the static route for that one subnet? Is that all I need in the OSPF configuration? I see some configs that have neighbor statements with costs, authentication types etc..
View 3 Replies
View Related
Jun 30, 2012
Do I need the Universal image to perform stftp on a 3750 or 3750-X?
View 8 Replies
View Related
Feb 25, 2013
We have two catalyst 3560 switches running c3560-ipbasek9-mz.122-58.SE2.bin They are connected using etherchannel using gi 0/21 - 24 interfaces.
on 3560-1 switch, there isn't any ip-default gateway or ip route configured. It only have 1 interface vlan configured.
on 3560-2 switch, there is ip default gateway configured along with 1 interface vlan.
What i dont understand here is that, i can reach out to other subnets from 3560-1 switch in which the routing is not enabled?
View 4 Replies
View Related
Oct 10, 2011
I'm looking at adding a Cisco 3750-X switch running c3750e-universalk9-mz.122-55.SE1 (IP base license) into a stack of 3750-G switches running c3750-ipbasek9-mz.122-55.SE1.bin Given that the version and feature sets are the same I don't forsee any compatibility issues. Would there be any reason why a universal image wouldn't stack correctly with other switches running the single .bin file?
View 9 Replies
View Related
Feb 1, 2011
I need to use a 3750 switch running 12.2 code to route between two networks in a test setup.Switch#sh verCisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2006 by Cisco Systems, Inc. The idea for the test setup is 3750 emulates a client's live network which is two routers having a site-to-site tunnel connecting from their ISPs. This will allow me to test the tunnel configuration with the router configs that are in production but replacing one of the routers with an ASA.
View 3 Replies
View Related
Jan 22, 2012
I haven't got time to test different configurations yet. Just want to quickly ask here about the fall-over route-map configuration. I saw lots of example using pip prefix-list to specify the next-hop for tracking. Is that the only way you can do it? Can you just use a standard ACL to specify that host like permit host 10.2.2.2? ip prefix-list will do like ip prefix-list seq 5 permit 10.2.2.2/32. And you apply the prefix-list to route-map then. ACL will work?
View 2 Replies
View Related
Nov 18, 2008
I have a 3750g on which I am trying to configure the ip policy route-map command on each of the vlan interfaces. However after entering the command it does not appear. I'm not sure what to do at this point. I have changed the SDM template to routing and I am running the IPServices image.
View 2 Replies
View Related
Apr 3, 2012
I have a router with two interfaces what i need to filter the HTTP traffic from one interface and the rest of the traffic through the other on my cisco router 2800.
View 3 Replies
View Related
May 22, 2013
I have an MPLS network router(Router1) and an internet router(Internet1) at a site of mine(Site1). the MPLS router sends all unknown traffic out the internet router. Router1 is the default gateway for all hosts and directs the traffic.I also have another network at an alternate site (Site2) on the same mpls network also with an internet egress. It is composed of an MPLS router (router2) and an internet router (Internet2).I would like Router1 to send internet bound traffic out Internet2 if Internet1 is down. Basically the statement on Router1 for the unknown traffice is ip route 0.0.0.0 0.0.0.0 172.31.1.254I have never heard of IP SLA before but it seems to be the best method for this situation.
View 2 Replies
View Related
Apr 2, 2013
I have a cisco 890c-w with routing and wireless,contain 8 switch ports(fastethernet 0 - 7),one 100m route port( fastethernnet 8),one giga port gigagethernet 0
configuration pppoe,dialer1 can get WAN IP。
0-7 ports in vlan2,vlan2 config ip add 192.168.1.1
In router,ping 8.8.8.8 is ok,but ping 8.8.8.8 source 192.168.1.1 can not ok,so my pc can not go internet through 0-7 ports。
I think routing problem,but don't find reason
service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot system flash c890-universalk9-mz.151-4.M2.binwarm-rebootboot-end-marker!!enable password password!no aaa new-model!memory-size iomem 15service-module wlan-ap 0 bootimage autonomouscrypto pki token default removal timeout 0! ip source-route!ip cefip name-server 61.234.145.102ip multicast-routing no ipv6 cef!multilink bundle-name authenticatedvpdn enable!vpdn-group PPPoE!license udi pid CISCO892C-
[code]....
View 4 Replies
View Related
Dec 6, 2012
I have the following set up, at one of our sites:What I would like to do is take non 10.x.x.x web traffic, and pipe it through the ISP2 link, and keep all other 10.x.x.x traffic over the main ISP1 link. I would like to set this up on the L3 3750's that we have. Here is my configuration for the 3750's (IP's have been changed for security):
track 222 ip sla 222 reachability
track 223 ip sla 223 reachability
ip access-list extended INTERNETTRAFFIC
permit tcp 10.1.1.0 0.0.1.255 any eq www - Internet LAN subnet
permit tcp any 10.1.1.0 0.0.1.255 eq www
permit tcp any eq www 10.1.1.0 0.0.1.255
[code]....
I'm applying the policy route-map to the VLAN interface, but do not see any traffic, once I apply the interface. I'm not that experienced, with route-maps?
View 2 Replies
View Related
