Enabling Pbr - Cisco Catalyst 3750 Software Configuration Manual

Chapter 28 Configuring IP Unicast Routing
•
•
•
•
•

Enabling PBR

By default, PBR is disabled on the switch. To enable PBR, you must create a route map that specifies
the match criteria and the resulting action if all of the match clauses are met. Then, you must enable PBR
for that route map on an interface. All packets arriving on the specified interface matching the match
clauses are subject to PBR.
Before enabling PBR, configure the PBR template by entering the sdm prefer routing-pbr global
Note
configuration command and reloading the switch.
PBR can be fast-switched or implemented at speeds that do not slow down the switch. Fast-switched
PBR supports most match and set commands. PBR must be enabled before you enable fast-switched
PBR. Fast-switched PBR is disabled by default.
Packets that are generated by the switch, or local packets, are not normally policy-routed. When you
globally enable local PBR on the switch, all packets that originate on the switch are subject to local PBR.
Local PBR is disabled by default.
Beginning in privileged EXEC mode, follow these steps to configure PBR:
Command
Step 1
configure terminal
Step 2
route-map map-tag [permit | deny]
[sequence number]
78-15870-01
You can apply a policy route map to an EtherChannel port channel in Layer 3 mode, but you cannot
apply a policy route map to a physical interface that is a member of the EtherChannel. If you try to
do so, the command is rejected. When a policy route map is applied to a physical interface, that
interface cannot become a member of an EtherChannel.
You can define a maximum of 246 IP policy route-maps on the switch.
You can define a maximum of 512 access control entries (ACEs) for PBR on the switch.
The number of TCAM entries used by PBR depends on the route map itself, the ACLs used, and the
order of the ACLs and route-map entries.
Policy-based routing based on packet length, IP precedence and TOS, set interface, set default next
hop, or set default interface are not supported. Policy maps with no valid set actions or with set
action set to Don't Fragment are not supported.
Purpose
Enter global configuration mode.
Define any route maps used to control where packets are output, and enter
route-map configuration mode.
map-tag—A meaningful name for the route map. The ip policy
route-map interface configuration command uses this name to reference
the route map. Multiple route maps might share the same map tag name.
(Optional) If permit is specified and the match criteria are met for this
route map, the route is policy-routed as controlled by the set actions. If
deny is specified, the route is not policy-routed.
sequence number (Optional)— Number that shows the position of a new
route map in the list of route maps already configured with the same
name.
Configuring Protocol-Independent Features
Catalyst 3750 Metro Switch Software Configuration Guide
28-95