Policy-based routing on Cisco Catalyst 3560 Series


Small howto for people who are interested in making policy-based routing feature on Catalyst 3560.
For example you need to use 2 different default routes for various VLANs.
Imagine you receive a default route via a dynamic routing protocol (BGP, OSPF, …).
You need for VLAN ID 10 to take another default route for a specific reason.
You create another default route via a static like this:

ip route outside_iface next_hop_ip 254

With that, this second default route will never be used because the first has a better metric.
=> the need to use PBR ;-)

First, you need to activate this feature by changing a setting in the global configuration:

sdm prefer routing

This command allows to use the PBR feature on a Cisco Catalyst 3560 series which is by default not available.
You have 4 modes:

  • routing
  • default
  • vlans
  • access

You can find more information about that via this URL

So … now you can start to configure PBR:

– Define an ACL to match which traffic will be affected by PBR:

access-list 2 permit

– Define a route-map to define a condition for this traffic, for example to specify another next-hop:

route-map PBR_VL10 permit 10
match ip address 2
set ip next-hop x.x.x.x ### where x.x.x.x corresponding to the IP next-hop for the second default route

– Apply PBR to the VLAN interface:

interface vlan 10
ip policy route-map PBR_VL10

That’s all ;-)


Leave a Reply