Hi @EarlGay !
I think the PBR (Policy-Based Routing) is the feature you are looking for. Only it can override routing table lookup and push the traffic to next-hop different from the one listed in the routing table.
If we still speak about 5130 switch, then IP routing is enabled by default and can't be disabled. When the communication between both PCs in different VLANs stopped - after applying PBR or it wasn't working even before PBR application?
It will help if you provide the following:
1. Configuration of both switch ports where those PCs are connected
2. 'display ip routing-table' output from the switch
3. Configuration of Vlan-interfaces of those both VLANs
4. 'ipconfig /all' (if PCs are running Windows) from both PCs (you can delete all information except IP address, subnet mask and default gateway)
5. 'route print' output from both PCs.
It is possible that your PCs have more that one active NIC, in this case default gateway of another adapter may have higher precedence and traffic may simply go out the wrong way.
Oh, I see, so it's because PBR intercepts all the traffic, even between VLANs. We need to add an exception to PBR to avoid that by creating two nodes in your PBR policy. First node will be, for example node 10 and will be deny node that will match the traffic between VLANs, second node, 'permit' node will match all the traffic. Because node 10 have higher preference, first PBR will check if the packet is inter-VLAN one and push it through the routing table. If the packet is not matched by node 10, then it will hit node 20 and will get to the desired next-hop.
Example:
you have two VLANS - VLAN 10 with subnet 10.0.10.0/24 and VLAN 20 with subnet 10.0.20.0/24. You want to forward all traffic to a next-hop 10.99.0.1, but traffic between VLANs 10 and 20 should be routed according the routing table, e.g. locally.
acl advanced 3000
rule 10 permit ip source 10.0.10.0 0.0.0.255 destination 10.0.20.0 0.0.0.255
rule 20 permit ip source 10.0.20.0 0.0.0.255 destination 10.0.10.0 0.0.0.255
#
acl advanced 3001
rule 10 permit ip
#
policy-based-route MyPBR deny node 10
if-match ACL 3000
#
policy-based-route MyPBR permit node 20
if-match ACL 3001
apply next-hop 10.99.0.1
#
interface Vlan-inteface10
ip policy-based-route MyPBR
#
interface Vlan-inteface20
ip policy-based-route MyPBR
It's just an example, but I think you got the idea - the 'deny' PBR node doesn't mean 'drop the traffic', it means 'exclude it from PBR process'. The rest is pretty straightforward.
Hope this helps!
The wildcard mask that matches VLAN 1 traffic is incorrect. The wildcard is the inverse netmask and since you have subnet mask 255.255.224.0 in VLAN 1, you need to modify ACL 3000 as follows:
acl advanced 3000
rule 10 permit ip source 192.168.0.0 0.0.31.255 destination 10.10.1.0 0.0.0.255
rule 20 permit ip source 10.10.1.0 0.0.0.255 destination 192.168.0.0 0.0.31.255