cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
245
Views
0
Helpful
5
Replies
e-see
Beginner

Policy routing with default route

I have two pix's in the network. I want to add sonme new vlan's that I want to goto one pix and other to the other pix. I already have a static default route. If I do policy routing with route maps for certain vlan's to take a certain default route, can I leave the overall static default route in the router. Which takes precendence, the route map or the static default route? I'm hoping the route map first for anything on the interface applied, but default route for others. Thanks

5 REPLIES 5
pedroquiroga
Beginner

Hi, you are rigth, the policy routing takes precedence over the static routes, just be sure about left a permit statement in the last entry of your route-map.

Regards

So, it's okay to leave the static route and it will be used if no route map, correct? What about the permit statement?

Yes, you can left the static route, for example look at this:

route-map policy-example permit 5

match ip address 113

set ip next-hop x.x.x.x

!

route-map policy-example permit 10

match ip address 112

set interface y.y.y.y

!

route-map policy-example permit 20

interface FastEthernet 5/1/0

ip policy route-map policy-example

In this route-map, the traffic coming to the FE 5/1/0 will go to x.x.x.x if match access-list 113 (statement 5), will go to y.y.y.y if match access-list 112 (statement 10), and the other traffic will be routed using the routing table, including static routes (statement 20).

Can I have 2 (set ip next-hop x.x.x.x) statements or something simular, say one with a higher cost. You see, if the preferred route is down I want it to goto to another with a higher cost in a route map.

You can configure the set ip next-hop like this:

set ip next-hop x.x.x.x y.y.y.y

if the router doesnt know how to reach x.x.x.x will go to y.y.y.y

This configuration only look in the routing table for a route to x.x.x.x, it doesn´t verify the host availability (making a ping or something like this),

If you want to made some verification (tracking the next hop by ICMP, or HTTP etc..), you will need to use PBR with Multiple Tracking Options, It´s available since 12.3(4)T.

To see an example look at this:

http://www.cisco.com/en/US/partner/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml

Regards

Content for Community-Ad