06-21-2012 08:02 AM - edited 03-04-2019 04:44 PM
I'm sure this question comes up alot but i cant find a deffinative answer.
We are about to install a cisco 2911 router to replace a linux based router.
The Cisco will have 5 gig ports, 4 ports connected to DSL modems each modem connected to a different ISP, and the last port connected to a Cisco LAN switch.
802.1q will be used on the internal router port to split the LAN segments up into VLAN's as the building contains lots of different businesses.
Each customer in the building has there own servers and set of public IP addresses assigned e.g
Customer A - ISP 1 uses 81.34.65.78 NAT'd to 10.0.0.1 Vlan 5 port 25 (SMTP)
Customer B - ISP 2 uses 217.23.67.87 NAT'd to 192.168.1.1 Vlan 6 port 25 (SMTP)
and so on
The outbound traffic also needs to go out of the correct DSL line which ever has been assigned to that customer.
Am i right in thinking the only way to do this will be to use "Route Maps" ??
(IP addresses above are made up, or at least not ours)
Solved! Go to Solution.
06-30-2012 04:12 AM
Hey Andy can you paste the complete working config, i would need the same shortly.
thanks in advance
CK
06-30-2012 08:14 AM
Spoke to soon, i'm on the last Client in the building and the route-map wont work (config is attached if anyone can help).
Its..
route-map vlan23-out permit 40
match ip address 123
set ip next-hop 87.194.168.1
As soon as i add the route-map the client loses internet, if i take the ip policy out from the gi 0/0.123 they work but going out of the wrong ISP as they use the default route.
The config isnt finshed yet i havent put in the acl's to block inter-vlan traffic etc, just need to get all the clients online first.
06-30-2012 08:27 AM
Just incase anyone notices the next hop IP is 87.194.168.90 on the route-map, ive done that so they can get internet access.
The next hop should be 87.194.168.1
04-07-2017 03:27 PM
It has pass long time now I can see but I wouldnt like to create a new topic for something simular.
So I am having a 2911 with two vdsl modules.
vdsl1 wan ip 2.84.XXX.XXX
vdsl2 wan ip 91.138.XXX.XXX
I have for each vdsl connection a different vlan so if I need someone to send it direct from one connection I can put him to the vlan X.
For vdsl1 its the vlan 50
For vdsl2 its the vlan 51
interface GigabitEthernet0/0.50
description *** vdsl1 ***
encapsulation dot1Q 50
ip address 10.10.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map RM1
!
interface GigabitEthernet0/0.51
description *** vdsl2 ***
encapsulation dot1Q 51
ip address 10.10.51.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map RM2
ip access-list extended ACL1
permit ip 10.10.50.0 0.0.0.255 any
ip access-list extended ACL2
permit ip 10.10.51.0 0.0.0.255 any
route-map RM2 permit 20
match ip address ACL2
set default interface Dialer2
!
route-map RM1 permit 10
match ip address ACL1
set default interface Dialer1
Any ideas or suggestions why this isn't working?
Thank you in advance
04-08-2017 10:35 AM
It would help us to give better answers if we knew more about your situation. In particular what is not working? Is it that the users do not have connectivity to remote resources (which could be issues with address translation or with routing, as well as issues with PBR)? Or do you know that PBR us not working? If PBR is not working then what part is not working? Is it not matching traffic correctly, or is it not using the correct path identified in the set command?
Give us more information to work with and we will try to make suggestions.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide