Hello
I have a working system coming from another Thread which was solved but now I am curious if how I got it all to work was correct or a forceful band-aid.
https://community.cisco.com/t5/routing/can-not-get-internet-access-or-nat-translations-on-my-isrc1111/td-p/5342191
Now, some of that has changed as I was figuring out other things, but the result is to be the same; 7 vlans, 6 going towards ISP1 and 1 going towards ISP2 but all can communicate together through the SG350XG Switch in which they connect to without having to touch each Router then route back to the Switch [inter-vlan]. Not as simple as it seems as there are two initial routes for them to connect to their own ISP's.
What I have done is, vlan 2- 7 use the static route 0.0.0.0 0.0.0.0 10.0.1.1 to reach ISP1 and vlan 8 I can not utilize it's own static route to confuse the default static route so I created a PBR to reach ISP2. Works fine!! Until I realized they would all communicate but have to route to their respective routers then route back to communicate. This is important to me because my Network is 10G, 10G Nics, 10G Switch etc and so if/when I transfer from vlan 8 to let's say 5, it would slow down to 1G to route through the ISR. So I created the ACL to block vlan 2-7 but allow 8; which works. With default next-hop and PBR and ACL, is my setup legit?
switchbf585b
!
vlan database
vlan 2-8
exit
ip dhcp server
ip dhcp pool network 4.0
address low 192.168.4.2 high 192.168.4.100 255.255.255.0
exit
ip dhcp pool network 5.0
address low 192.168.5.2 high 192.168.5.254 255.255.255.0
dns-server 1.1.1.1
exit
ip dhcp pool network 6.0
address low 192.168.6.2 high 192.168.6.254 255.255.255.0
exit
ip dhcp pool network fhc
address low 192.168.2.2 high 192.168.2.154 255.255.255.0
exit
ip dhcp pool network ceyea
address low 192.168.3.6 high 192.168.3.254 255.255.255.0
exit
ip dhcp pool network fbeye
address low 192.168.1.2 high 192.168.1.254 255.255.255.0
exit
ip dhcp pool network starlink
address low 192.168.7.1 high 192.168.7.254 255.255.255.0
dns-server 8.8.8.8
exit
bonjour interface range oob
ip access-list extended SL
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 ace-priority 5
permit ip 192.168.7.0 0.0.0.255 any ace-priority 10
exit
route-map sl 1
match ip address access-list SL
set ip next-hop 10.0.2.1
exit
ip name-server 8.8.8.8 1.1.1.1 192.168.3.5
!
interface vlan 2
name fbeye
ip address 192.168.1.1 255.255.255.0
!
interface vlan 3
name fhc
ip address 192.168.2.1 255.255.255.0
!
interface vlan 4
name ceyea
ip address 192.168.3.1 255.255.255.0
!
interface vlan 5
name 4.0
ip address 192.168.4.1 255.255.255.0
!
interface vlan 6
name 6.0
ip address 192.168.6.1 255.255.255.0
!
interface vlan 7
name home
ip address 192.168.5.1 255.255.255.0
!
interface vlan 8
name starlink
ip address 192.168.7.1 255.255.255.0
ip policy route-map sl
!
interface TenGigabitEthernet1/0/1
ip address 10.0.2.2 255.255.255.0
no switchport
switchport access vlan none
switchport trunk native vlan none
!
interface TenGigabitEthernet1/0/2
switchport access vlan 2
switchport trunk native vlan 2
!
interface TenGigabitEthernet1/0/3
switchport access vlan 3
switchport trunk native vlan 3
!
interface TenGigabitEthernet1/0/4
switchport access vlan 4
switchport trunk native vlan 4
!
interface TenGigabitEthernet1/0/5
switchport access vlan 5
switchport trunk native vlan 5
!
interface TenGigabitEthernet1/0/6
switchport access vlan 6
switchport trunk native vlan 6
!
interface TenGigabitEthernet1/0/7
switchport access vlan 7
switchport trunk native vlan 7
!
interface TenGigabitEthernet1/0/8
switchport access vlan 8
switchport trunk native vlan 8
!
interface TenGigabitEthernet1/0/9
ip address 10.0.0.2 255.255.255.0
no switchport
switchport access vlan none
switchport trunk native vlan none
!
interface TenGigabitEthernet1/0/10
switchport access vlan 8
switchport trunk native vlan 8
no macro auto smartport
!
interface oob
ip address 192.168.10.254 255.255.255.0
no ip address dhcp
!
exit
ip default-gateway 10.0.0.1
