08-29-2006 05:15 AM - edited 03-03-2019 01:48 PM
I have installed a broadband connection into my Cisco 3800. Currently, I employ EIGRP and static routes - the statics directing all 0.0.0.0 0.0.0.0 traffic out our point-to-point T1. I want to direct specific subnets out the broadband. I've assigned one of the static IPs provided by the broadband provider to a second Ethernet port and assigned it as an outbound WAN port. Adding a static route to point to that interface doesn't work.
What am I missing here? We do not employ ACLs - simple route statements directing traffic to specific interfaces. Thank you.
08-29-2006 05:19 AM
If you want to route certain traffic one way and the rest another, then it sounds like you are policy routing. Check these guides:
http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a008009481d.shtml
http://www.cisco.com/en/US/customer/products/ps6599/products_white_paper09186a00800a4409.shtml
HTH
08-29-2006 05:51 AM
I find several aspects of the description of the problem to be not clear in the original post. The post says that they want to direct specific subnets but is not quite clear whether it is destination subnets or source subnets. If the desire is to direct several source subnets then Policy Based Routing is the feature that can accomplish this. If it is destination subnets, then there are several things that may contribute to the problem.
- first it would be very helpful to see the details of how the static routes were configured for these subnets. Posting these static routes would help us to see if there is an issue in how they were configured.
- there might be an issue in how the outbound interface to broadband is configured. If the configuration details of that interface were posted we could evaluate potential problems with it.
- there might be an issue with how to get return traffic for traffic that was sent out the broadband. If we knew more details about the environment we might see issues with this.
So if the original poster can supply some of these clarifications we might be able to find answers.
HTH
Rick
08-30-2006 07:42 AM
Thanks for the links.
I think I'm using policy routing now in conjunction with failover on our MPLS network - and employing EIGRP and BGP. However, I inherited this configuration and do not know how to add another policy route that would say, direct all routes going to destination subnetX via interface GigabitEthernet0/1 - that would not interfere with my existing policy routes. Any hints?
Here's my config.
Thanks
08-30-2006 09:03 AM
It is helpful to see the config that you posted. In the config we can see that it does implement policy routing for traffic received on interface Gig0/0 and also for locally generated traffic. This policy based routing just sets ip precedence for all traffic recieved on the interface and on all traffic generated from the router. This policy based routing does not affect any routing decision.
The config does show several things about how routing is done on the router: you are running EIGRP on interfaces Gig0/0, Serial0/1/0, Serial0/1/1, Serial0/2/0, Serial0/0/0.1 and are running BGP with one external neighbor. So there are likely some dynamically learned routes. The router also defines a static default route with 172.19.4.2 as the next hop address. There are 3 static routes for more specific routes (and 2 of the static routes have the same next hop as the default route).
Can you clarify what you are trying to accomplish? I see the broadband interface Gig0/1 but do not see anything trying to send traffic out that interface. Also, depending on the addressing of the interface which you have hidden, I would expect to see Network Address Translation on traffic going out the broadband interface but I do not see that.
Can you tell us if the broadband interface is able to reach the provider next hop? Is the router able to reach the Internet via the broadband interface?
HTH
Rick
08-29-2006 06:49 AM
In order to direct specific subnets to the broadband connection instead of the T1, I suggest going with policy based routing.
When you assigned the public IP on the second ethernet, did you also create a NAT rule for your internal network ?
It would be helpful if you post configs.
Thanks
08-31-2006 03:41 AM
I'm planning on routing a destination subnet out of the broadband connection. I've set up NAT on firewall but not on a router. Can someone direct me to documentation? I'm wondering if the NAT will correct my issue or do I still need policy based routing?
Thank you.
08-31-2006 04:55 AM
If data from the router goes out the broadband interface and goes through a firewall which is configured to do NAT then I would think that is good enough and there is no need to configure NAT on the router. I believe that many of us assume that when someone describes a connection from a router to broadband that the connection is directly from router to broadband. Thanks for clarifying this.
If you plan to route a destination subnet then I do not see any particular need for policy based routing. If you can provide some details about what you have configured maybe we can figure out what the problem is.
As I asked before it would be helpful if you can tell us more about the broadband connection. Is it working ok? Can the router access the provider next hop address through the broadband interface? Can the router access Internet resources through the broadband interface? Knowing these things will be crucial in figuring out the problem.
HTH
Rick
08-31-2006 06:18 AM
Rick-
Again - thanks for all the help.
When I said I'm familiar with setting up NAT on firewall - that's in respect to the default route out to the internet - in the config that would be Serial0/2/0 - where's there is a firewall to the Internet.
The broadband connection is local to the router with no firewall - so I would need to configure NAT for this connection. I've tested the broadband on a laptop - statically assigning an IP from the pool of five that came with the service. All works great. But I'm assuming now that NAT is required - just haven't had experience with configuring NAT on a router. From what I've seen, the router can't access any Internet resources through the broadband connection as things are now configured. Definitely missing something parameters. Thanks.
08-31-2006 06:32 AM
Correction ...
Successful ping and traceroute to gateway (next hop cable modem)from source address of broadband interface .... but nothing beyond.
08-30-2006 11:19 AM
Thanks for everyone's input.
I atatched the config under a previous reply.
08-30-2006 11:32 AM
What subnets are you planning to reroute via the broadband connection ?
As I stated before, you need to configure NAT on the broadband interface in order for internal networks to reach the internet from their non-routable subnets.
08-30-2006 05:53 PM
Yes you attached the config. I looked at the config and I asked some questions. Will you be answering the questions that I asked?
HTH
Rick
08-31-2006 06:08 AM
Have a hard time navigating the list. Please excuse - this needs to be a reply here ...
I'm planning on routing a destination subnet out of the broadband connection. I've set up NAT on firewall but not on a router. Can someone direct me to documentation? I'm wondering if the NAT will correct my issue or do I still need policy based routing?
Thank you.
08-31-2006 10:17 AM
Will this work with existing rules:
ip route
access-list 1 permit 172.17.0.0 255.255.0.0
ip nat source list 1 interface G0/1 overload
interface G0/0
ip address
ip nat inside
interface G0/1
ip address
ip nat outside
Please advise.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: