cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
532
Views
9
Helpful
6
Replies

how to 1ºnet to Dialer1 and 2ºsubnet to Dialer2

I have a LAN 192.168.20.0 on a GigabitEthernet 0/0. Three Dialers configured, each one with different ISP. The dialers are configured correctly. And all computers have internet with "ip route 0.0.0.0 0.0.0.0 Dialer0". If I use another Dialer the computers have internet connection too.

I create a subnet with:

interface GigabitEthernet 0/0

ip address 192.168.21.1 255.255.255.0 secondary

 

I have new computers on this subnet. Well. I want that this subnet use Dialer1 instead Dialer0 as default. How I can do this?

NOTE: I can not use load balance with the Dialers. I have some computers that have a direct connections that can not be interrupted.

Thanks!

1 Accepted Solution

Accepted Solutions

Hello.

On you route-map you need to use "set interface" instead of "match interface", as it was mentioned a couple of posts before.

Also you need to deny local traffic in ACLs 101 and 102:

ip access-l ext 100
 remark do not NAT
 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255

ip access-l ext 101
 remark NAT 1st subnet
 permit ip 192.168.20.0 0.0.0.255 any

ip access-l 102
 remark NAT 1st subnet
 permit ip 192.168.21.0 0.0.0.255 any

route-map PBR deny 10
 match ip address 100

route-map PBR permit 20
 match ip address 101
 set interface Di0

route-map PBR permit 30
 match ip address 102
 set interface Di1

and apply the PBR to inside interface.

View solution in original post

6 Replies 6

Dragan Ilic
Level 4
Level 4

You can utilize Policy Based routing for this without a problem...

BR,

Dragan

HTH,
Dragan

Thanks for your response Drangan. I study this possibility, previous to ask here, I search in a lot of sites and I read http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpbr.html

I added:

access-list 13 permit 192.168.21.0 0.0.0.25


route-map NewSubnet permit 13

match ip address 13

match interface Dialer1

 

But It is not enought, I proved and the computers on 192.168.21.0 subnet not have internet connection.

 

What's wrong?

 

Best regards,

Christopher

I think you need to "set" outgoing interface..."set interface..." in route map...

BR,

Dragan

HTH,
Dragan

Hello again,

I tried different alternatives and I have no solution. I tried with:

access-list 12 permit 192.168.20.0 0.0.0.255
access-list 13 permit 192.168.21.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 102 permit ip 192.168.21.0 0.0.0.255 any
 
route-map NewSubnet permit 13
match ip address 102
match interface Dialer2
 
route-map Datos permit 12
match ip address 101
match interface Dialer2
 
ip nat inside source list 12 interface Dialer0 overload
ip nat inside source list 13 interface Dialer1 overload
 
interface GigabitEthernet 0/0
ip policy route-map NewSubnet
ip policy route-map Datos
ip route-map 0.0.0.0 0.0.0.0 Dialer0
ip route-map 0.0.0.0 0.0.0.0 Dialer1

 

 

 

I connect a pc to 192.168.21.1, this have ping to 192.168.21.1 (gateway), to 192.168.20.1 and the computers from the other network (192.168.20.x), but not have internet access. The computers from 192.168.20.x have internet access.

If I increase the permit of acces-list 12 to 192.168.0.0 0.0.255.255 and use this. NewSubnet and Datos route-map permit internet access with two net.

 

Any idea?

 

BR,

 

Christopher

 

Hello.

On you route-map you need to use "set interface" instead of "match interface", as it was mentioned a couple of posts before.

Also you need to deny local traffic in ACLs 101 and 102:

ip access-l ext 100
 remark do not NAT
 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255

ip access-l ext 101
 remark NAT 1st subnet
 permit ip 192.168.20.0 0.0.0.255 any

ip access-l 102
 remark NAT 1st subnet
 permit ip 192.168.21.0 0.0.0.255 any

route-map PBR deny 10
 match ip address 100

route-map PBR permit 20
 match ip address 101
 set interface Di0

route-map PBR permit 30
 match ip address 102
 set interface Di1

and apply the PBR to inside interface.

Thanks!!!!

yes

Review Cisco Networking for a $25 gift card