Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
399
Views
0
Helpful
3
Replies

I need a VLAN to have a different nexthop than the default route

Go to solution
tis-it
Level 1
Level 1

‎06-14-2022 10:47 PM

I've been trying to solve the problem of a single VLAN in our org needing a different route than the rest of the traffic on the core switch. It goes to a different firewall to keep things separated. In my research, I keep coming back around to Policy Based Routing, which appears to be an enterprise feature, which I don't currently have a license for. Is there a way to accomplish this through VRF or something similar where I don't have to fork out 10's of thousands of dollars for an enterprise license, or am I hosed here?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎06-15-2022 12:15 AM - last edited on ‎06-23-2022 02:40 AM by Community Manager

Hello,

 

if you do have VRF feature access, below is an example of how to accomplish this. IP addressing is obviously arbitrary...

 

ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
vrf RED
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
interface GigabitEthernet0/0
description LAN
vrf forwarding RED
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description Uplink to Firewall
vrf forwarding RED
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description Uplink to ISP
ip address 2.2.2.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route vrf RED 0.0.0.0 0.0.0.0 1.1.1.2

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-15-2022 12:05 AM

You need to make a Static route if you do not have that feature License for PBR ( that is what most people use).

 

Since you mentioned VRF (not sure or recollect your License has that feature in the base License)

 

By the way what device is this ? what IOS Code, you can use the VRF routing table, and compare it to the GRT routing table.

Or you may be achieved using IGP ( Like EIGRP/ OSPF if supported or in place).

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎06-15-2022 12:15 AM - last edited on ‎06-23-2022 02:40 AM by Community Manager

Hello,

 

if you do have VRF feature access, below is an example of how to accomplish this. IP addressing is obviously arbitrary...

 

ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
vrf RED
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
interface GigabitEthernet0/0
description LAN
vrf forwarding RED
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description Uplink to Firewall
vrf forwarding RED
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description Uplink to ISP
ip address 2.2.2.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route vrf RED 0.0.0.0 0.0.0.0 1.1.1.2
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-15-2022 04:26 AM - last edited on ‎06-23-2022 03:39 AM by Community Manager 

ip route VRF VLAN 0.0.0.0 0.0.0.0 global <- this for direction form VLAN with VRF VLAN to global routing interface 

ip route VLAN-subnet mask SVI VRF VLAN <-this for direction from global to VLAN with VRF VLAN

this issue I don't test before but if the static route accept add VRF after the next-hop (in this case it is SVI of VLAN) then it can work.


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card