Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2300
Views
40
Helpful
15
Replies

IP Policy ignored

Go to solution
Frank Sinatra
Level 1
Level 1

‎03-21-2019 08:39 AM - edited ‎03-21-2019 08:46 AM

I have a router with a default route set to the first WAN. I want to set up a second WAN but can't remove the default route because the router is live. I have added an ip policy to the second WAN interface but it is being ignore and it uses the default route of the first WAN instead (I have confirmed using trace). Here's my config:

 

aaa new-model
!
aaa authentication login default local
!
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp excluded-address 10.10.20.1 10.10.20.10
!
ip dhcp pool Vlan10
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1
 dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool Vlan20
 network 10.10.20.0 255.255.255.0
 default-router 10.10.20.1
 dns-server 8.8.8.8 8.8.4.4
!
ip domain name test.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
interface FastEthernet0
 switchport access vlan 2
!
interface FastEthernet1
 switchport access vlan 3
!
interface Vlan1
 shutdown
!
interface Vlan2
 description WAN-1
 ip address 1.1.1.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
!
interface Vlan3
 description WAN-2
 ip address 2.2.2.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
!
interface Vlan10
 description LAN-1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan20
 description LAN-2
 ip address 10.10.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map PBR
!
ip nat inside source list Vlan10 interface Vlan2 overload
ip nat inside source list Vlan20 interface Vlan3 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
ip access-list extended Vlan10
 permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended Vlan20
 permit ip 10.10.20.0 0.0.0.255 any

route-map PBR permit 10
 match ip address Vlan20
 set ip next-hop 2.2.2.1

This is a follow-up to this discussion:

https://community.cisco.com/t5/routing/two-active-wan-connections/m-p/3815883#M311082

Labels:
0 Helpful
15 Replies 15

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Frank Sinatra

‎03-21-2019 12:43 PM

Glad to get the update that it is working. Your issue is actually the expected behavior. When you configure PBR with a route map on the interface it operates on traffic received on that interface and not on traffic generated by the router itself. If you want PBR to work on traffic generated by the router then you need to configure ip local policy.

 

HTH

 

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card