03-21-2019 08:39 AM - edited 03-21-2019 08:46 AM
I have a router with a default route set to the first WAN. I want to set up a second WAN but can't remove the default route because the router is live. I have added an ip policy to the second WAN interface but it is being ignore and it uses the default route of the first WAN instead (I have confirmed using trace). Here's my config:
aaa new-model ! aaa authentication login default local ! ip dhcp excluded-address 10.10.10.1 10.10.10.10 ip dhcp excluded-address 10.10.20.1 10.10.20.10 ! ip dhcp pool Vlan10 network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server 8.8.8.8 8.8.4.4 ! ip dhcp pool Vlan20 network 10.10.20.0 255.255.255.0 default-router 10.10.20.1 dns-server 8.8.8.8 8.8.4.4 ! ip domain name test.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 ! interface FastEthernet0 switchport access vlan 2 ! interface FastEthernet1 switchport access vlan 3 ! interface Vlan1 shutdown ! interface Vlan2 description WAN-1 ip address 1.1.1.2 255.255.255.252 ip nat outside ip virtual-reassembly in ! interface Vlan3 description WAN-2 ip address 2.2.2.2 255.255.255.252
ip nat outside ip virtual-reassembly in ! interface Vlan10 description LAN-1 ip address 10.10.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Vlan20 description LAN-2 ip address 10.10.20.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR ! ip nat inside source list Vlan10 interface Vlan2 overload ip nat inside source list Vlan20 interface Vlan3 overload ip route 0.0.0.0 0.0.0.0 1.1.1.1 ! ip access-list extended Vlan10 permit ip 10.10.10.0 0.0.0.255 any ip access-list extended Vlan20 permit ip 10.10.20.0 0.0.0.255 any route-map PBR permit 10 match ip address Vlan20 set ip next-hop 2.2.2.1
This is a follow-up to this discussion:
https://community.cisco.com/t5/routing/two-active-wan-connections/m-p/3815883#M311082
Solved! Go to Solution.
03-21-2019 12:43 PM
Glad to get the update that it is working. Your issue is actually the expected behavior. When you configure PBR with a route map on the interface it operates on traffic received on that interface and not on traffic generated by the router itself. If you want PBR to work on traffic generated by the router then you need to configure ip local policy.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide