Solved: Your very welcome

maham_TR1999 · ‎01-21-2017

Hi Team

I need help with my company project. Actually we have 3 VLANs, one for data, one for voice, and one for video, and we have 2 Wan links to my branch offices.

My needs are to send Data and voice Vlan in the first wan link, and send Video on the second WAN link. When the first link fails, DATA and Voice must converge to the second WAN Link and my VIDEO traffic must not leave my LAN.

I think a IP SLA will work great to take the trackability, but i cant get to the part to how to block my Video traffic, with an acl?? or PBR?

Thanks

Francesco Molino · ‎01-21-2017

Hi

Well, the re-routing of Voice and Data vlans is working by using track as far as I understood.

For your Voice vlan, what you want is that this subnet isn't able to access outside of your LAN.

For that, I will do a route-map. Let me explain.

R2 R3

| 0/0 | 0/0

| |

0/0 | | 0/1

R1

Let's say the R2 g0/0 interface has IP 192.168.1.2 and video subnet is 172.16.100.0/24

here are commands:

ip access-list extended PBR

deny ip 172.16.100.0 0.0.0.255 x.x.x.x x.x.x.x ==> Deny traffic you want to allow even if the 1st WAN link goes down

permit ip 172.16.100.0 0.0.0.255 any ==> Traffic going outside

route-map PBR permit 10

match ip add PBR

set ip next-hop 192.168.1.2 ==> R2 g0/0 IP in this example

On R1

int g0/3 or int vlan xx

ip policy route-map PBR

If R2 g0/0 is going down, all traffic from your video vlan matching deny statement will work but traffic from your video vlan to outside will be dropped.

Hope this is clear enough.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎01-21-2017

Hi

Well, the re-routing of Voice and Data vlans is working by using track as far as I understood.

For your Voice vlan, what you want is that this subnet isn't able to access outside of your LAN.

For that, I will do a route-map. Let me explain.

R2 R3

| 0/0 | 0/0

| |

0/0 | | 0/1

R1

Let's say the R2 g0/0 interface has IP 192.168.1.2 and video subnet is 172.16.100.0/24

here are commands:

ip access-list extended PBR

deny ip 172.16.100.0 0.0.0.255 x.x.x.x x.x.x.x ==> Deny traffic you want to allow even if the 1st WAN link goes down

permit ip 172.16.100.0 0.0.0.255 any ==> Traffic going outside

route-map PBR permit 10

match ip add PBR

set ip next-hop 192.168.1.2 ==> R2 g0/0 IP in this example

On R1

int g0/3 or int vlan xx

ip policy route-map PBR

If R2 g0/0 is going down, all traffic from your video vlan matching deny statement will work but traffic from your video vlan to outside will be dropped.

Hope this is clear enough.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

maham_TR1999 · ‎02-03-2017

really thanks

it worked.

Ps. sorry to thanks late, but this was the last stage of a proyect.

Thanks

Francesco Molino · ‎02-03-2017

Your very welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

IP SLA and PBR INVERSED