01-21-2017 07:13 PM - edited 03-05-2019 07:53 AM
Hi Team
I need help with my company project. Actually we have 3 VLANs, one for data, one for voice, and one for video, and we have 2 Wan links to my branch offices.
My needs are to send Data and voice Vlan in the first wan link, and send Video on the second WAN link. When the first link fails, DATA and Voice must converge to the second WAN Link and my VIDEO traffic must not leave my LAN.
I think a IP SLA will work great to take the trackability, but i cant get to the part to how to block my Video traffic, with an acl?? or PBR?
Thanks
Solved! Go to Solution.
01-21-2017 08:52 PM
Hi
Well, the re-routing of Voice and Data vlans is working by using track as far as I understood.
For your Voice vlan, what you want is that this subnet isn't able to access outside of your LAN.
For that, I will do a route-map. Let me explain.
R2 R3
| 0/0 | 0/0
| |
0/0 | | 0/1
R1
Let's say the R2 g0/0 interface has IP 192.168.1.2 and video subnet is 172.16.100.0/24
here are commands:
ip access-list extended PBR
deny ip 172.16.100.0 0.0.0.255 x.x.x.x x.x.x.x ==> Deny traffic you want to allow even if the 1st WAN link goes down
permit ip 172.16.100.0 0.0.0.255 any ==> Traffic going outside
route-map PBR permit 10
match ip add PBR
set ip next-hop 192.168.1.2 ==> R2 g0/0 IP in this example
On R1
int g0/3 or int vlan xx
ip policy route-map PBR
If R2 g0/0 is going down, all traffic from your video vlan matching deny statement will work but traffic from your video vlan to outside will be dropped.
Hope this is clear enough.
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
01-21-2017 08:52 PM
Hi
Well, the re-routing of Voice and Data vlans is working by using track as far as I understood.
For your Voice vlan, what you want is that this subnet isn't able to access outside of your LAN.
For that, I will do a route-map. Let me explain.
R2 R3
| 0/0 | 0/0
| |
0/0 | | 0/1
R1
Let's say the R2 g0/0 interface has IP 192.168.1.2 and video subnet is 172.16.100.0/24
here are commands:
ip access-list extended PBR
deny ip 172.16.100.0 0.0.0.255 x.x.x.x x.x.x.x ==> Deny traffic you want to allow even if the 1st WAN link goes down
permit ip 172.16.100.0 0.0.0.255 any ==> Traffic going outside
route-map PBR permit 10
match ip add PBR
set ip next-hop 192.168.1.2 ==> R2 g0/0 IP in this example
On R1
int g0/3 or int vlan xx
ip policy route-map PBR
If R2 g0/0 is going down, all traffic from your video vlan matching deny statement will work but traffic from your video vlan to outside will be dropped.
Hope this is clear enough.
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
02-03-2017 07:30 PM
really thanks
it worked.
Ps. sorry to thanks late, but this was the last stage of a proyect.
Thanks
02-03-2017 07:59 PM
Your very welcome
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: