cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1036
Views
5
Helpful
21
Replies

Policy Based Routing (Suggestion Needed)

sajjidkhan
Level 1
Level 1

I've two 2800 series routers, one ADSL and one Leased Line. Two 515E Firewalls connected to each one. They are then connected to an L2 switch (2960G) for aggregation to two L3 Core switches (3750). I want all my traffic to use ADSL and all my mail (smtp) traffic to use LL. Do i need policy based routing here or just specifying the default gateway for the mail servers to be the firewall connected to the LL router.

Suggestion will be appreciated.

21 Replies 21

Hi Victor

Doing fine, but busy as i'm leaving job at end of May so some loose ends to tie up.

You are right in what you say about the deny statements. These make sure that traffic from the mail servers to the internal vlans are not policy routed. The problem with relying on the implict deny at the end is that it would never get to that rule as you have a permit ip any in the access-list before that so without the explicit denies all traffic would be policy routed.

Jon

Jon:

OK, I just wanted to make sure that I was on your page and no tmissing something. :-)

I never ask you questions to challenge you -- only to learn from you.

Good luck at your new job.

Victor

Victor

Thanks, no new job as yet, taking some time off.

You can challenge me any time as i make as many mistakes as the next man and i certainly don't take it personally.

Jon

From 3750 Q&A

Q. What features are only supported on the IP Services Image?

A. The following features and functionality are supported with the IP Services Image:

• Dynamic IP routing protocols for load balancing and constructing scalable LANs:

- Open Shortest Path First (OSPF)

- Enhanced IGRP (EIGRP)

- Border Gateway Protocol (BGPv4)

• Equal-cost routing for load balancing and redundancy

• Fallback bridging for forwarding of non-IP traffic between two or more VLANs

• Protocol-Independent Multicast (PIM) for IP multicast routing within a network that enables the network to receive the multicast feed requested and for switches not participating in the multicast to be pruned-support for PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode

• Distance Vector Multicast Routing Protocol (DVMRP) tunneling for interconnecting two multicast-enabled networks across non-multicast

• Policy-based Routing (PBR) allows superior control by enabling flow redirection regardless of the routing protocol configured

• Private VLAN (PVLAN) provides the ability to restrict communications between hosts at layer 2 through the use of primary and secondary VLANs.

So you need IP Services for PBR and you would need to enable Routing SDM.

Jon

@jon

Thanks alot, infact I'm obliged with your prompt replies. I did enabled sdm routing (had to reload it) but am not sure if policy based routing could be enabled the way you described it.

Will the 'policy-map' or 'policy-manager' command help?

No, if you did

switch(config)# sdm prefer routing

and then reloaded the switch if the "ip policy route-map ..." is not available under the interface then you need to use the IP Services image.

Jon

Thanks again @jon

I'll pursue my managers to get me upgrade for it. Thanks again and see you soon again! :P

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco