Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
1
Replies

Policy Based Routing

Go to solution
thisguy365
Level 1
Level 1

‎02-14-2019 01:18 PM

Working on a project to consolidate multiple routers for our various networks into 1 Catalyst switch stack, we are using catalyst 9300-24-T-As

 

The different networks we have need to go out different firewalls towards the internet, need to be able to communicate with each other and there is a branch office connected by fiber that we will have static routes to.

 

Trying to make sure i get the route-maps right.

My big hangup is that i dont understand when it decides to use the route-map vs Connected/Static routes.

Is it route-map>connected>static or connect>static>route-map or something else?

Any Input is appreciated.

 

192.168.254.50 and .20 are separate firewall connecting to other networks

192.168.252.1 is an interface on our ASA that has an inline webfilter attached

192.168.254.1 is an interface on our ASA that Nats outside

 

ip route 192.168.0.0 255.255.255.0 192.168.254.50
ip route 192.168.1.0 255.255.255.0 192.168.254.20

 

interface Vlan10
 description trusted
 ip address 192.168.17.1 255.255.255.0
!
interface Vlan30
 description servers
 ip address 192.168.30.1 255.255.255.0
!
interface Vlan70
 description Training-Lab
 ip address 192.168.18.1 255.255.255.0
!
interface Vlan90
 description PHONES
 ip address 192.168.90.1 255.255.255.0
!

ip access-list standard PRIVATE-NETS
 permit 10.0.0.0 0.255.255.255
 permit 172.16.0.0 0.15.255.255
 permit 192.168.0.0 0.0.255.255

!

route-map V10 deny 10
 match ip address PRIVATE-NETS
!
route-map V10 permit 100
 set ip next-hop 192.168.252.1

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎02-14-2019 02:29 PM - edited ‎02-15-2019 01:07 AM

Hello

How I see it is you have static routes stating that the two 192.168 x.x/24 subnets are reachable via their related next hops, Then you are then stating via a pbr deny statement to normal route any traffic related to 192.168.0.0/16.


So PBR will take precedence but due to the deny statement any 192.168.0.0/16 traffic will be routed normally be it by your static route statements


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
1 Reply 1

Go to solution
paul driver
VIP
VIP

‎02-14-2019 02:29 PM - edited ‎02-15-2019 01:07 AM

Hello

How I see it is you have static routes stating that the two 192.168 x.x/24 subnets are reachable via their related next hops, Then you are then stating via a pbr deny statement to normal route any traffic related to 192.168.0.0/16.


So PBR will take precedence but due to the deny statement any 192.168.0.0/16 traffic will be routed normally be it by your static route statements


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card