02-14-2019 01:18 PM
Working on a project to consolidate multiple routers for our various networks into 1 Catalyst switch stack, we are using catalyst 9300-24-T-As
The different networks we have need to go out different firewalls towards the internet, need to be able to communicate with each other and there is a branch office connected by fiber that we will have static routes to.
Trying to make sure i get the route-maps right.
My big hangup is that i dont understand when it decides to use the route-map vs Connected/Static routes.
Is it route-map>connected>static or connect>static>route-map or something else?
Any Input is appreciated.
192.168.254.50 and .20 are separate firewall connecting to other networks
192.168.252.1 is an interface on our ASA that has an inline webfilter attached
192.168.254.1 is an interface on our ASA that Nats outside
ip route 192.168.0.0 255.255.255.0 192.168.254.50
ip route 192.168.1.0 255.255.255.0 192.168.254.20
interface Vlan10
description trusted
ip address 192.168.17.1 255.255.255.0
!
interface Vlan30
description servers
ip address 192.168.30.1 255.255.255.0
!
interface Vlan70
description Training-Lab
ip address 192.168.18.1 255.255.255.0
!
interface Vlan90
description PHONES
ip address 192.168.90.1 255.255.255.0
!
ip access-list standard PRIVATE-NETS
permit 10.0.0.0 0.255.255.255
permit 172.16.0.0 0.15.255.255
permit 192.168.0.0 0.0.255.255
!
route-map V10 deny 10
match ip address PRIVATE-NETS
!
route-map V10 permit 100
set ip next-hop 192.168.252.1
Solved! Go to Solution.
02-14-2019 02:29 PM - edited 02-15-2019 01:07 AM
Hello
How I see it is you have static routes stating that the two 192.168 x.x/24 subnets are reachable via their related next hops, Then you are then stating via a pbr deny statement to normal route any traffic related to 192.168.0.0/16.
So PBR will take precedence but due to the deny statement any 192.168.0.0/16 traffic will be routed normally be it by your static route statements
02-14-2019 02:29 PM - edited 02-15-2019 01:07 AM
Hello
How I see it is you have static routes stating that the two 192.168 x.x/24 subnets are reachable via their related next hops, Then you are then stating via a pbr deny statement to normal route any traffic related to 192.168.0.0/16.
So PBR will take precedence but due to the deny statement any 192.168.0.0/16 traffic will be routed normally be it by your static route statements
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide