Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
2
Replies

route depending on port locally or on an router on a stick

Go to solution
ino
Level 1
Level 1

‎09-06-2022 05:03 AM

i have a 2960 with routing enabled i would like it to route traffic like port 80, 433 ... 

but send all other traffic to an other router / firewall  (isr c1111) for routing

can this be done in some way?

 

so

pc1 vlan 1

pc2 vlan 2

if pc1 calls a http side on pc2 its routed on the switch (thats working)

but lets say pc1 want to ssh in to pc2 in that case it should be routed first to the c1111 (dont know how to set up)

the idea is to have just some basic acl on the switch 

and a more complex on the c1111 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-06-2022 05:31 AM - last edited on ‎09-07-2022 12:31 AM by Community Manager

check what Liicense you on switch. below high level guide for you to work on :

 

config t
!
ip access-list extended SSH_PBR
permit tcp PC1-IP(x.x.x.x) PC2-IP(y.y.y.y_ any eq 22
!
route-map SSH_NEXTHOP permit 10
match ip address SSH_PBR
set ip next-hop z.z.z.z
!
interface Gig0/0 
ip policy route-map SSH_NEXTHOP
!
end

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-06-2022 05:31 AM - last edited on ‎09-07-2022 12:31 AM by Community Manager

check what Liicense you on switch. below high level guide for you to work on :

 

config t
!
ip access-list extended SSH_PBR
permit tcp PC1-IP(x.x.x.x) PC2-IP(y.y.y.y_ any eq 22
!
route-map SSH_NEXTHOP permit 10
match ip address SSH_PBR
set ip next-hop z.z.z.z
!
interface Gig0/0 
ip policy route-map SSH_NEXTHOP
!
end

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
ino
Level 1
Level 1

‎09-06-2022 12:15 PM

thank you

that was relative pain less

was need to change the "sdm prefer" setting and reload the switch prior but fortunately i got a warning in the cli to do so

 

ip access-list extended TEST
permit ip any host 10.0.10.10
!
route-map TEST permit 10
match ip address TEST
set ip next-hop 10.0.0.1
!
interface Vlan103
ip address 10.0.30.1 255.255.255.0
ip policy route-map TEST
PS C:\Users\sa> tracert 10.0.10.10

Tracing route to dc.mydomain.com [10.0.10.10]
over a maximum of 30 hops:

1 2 ms 1 ms 1 ms 10.0.30.1
2 <1 ms <1 ms <1 ms c1111.mydomain.com [10.0.0.1]
3 1 ms 1 ms 1 ms c2961.mydomain.com [10.0.0.2]
4 <1 ms <1 ms <1 ms dc.mydomain.com [10.0.10.10]

Trace complete.
PS C:\Users\sa> tracert 10.0.10.20

Tracing route to ca.mydomain.com [10.0.10.20]
over a maximum of 30 hops:

1 <1 ms 1 ms 1 ms 10.0.30.1
2 <1 ms <1 ms <1 ms ca.mydomain.com [10.0.10.20]

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card