Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
6
Replies

Route Null0 for backup transit Wan

cmichilsen
Level 1
Level 1

‎05-31-2011 02:29 AM - edited ‎03-04-2019 12:33 PM

Hello,

We have several location connected to each other with any to any wan uplinks. Our primary wan is routed with OSPF instances. When a OSPF router isn't reachable anymore our switches will use the default static routes. This all is working fine and when we have an error on our primary Wan it automatically falls back to the static routes. But the only thing i want to do is that our telephony enviroment is not routed over our backup wan uplink, because there is no Qos on our backup wan.

Our config is like this:

router ospf 1
router-id 10.11.22.1
log-adjacency-changes
passive-interface default
no passive-interface Vlan95
network 10.9.5.0 0.0.0.255 area 0
network 10.11.22.1 0.0.0.0 area 0
network 10.22.9.0 0.0.0.255 area 0
network 10.22.0.0 0.0.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.22.6.10 254
ip route 10.12.6.0 255.255.255.0 10.22.6.10

I want to route 10.12.64.0 255.255.255.0 to a black hole, but only when the static routes are active.

Is it possible to do this?

thank you.

Labels:
0 Helpful
6 Replies 6

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-31-2011 03:00 AM

Disclaimer

The Author of this posting offers the information contained within this posting without  consideration and with the reader's understanding that there's no     implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind.  Usage of  this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

If 10.12.64.0 is in your dynamic routing, have your tried a floating static for it?

If 10.12.64.0 is not in your dynamic routing, perhaps PBR might do the trick.

0 Helpful

cmichilsen
Level 1
Level 1
In response to Joseph W. Doherty

‎05-31-2011 03:30 AM

First i tried to ip route 10.12.64.0 255.255.255.0 10.100.100.1 (fake ip). But when i did a trace to 10.12.64.4 it was still possible.

So i think the 0.0.0.0 0.0.0.0 10.22.6.10 has a higher priority or something.

Second thing what i want is that the packets will be dropped if our primary wan uplink is inaccessable.

Thanks in advance.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to cmichilsen

‎05-31-2011 04:12 PM

Disclaimer

The Author of this posting  offers the information contained within this posting without   consideration and with the reader's understanding that there's no      implied or expressed suitability or fitness for any purpose.    Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind.  Usage of   this posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

For a floating static to work as desired, you would need the dynamic route to disappear from your routing table.  Not knowing what's in your route table, nor how you "faked" your IP, can't say whether what you done was done correctly.

0 Helpful

cmichilsen
Level 1
Level 1

‎06-09-2011 11:31 PM

Hello,

Is it possible to block traffic with ip access lists? I want to drop traffic (outgoing) on a 3560 from networks 10.15.4.0/24 and 10.15.5.0/24.

I configured this

access-list 1 deny 10.15.4.0 0.0.0.255

access-list 2 deny 10.15.5.0 0.0.0.255

But then i wanted to apply these accesslists on swi fa0/1 and in the config i only saw the last access-list. Is it possible to apply two access-list on one switchport?

I did a conf t and then int fa0/1

ip access-group 1 in

ip access-group 2 in

But this is only for incoming traffic i think?

Please advise.

greetings chris

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cmichilsen

‎06-10-2011 04:00 AM

Chris

You can only have one acl per interface per direction but it's not a problem ie.

access-list 1 deny 10.15.4.0 0.0.0.255

access-list 1 deny 10.15.5.0 0.0.0.255

int fa0/1

ip access-group 1 in

Jon

0 Helpful

cmichilsen
Level 1
Level 1
In response to Jon Marshall

‎07-19-2011 12:29 AM

Jon,

Sorry for the late reply.

Thank you for your answer.

Is this the way to leave traffic on the Local LAN.

10.15.4.0/24 are our voip telephones. If our primary WAN link is down we want to drop this traffic. SO i want to create a

access list on our cisco 3560 that is on the same LAN. I'm a little confused with inbound and outbound ACL's    

0 Helpful
Customers Also Viewed These Support Documents