Router interface redirection

Tusune · ‎05-02-2018

Hello !

I'm here because i face a problem since yesterday, i'll explain as clearly as possible :

I have 2 routeurs (3745) connected via 2 links (GRE tunnels), separated by some routers, here is a simple representation (not my actual structure, but enought to represent it) :

I forgot to add a pc but let's do with that. On my ethernetswitch-1, there is 2 vlans (vlan 16 and 18) and on the other switch there is 1 (vlan 19), what i wanted is when the PC-5 try to reach the vlan 16, he goes through the tunnel 0 (the upper one), and when he try to reach the vlan 18, he goes through the tunnel 1 (the bottom one).

But there is my problem, i didn't succed in that, i tried to change priority calculated by protocols (ospf eigrp between them), but for that i changed the bandwidth, and when it change the priority, its for all vlans, so not what i want.

Next i tried things like ACL + route-map (policy route-map etc...), but anything that i've done don't work. (the ACL's seemed to match the correct ip addresses, but no redirection were done).

So my question is simple, does someone can help me a little ? Is ACL's + route-map the good solution and i just failed it or is there other solutions ?

Thanks in advance :)

Diana Karolina Rojas · ‎05-02-2018

Hello,

I couldn't see the image, but I thing I understand what you want, can you please provide the configuration you used with the ACL's? You can use Policy Based Routing to force the traffic the way you want.

---Do not forget to rate/mark useful post.---

Best Regards,

Tusune · ‎05-03-2018

I tried differents configurations with ACL's, but there is just one that looks correct :

- The one who must allow traffic from 192.168.19.0/24 to 192.168.16.0/24 (and redirect it after) :

(config)# ip access-list extended ACL-IN-1916

(config-ext-nacl)# permit ip 192.168.19.0 0.0.0.255 192.168.16.0 0.0.0.255

(config-ext-nacl)# exit

(config) route-map 19to16 permit 10
(config-route-map)# match ip address ACL-IN-1916

(config-route-map)# set ip next-hop 10.31.31.5

10.31.31.5 is the address of the end of the tunnel through which i want this traffic to pass.

- And then the same but from 192.168.19.0/24 to 192.168.18.0/24 :

(config)# ip access-list extended ACL-IN-1918

(config-ext-nacl)# permit ip 192.168.19.0 0.0.0.255 192.168.18.0 0.0.0.255

(config-ext-nacl)# exit

(config) route-map 19to18 permit 10
(config-route-map)# match ip address ACL-IN-1918

(config-route-map)# set ip next-hop 10.21.21.5

And finally :

(config)# int tun 0

(config-if)# ip policy route-map 19to18

(config-if)# int tun 1

(config-if)# ip policy route-map 19to16

But with that, nothing happen, no redirection or anything, did i missed something ?

(And sorry for the late answer)

Tusune · ‎05-03-2018

I've found my problem, but there is a other now :

the ip policy route-map command should be done in the interface that lead to my subnet (192.168.19.0/24) and not tunnel interfaces, i've done it and it work.

The problem now : I can have just one policy route-map per interface, but i have two route-map, what can i do ?

Diana Karolina Rojas · ‎05-03-2018

Hello Tusune,

Yes you are right, you can't use two PBRs into the same interface, so you have to create only one PBR with two policies using the same ACLs.

(config)# ip access-list extended ACL-IN-1916

(config-ext-nacl)# permit ip 192.168.19.0 0.0.0.255 192.168.16.0 0.0.0.255

exit

(config)# ip access-list extended ACL-IN-1918

(config-ext-nacl)# permit ip 192.168.19.0 0.0.0.255 192.168.18.0 0.0.0.255

exit

(config)#route-map REDIRECTION permit 10
(config-route-map)# match ip address ACL-IN-1916

(config-route-map)# set ip next-hop 10.31.31.5

(config)#route-map REDIRECTION permit 20
(config-route-map)# match ip address ACL-IN-1918

(config-route-map)# set ip next-hop 10.21.21.5

Please do not forget to rate/mark useful post.

Regards,

mlund · ‎05-03-2018

Hi

Use one routemap instead of two.Like this

route-map MY-POLICY permit 10
match ip address ACL-IN-1916

set ip next-hop 10.31.31.5

route-map MY-POLICY permit 20
match ip address ACL-IN-1918

set ip next-hop 10.21.21.5

/Mikael

Tusune · ‎05-03-2018

It works, thanks for all :)