Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
5
Helpful
5
Replies

Setting up routing to Cellular and WAN

Go to solution
nadeesh.sam
Level 1
Level 1

‎04-05-2022 07:43 PM - last edited on ‎04-07-2022 08:45 PM by Community Manager

Hi everyone!

 

I'm trying to setup internet access to two VLANS I have on my IR829 router. I want the VLAN10 traffic to go through the Cellular interface and VLAN20 traffic to go through the WAN (GigabitEthernet 0) interface. I've tried setting up NAT and PBR and I still cant get the VLAN20 to access the internet (I can access internet on VLAN10 through Cellular 0)

 

Any help would be greatly appreciated!

Cheers

 

I tried debugging the ip policy and this is what I see,

 

*Apr 6 01:05:07.650: IP: s=172.16.6.3 (Vlan20), d=8.8.8.8 (GigabitEthernet0), len 62, policy routed
*Apr 6 01:05:07.650: IP: Vlan20 to GigabitEthernet0 14.192.221.164
*Apr 6 01:05:07.762: IP: s=172.16.6.3 (Vlan20), d=31.13.70.3, len 60, FIB policy match
*Apr 6 01:05:07.762: IP: s=172.16.6.3 (Vlan20), d=31.13.70.3, len 60, PBR Counted
*Apr 6 01:05:07.762: IP: s=172.16.6.3 (Vlan20), d=31.13.70.3, len 60, policy match
*Apr 6 01:05:07.762: IP: route map PBR_WAN, item 10, permit
*Apr 6 01:05:07.762: IP: s=172.16.6.3 (Vlan20), d=31.13.70.3 (GigabitEthernet0), len 60, policy routed
*Apr 6 01:05:07.762: IP: Vlan20 to GigabitEthernet0 14.192.221.164
*Apr 6 01:05:07.764: IP: s=172.16.6.3 (Vlan20), d=8.8.8.8, len 68, FIB policy match
*Apr 6 01:05:07.764: IP: s=172.16.6.3 (Vlan20), d=8.8.8.8, len 68, PBR Counted
*Apr 6 01:05:07.764: IP: s=172.16.6.3 (Vlan20), d=8.8.8.8, len 68, policy match
*Apr 6 01:05:07.764: IP: route map PBR_WAN, item 10, permit

 

Here's my current configuration.

 

IR829#sh run
Building configuration...

Current configuration : 4290 bytes
!
! Last configuration change at 02:18:48 UTC Wed Apr 6 2022
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service unsupported-transceiver
!
hostname IR829
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxx
enable password 7 xxxx
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ignition undervoltage threshold 11 000
!
no ignition enable
!
!
ip dhcp excluded-address 172.16.5.1
!
ip dhcp pool ENG
network 172.16.5.0 255.255.255.0
default-router 172.16.5.1
dns-server 8.8.8.8
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
chat-script INTERNET "" "ATDT*99#" TIMEOUT 30 CONNECT
!
!
license udi pid xxxx
!
redundancy

!
controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte sim fast-switchover enable
no lte gps enable
lte modem link-recovery disable
!
interface GigabitEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
!
interface GigabitEthernet1
switchport access vlan 10
switchport mode access
no ip address
!
interface GigabitEthernet2
switchport access vlan 10
switchport mode access
no ip address
!
interface GigabitEthernet3
switchport access vlan 10
switchport mode access
no ip address
!
interface GigabitEthernet4
switchport access vlan 10
switchport mode access
no ip address
no mop enabled
!
interface Wlan-GigabitEthernet0
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet5
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0
description -hologram interface-
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer idle-timeout 300
dialer string lte
dialer-group 1
ipv6 address autoconfig
async mode interactive
routing dynamic
!
interface Cellular1
no ip address
encapsulation slip
shutdown
!
interface wlan-ap0
ip address 1.1.1.1 255.255.255.255
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan10
ip address 172.16.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
ip address 172.16.6.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR_WAN
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
interface Dialer1
no ip address
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT_CELL interface Cellular0 overload
ip nat inside source route-map NAT_WAN interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended LIST_CELL
permit ip 172.16.5.0 0.0.0.255 any
ip access-list extended LIST_WAN
permit ip 172.16.6.0 0.0.0.255 any
ip access-list extended LIST_WAN_ALL
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
route-map NAT_CELL permit 10
match ip address LIST_CELL
match interface Cellular0
!
route-map PBR_WAN permit 10
match ip address LIST_WAN
set ip next-hop dynamic dhcp
set interface GigabitEthernet0
!
route-map NAT_WAN permit 10
match ip address LIST_WAN
match interface GigabitEthernet0
!
!
!
control-plane
!
!
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
modem InOut
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
line 4
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 8
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
line 1/3 1/6
transport preferred none
transport output none
stopbits 1
line vty 0 4
password 7 045802150C2E1D1C5A
login
transport input none
!
no scheduler max-task-time
no iox hdm-enable
iox client enable interface GigabitEthernet5
no iox recovery-enable
!
!
end


Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to nadeesh.sam

‎04-07-2022 08:16 AM - last edited on ‎04-07-2022 08:44 PM by Community Manager

Hello,

 

good to know that it is working, although I also do not really understand why, as adding a static route with an admin distance of 250 would just mean that this route only gets into the routing table when the primary route is down...

 

Either way, the warning

%Warning:Use P2P interface for routemap setinterface clause

is just that, a warning. You get a similar warning when you configure a static route with an Ethernet interface as the next hop, rather than an IP address as the next hop. The warning basically just tells you that you are 'wasting' resources because the interface has to arp for the IP address of the other side.

View solution in original post

5 Replies 5

Go to solution
paul driver
VIP
VIP

‎04-05-2022 11:21 PM - last edited on ‎04-07-2022 08:43 PM by Community Manager

Hello

Amend the  PBR statement, test again

 

route-map PBR_WAN permit 10
match ip address LIST_WAN
set ip next-hop dynamic dhcp





or

route-map PBR_WAN permit 10
match ip address LIST_WAN
set interface GigabitEthernet0.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎04-06-2022 01:47 AM - last edited on ‎04-07-2022 08:43 PM by Community Manager

Hello,

 

judging from your debug output, the PBR seems to actually be working. Try and simplify the NAT as below:

 

--> ip nat inside source list 1 interface Cellular0 overload
--> ip nat inside source list 2 interface GigabitEthernet0 overload
!
--> access-list 1 permit 172.16.5.0 0.0.0.255
--> access-list 2 permit 172.16.6.0 0.0.0.255
0 Helpful

Go to solution
nadeesh.sam
Level 1
Level 1
In response to Georg Pauwen

‎04-06-2022 03:55 PM - last edited on ‎04-07-2022 08:42 PM by Community Manager

Hi Georg!

 

First of all, I got to say I got this far thanks to your other replies here! Cant thank you enough

 

I got it to work yesterday after setting another ip route,

 

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 dhcp 250

 

I don't know why it works. It would be great if you could shed some light on it.

 

Another thing I'm worried about is when I set the following config I get a warning saying

%Warning:Use P2P interface for routemap setinterface clause

Is this something to worry about? What is the best way to do this?

 

route-map NAT_WAN permit 10
  match ip address LIST_WAN
  set ip next-hop dynamic dhcp
  set interface gigabitEthernet0

%Warning:Use P2P interface for routemap setinterface clause

 

Thanks again!

Nadeesh

 

 

 

 

 

 

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to nadeesh.sam

‎04-07-2022 08:16 AM - last edited on ‎04-07-2022 08:44 PM by Community Manager

Hello,

 

good to know that it is working, although I also do not really understand why, as adding a static route with an admin distance of 250 would just mean that this route only gets into the routing table when the primary route is down...

 

Either way, the warning

%Warning:Use P2P interface for routemap setinterface clause

is just that, a warning. You get a similar warning when you configure a static route with an Ethernet interface as the next hop, rather than an IP address as the next hop. The warning basically just tells you that you are 'wasting' resources because the interface has to arp for the IP address of the other side.

Go to solution
nadeesh.sam
Level 1
Level 1

‎04-07-2022 03:28 PM

Awesome! I'm glad it's working too. Thanks for your help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card