Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
0
Helpful
4
Replies

Specify PBR across multiple VLans to a specific WAN

TheGoob
VIP
VIP

‎10-18-2025 03:01 PM

Hello

I will more generalize my system to get across the idea better.

DSL Modem - FPR1010 - SG350XG.

All ACL/NAT is done on FPR with a static route to find the 3 VLans on the SG350XG. [FPR 1/2 connects to SG 1/1]

On SG I have 3 VLans and each VLan is, by NAT, associated with it's own WAN IP going back to the FPR.

Currently, everything works as IS.

ENTER, I have a OpenVPN Router with a different ISP that connects to SG 1/2. It is connected 24/7 and with a killswitch to a VPN for private browsing. My goal is to have host on each VLan use it's associated WAN IP EXCEPT I want any host on any VLan to use SG 1/2 [VPN] for HTTP/HTTPS traffic. 

1. Create an ACL called 'HTTP', Permit, TCP, Any, Any, 80

2. Create a Route Map called 'PBR_HTTP', match ip address, select HTTP ACL, next hop [VPN Router IP]

3. Apply Route Map, Select Interface [1/2 as that connects to VPN Router], Select PBR and apply 'PBR_HTTP'.

Would this be sufficient? Will this cause each of the VLans to use the intended PBR? And of course, I need to do this for HTTPS as well.

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎10-19-2025 01:13 AM

I am sure SG350 support PBR (I guess so).

Follow the video below for PBR - high level, your plan should work, but make sure you correct the routing in place to work for return traffic.

https://video.cisco.com/detail/video/5848099081001?autoStart=true&q=PBR

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

TheGoob
VIP
VIP
In response to balaji.bandi

‎10-21-2025 12:34 PM

Interesting, by the looks of this Video, I would not do an ACL but just tell traffic from specific vlan to specific Next Hop.

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-20-2025 11:18 PM

Hello @TheGoob ,

PBR works inbound so you need to apply it on each of three SVI ( interface VLAN) defined on the switch.

The OpenVPN router needs to be configured for NAT too if you want to have internal hosts to access web sites on the public internet via the VPN device.

Hope to help

Giuseppe

 

0 Helpful

TheGoob
VIP
VIP
In response to Giuseppe Larosa

‎10-21-2025 12:35 PM

When you say apply to each vlan, you refer to any vlan in need of the PBR? Also that makes sense, I would need to create a route back to the SG. 

0 Helpful
Customers Also Viewed These Support Documents