cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
721
Views
0
Helpful
7
Replies
mrmarie
Beginner

Static route in Coreswitch

Hello

 

We have different VLANs in coreswitch with ip interface for each VLAN and the default route is 0.0.0.0 0.0.0.0 10.70.70.1

So all Vlan route to firewall, How to route only one VLAN to another IP 10.80.80.1

 

Appreciate your support 

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Georg Pauwen
VIP Expert

Hello,

 

use PBR. Let's say you want Vlan 10 traffic to go to 10.80.80.1, the configuration would be:

 

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

!

route-map PBR_VLAN10 permit 10

match ip address 101

set ip next-hop 10.80.80.1

!

interface Vlan 10

ip address 192.168.10.1 255.255.255.0

ip policy route-map PBR_VLAN10

View solution in original post

7 REPLIES 7
Georg Pauwen
VIP Expert

Hello,

 

use PBR. Let's say you want Vlan 10 traffic to go to 10.80.80.1, the configuration would be:

 

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

!

route-map PBR_VLAN10 permit 10

match ip address 101

set ip next-hop 10.80.80.1

!

interface Vlan 10

ip address 192.168.10.1 255.255.255.0

ip policy route-map PBR_VLAN10

View solution in original post

Hello Georg

 

Thank you for your reply

 

The VLAN that I need to route it to different IP 

VLAN 130 

IP 10.130.130.0 255.255.255.0 

 

So the configuration will be:

access-list 101 permit ip 10.130.130.0 0.0.0.255 any

!

route-map PBR_VLAN130 permit 10

match ip address 101

set ip next-hop 10.80.80.1

!

interface Vlan 130

ip address 10.130.130.254 255.255.255.0

ip policy route-map PBR_VLAN130

 

Is that right?

 

Thanks

Hello,

 

that looks right. Does it work ?

Hello,

 

Not yet, just need to know about ACL as we apply access-list extended so is fine to use (access-list 101 permit ip) or not.

 

Thanks

Hello,

 

the access list 101 should work with PBR. Give it a try and let us know the results.

Hello

You don’t need an access-list to pbr the whole subnet just set a next-hop and it will pbr all traffic originating from that vlan —- that is unless you have other traffic residing off that vlan then an acl would be required.

 

Also you have not confirmed If that ip you want to route too does/does not reside in another vlan off the coreswitch ?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
paul driver
VIP Mentor

Hello

If that ip is in another vlan off the coreswitch than it will be routed via the coreswitch (intervlan routing) otherwise it will route via the firewall via the default route.
Now if you wish for just one vlan to access that ip then you will need to apply a routed access-list to control that access.

So can you confirm where this specifc ip resides and elaborate a little more on what you wish to do?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future