10-08-2020 05:21 AM
Hello
We have different VLANs in coreswitch with ip interface for each VLAN and the default route is 0.0.0.0 0.0.0.0 10.70.70.1
So all Vlan route to firewall, How to route only one VLAN to another IP 10.80.80.1
Appreciate your support
Thanks
Solved! Go to Solution.
10-08-2020 05:37 AM
Hello,
use PBR. Let's say you want Vlan 10 traffic to go to 10.80.80.1, the configuration would be:
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
!
route-map PBR_VLAN10 permit 10
match ip address 101
set ip next-hop 10.80.80.1
!
interface Vlan 10
ip address 192.168.10.1 255.255.255.0
ip policy route-map PBR_VLAN10
10-08-2020 05:37 AM
Hello,
use PBR. Let's say you want Vlan 10 traffic to go to 10.80.80.1, the configuration would be:
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
!
route-map PBR_VLAN10 permit 10
match ip address 101
set ip next-hop 10.80.80.1
!
interface Vlan 10
ip address 192.168.10.1 255.255.255.0
ip policy route-map PBR_VLAN10
10-08-2020 10:38 AM
Hello Georg
Thank you for your reply
The VLAN that I need to route it to different IP
VLAN 130
IP 10.130.130.0 255.255.255.0
So the configuration will be:
access-list 101 permit ip 10.130.130.0 0.0.0.255 any
!
route-map PBR_VLAN130 permit 10
match ip address 101
set ip next-hop 10.80.80.1
!
interface Vlan 130
ip address 10.130.130.254 255.255.255.0
ip policy route-map PBR_VLAN130
Is that right?
Thanks
10-08-2020 11:54 AM
Hello,
that looks right. Does it work ?
10-08-2020 12:53 PM
Hello,
Not yet, just need to know about ACL as we apply access-list extended so is fine to use (access-list 101 permit ip) or not.
Thanks
10-08-2020 12:57 PM
Hello,
the access list 101 should work with PBR. Give it a try and let us know the results.
10-09-2020 03:06 PM - edited 10-10-2020 12:46 AM
Hello
You don’t need an access-list to pbr the whole subnet just set a next-hop and it will pbr all traffic originating from that vlan —- that is unless you have other traffic residing off that vlan then an acl would be required.
Also you have not confirmed If that ip you want to route too does/does not reside in another vlan off the coreswitch ?
10-08-2020 10:30 AM
Hello
If that ip is in another vlan off the coreswitch than it will be routed via the coreswitch (intervlan routing) otherwise it will route via the firewall via the default route.
Now if you wish for just one vlan to access that ip then you will need to apply a routed access-list to control that access.
So can you confirm where this specifc ip resides and elaborate a little more on what you wish to do?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide