Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1035
Views
2
Helpful
5
Replies

Static route or Default Route for Single VLAN

Go to solution
Saeed Siddiqui
Level 1
Level 1

‎06-12-2023 02:32 PM - last edited on ‎06-20-2023 02:47 AM by Community Manager

Hello Awesome Engineers,

this is a problem i am facing and i hope you can help and navigate me to the right direction. to keep it simple i will give you a simple example:

i have nexus 9508, it has a

default route

pointing to ethernet 5/5 which is connected to my company/s corporate site.  -> this is working fine, so we are good here.

i have many SVIs  and those are under EIGRP being

redistributed

into BGP -> this is also working fine, so we are good here as well.

then i have another SVI lets say interface vlan 10, i want to make this SVI to go out to internet but i cannot use

default router

as it is already pointing to company's Corporate. i cannot use static route because destination is not known, it can go to any destination. so the bottom line is only VLAN 10 should be allowed to go to 172.10.1.1 as a next hop for any destination.

any help?

 

 

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Saeed Siddiqui
Level 1
Level 1
In response to MHM Cisco World

‎06-12-2023 05:37 PM - last edited on ‎06-20-2023 02:57 AM by Community Manager

thanks for all your help VIP Mentor, this link really helped.

i have created a configs, would you please have a look and let me know if this will work?

Switch#1
interface Vlan10
description
no shutdown
ip address 192.168.1.2/24
hsrp 10
preempt
priority 110
ip 192.168.1.1

interface Vlan20
description Connection to the upstream Firewalls
no shutdown
ip address 172.10.1.5/29
hsrp version 2
hsrp 20
preempt
priority 120
ip 172.10.1.4

interface Ethernet1/1
description Physical Connection to upstream Firewalls
switchport
switchport access vlan 20
no shutdown

---------------------------------------------------------------------------------

Switch#2
interface Vlan10
description
no shutdown
ip address 192.168.1.3/24
hsrp 10
preempt
ip 192.168.1.1


interface Vlan20
description Connection to the upstream Firewalls
no shutdown
ip address 172.10.1.6/29
hsrp version 2
hsrp 20
preempt
ip 172.10.1.4

interface Ethernet1/1
description Physical Connection to upstream Firewalls
switchport
switchport access vlan 20
no shutdown
--------------------------------------------------------------------------------------

requirement: only traffic originated from 192.168.1.0/24 should go out 172.10.1.1 which is HA address of cisco firepower, all other traffic should go out to

Default Route.

at present, all the traffic is going out to

default route

which is company's corporate network.

PBR Configs:

Switch#1
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

route-map vlan10_to_net
match ip address 100
set next hop 172.10.1.1

interface Vlan10
ip policy route-map vlan10_to_net


Switch#2
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

route-map vlan10_to_net
match ip address 100
set next hop 172.10.1.1

interface Vlan10
ip policy route-map vlan10_to_net

 

 

View solution in original post

5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

‎06-12-2023 02:55 PM

Use pbr under vlan10 set next hop ip 172.10.1.1

0 Helpful

Go to solution
Saeed Siddiqui
Level 1
Level 1
In response to MHM Cisco World

‎06-12-2023 03:03 PM - last edited on ‎06-20-2023 02:53 AM by Community Manager

may i get some detail information or any article that can help? 

how about static route over vlan like this:

switch# configure terminal swicth(config)# interface vlan 10 switch(config-if)# ip address 192.0.2.1/24 switch(config-if)# ip route 172.10.1.1 vlan 10  switch(config-if)# copy running-config startup-config

 

0 Helpful

Go to solution
Saeed Siddiqui
Level 1
Level 1
In response to MHM Cisco World

‎06-12-2023 05:37 PM - last edited on ‎06-20-2023 02:57 AM by Community Manager

thanks for all your help VIP Mentor, this link really helped.

i have created a configs, would you please have a look and let me know if this will work?

Switch#1
interface Vlan10
description
no shutdown
ip address 192.168.1.2/24
hsrp 10
preempt
priority 110
ip 192.168.1.1

interface Vlan20
description Connection to the upstream Firewalls
no shutdown
ip address 172.10.1.5/29
hsrp version 2
hsrp 20
preempt
priority 120
ip 172.10.1.4

interface Ethernet1/1
description Physical Connection to upstream Firewalls
switchport
switchport access vlan 20
no shutdown

---------------------------------------------------------------------------------

Switch#2
interface Vlan10
description
no shutdown
ip address 192.168.1.3/24
hsrp 10
preempt
ip 192.168.1.1


interface Vlan20
description Connection to the upstream Firewalls
no shutdown
ip address 172.10.1.6/29
hsrp version 2
hsrp 20
preempt
ip 172.10.1.4

interface Ethernet1/1
description Physical Connection to upstream Firewalls
switchport
switchport access vlan 20
no shutdown
--------------------------------------------------------------------------------------

requirement: only traffic originated from 192.168.1.0/24 should go out 172.10.1.1 which is HA address of cisco firepower, all other traffic should go out to

Default Route.

at present, all the traffic is going out to

default route

which is company's corporate network.

PBR Configs:

Switch#1
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

route-map vlan10_to_net
match ip address 100
set next hop 172.10.1.1

interface Vlan10
ip policy route-map vlan10_to_net


Switch#2
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

route-map vlan10_to_net
match ip address 100
set next hop 172.10.1.1

interface Vlan10
ip policy route-map vlan10_to_net

 

 

Go to solution
MHM Cisco World
VIP
VIP
In response to Saeed Siddiqui

‎06-14-2023 08:51 AM

You are so welcome 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card