cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4128
Views
0
Helpful
36
Replies

Using SLA for gateway of last resort for specific subnet

TRACY HARTMANN
Level 1
Level 1

I am trying to get a ip SLA to change the gateway of last resort for a specific subnet.  This is what I have so far...

 IP SLA

ip sla 10
icmp-echo 10.20.0.90 (router I want to be gateway of last resort for specific subnets

 

ip sla schedule 10 life forever start-time now
route-map last_resort permit 10
match ip address test

 

ip access-list extended testzscaler
permit ip host 10.3.20.2 any  ( just trying one address for now)

 

ip local policy route-map zscaler_last_resort
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.0.90 track 10  Only for specific subnets
ip route 0.0.0.0 0.0.0.0 10.20.0.1 200   Default for everyone else

 

If I trace from the switch everything goes out the 10.20.0.90.  However I just want the 10.3.20.2 to go that way.

 

 

Tracy

 

 

 

36 Replies 36

Hello,

 

Post the full configuration of your device...

Right now I am in the middle of trying to get either the SLA or PBR to work.  But below is the config

 

no aaa new-model
switch 1 provision ws-c3750g-48ts
system mtu routing 1500
!
track 10 ip sla 10 reachability
ip routing

spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface GigabitEthernet1/0/1
switchport access vlan 203
!
interface GigabitEthernet1/0/2
switchport access vlan 204
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4

interface Vlan202
ip address 172.16.1.40 255.255.255.0
!
interface Vlan203
ip address 10.20.0.12 255.255.255.0
!
interface Vlan204
ip address 10.3.20.1 255.255.255.224
!

router eigrp 800
network 10.3.20.0 0.0.0.31
network 10.20.0.0 0.0.0.255
network 172.16.1.0 0.0.0.255
!
ip local policy route-map zscaler_last_resort
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.0.1
ip http server
ip http secure-server

 

ip access-list extended testzscaler
permit ip host 10.3.20.2 any
permit ip host 10.30.20.1 any

ip sla 10
icmp-echo 10.20.0.90
ip sla schedule 10 life forever start-time now
route-map zscaler_last_resort permit 10
match ip address testzscaler
set ip default next-hop 10.20.0.90

line con 0
line vty 0 4
line vty 5 15
!

 

 

 

Hi,

Where you applying the route map? This route must apply on source interface and if I am not your source interface is vlan 203.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hello,

 

I am not really sure I understand what you are trying to accomplish, but why don't you track the specific static route for your subnet:

 

ip route 10.3 20.0 255.255.255.0 track 10
ip route 10.3.20.0 255.255.255.0 10.20.0.1 200

 

You can also attach an EEM script that tracks your SLA and insert any route you want...

What I really need is to have two different gateway of last resorts.  I already have a default gateway of last resort but want to send certain subnets to a second gateway of last resort.   I know I can do this with the ip default next hop command but that is not available on the 3750.  So I am looking for a different way to accomplish it.   I am not familar with the EEm Script what would that look like to accomplish a gateway of last resort for specific subnets?

Hello,

 

your 3750 will take the most specific route. So if you have configured:

 

ip route 10.3 20.0 255.255.255.0 track 10
ip route 10.3.20.0 255.255.255.0 10.20.0.1 200

 

it will install the secondary route for 10.3.20.0/24 instead of the default route, because that is a more specific route.

 

Can you summarise all the networks that you do have routes for in the routing table ? 

 

So the default route will take care of internet traffic but are all the routes you want to use for private RFC subnets ? 

 

Jon

Yes I want all internet traffic to go to a different gateway IF there source subnet is X.X.X.X otherwise use the current default.

 

Anything else will be taken care of by having routes in the table already.

 

I understand what you are trying to do. 

 

My question was about the routes in the routing table (not the default route). 

 

Are the routes using private address ranges ie. can they be summarised in an access list ? 

 

Jon

I'm sorry yes private addresses.

 

 

 

Okay I have some 3750s at work in a lab so if I get the chance tomorrow I can test something out for you. 

 

What is the internal private range(s) you use ? 

 

Jon

We subnet out 10.0.0.0/8 and use some 172.16.x.x.   Below is off the router I have been testing from.  I am trying to get 10.3.20.0 subnet to go out the different gateway of last resort .

 

I was testing with subnets 

 

interface Vlan202
ip address 172.16.1.40 255.255.255.0
!
interface Vlan203
ip address 10.20.0.12 255.255.255.0
!
interface Vlan204
ip address 10.3.20.1 255.255.255.224

 

 

Hi,
Then change the ACL as per requirement and apply route map under the source vlan 204.
Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

 

Deepak 

 

The issue is not where the PBR is applied. 

 

What the OP wants to do is check the routing table first for a route and only if there is not a specific route for the destination then use the next hop specified in the PBR configuration. 

 

To be able to do this you need to use the "set ip default next-hop ..." command (note the word default) and this command is not supported on the 3750 which I tried to point out to you in an earlier post. 

 

Jon

Hi,
Jon, this point I missed out. Let me check another way.
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: