01-29-2019 08:54 AM
I am trying to get a ip SLA to change the gateway of last resort for a specific subnet. This is what I have so far...
IP SLA
ip sla 10
icmp-echo 10.20.0.90 (router I want to be gateway of last resort for specific subnets
ip sla schedule 10 life forever start-time now
route-map last_resort permit 10
match ip address test
ip access-list extended testzscaler
permit ip host 10.3.20.2 any ( just trying one address for now)
ip local policy route-map zscaler_last_resort
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.0.90 track 10 Only for specific subnets
ip route 0.0.0.0 0.0.0.0 10.20.0.1 200 Default for everyone else
If I trace from the switch everything goes out the 10.20.0.90. However I just want the 10.3.20.2 to go that way.
Tracy
01-30-2019 12:24 PM
Hello,
Post the full configuration of your device...
01-30-2019 12:58 PM
Right now I am in the middle of trying to get either the SLA or PBR to work. But below is the config
no aaa new-model
switch 1 provision ws-c3750g-48ts
system mtu routing 1500
!
track 10 ip sla 10 reachability
ip routing
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface GigabitEthernet1/0/1
switchport access vlan 203
!
interface GigabitEthernet1/0/2
switchport access vlan 204
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
interface Vlan202
ip address 172.16.1.40 255.255.255.0
!
interface Vlan203
ip address 10.20.0.12 255.255.255.0
!
interface Vlan204
ip address 10.3.20.1 255.255.255.224
!
router eigrp 800
network 10.3.20.0 0.0.0.31
network 10.20.0.0 0.0.0.255
network 172.16.1.0 0.0.0.255
!
ip local policy route-map zscaler_last_resort
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.0.1
ip http server
ip http secure-server
ip access-list extended testzscaler
permit ip host 10.3.20.2 any
permit ip host 10.30.20.1 any
ip sla 10
icmp-echo 10.20.0.90
ip sla schedule 10 life forever start-time now
route-map zscaler_last_resort permit 10
match ip address testzscaler
set ip default next-hop 10.20.0.90
line con 0
line vty 0 4
line vty 5 15
!
01-30-2019 01:17 PM
Hi,
Where you applying the route map? This route must apply on source interface and if I am not your source interface is vlan 203.
Regards,
Deepak Kumar
01-29-2019 12:20 PM
Hello,
I am not really sure I understand what you are trying to accomplish, but why don't you track the specific static route for your subnet:
ip route 10.3 20.0 255.255.255.0 track 10
ip route 10.3.20.0 255.255.255.0 10.20.0.1 200
You can also attach an EEM script that tracks your SLA and insert any route you want...
01-29-2019 12:27 PM
What I really need is to have two different gateway of last resorts. I already have a default gateway of last resort but want to send certain subnets to a second gateway of last resort. I know I can do this with the ip default next hop command but that is not available on the 3750. So I am looking for a different way to accomplish it. I am not familar with the EEm Script what would that look like to accomplish a gateway of last resort for specific subnets?
01-29-2019 02:11 PM
Hello,
your 3750 will take the most specific route. So if you have configured:
ip route 10.3 20.0 255.255.255.0 track 10
ip route 10.3.20.0 255.255.255.0 10.20.0.1 200
it will install the secondary route for 10.3.20.0/24 instead of the default route, because that is a more specific route.
01-30-2019 12:37 AM
Can you summarise all the networks that you do have routes for in the routing table ?
So the default route will take care of internet traffic but are all the routes you want to use for private RFC subnets ?
Jon
01-30-2019 12:53 PM
Yes I want all internet traffic to go to a different gateway IF there source subnet is X.X.X.X otherwise use the current default.
Anything else will be taken care of by having routes in the table already.
01-30-2019 12:59 PM
I understand what you are trying to do.
My question was about the routes in the routing table (not the default route).
Are the routes using private address ranges ie. can they be summarised in an access list ?
Jon
01-30-2019 01:04 PM
I'm sorry yes private addresses.
01-30-2019 01:12 PM
Okay I have some 3750s at work in a lab so if I get the chance tomorrow I can test something out for you.
What is the internal private range(s) you use ?
Jon
01-30-2019 01:19 PM
We subnet out 10.0.0.0/8 and use some 172.16.x.x. Below is off the router I have been testing from. I am trying to get 10.3.20.0 subnet to go out the different gateway of last resort .
I was testing with subnets
interface Vlan202
ip address 172.16.1.40 255.255.255.0
!
interface Vlan203
ip address 10.20.0.12 255.255.255.0
!
interface Vlan204
ip address 10.3.20.1 255.255.255.224
01-30-2019 01:23 PM
01-30-2019 01:29 PM - edited 01-30-2019 01:29 PM
Deepak
The issue is not where the PBR is applied.
What the OP wants to do is check the routing table first for a route and only if there is not a specific route for the destination then use the next hop specified in the PBR configuration.
To be able to do this you need to use the "set ip default next-hop ..." command (note the word default) and this command is not supported on the 3750 which I tried to point out to you in an earlier post.
Jon
01-30-2019 01:31 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide