01-29-2019 08:54 AM
I am trying to get a ip SLA to change the gateway of last resort for a specific subnet. This is what I have so far...
IP SLA
ip sla 10
icmp-echo 10.20.0.90 (router I want to be gateway of last resort for specific subnets
ip sla schedule 10 life forever start-time now
route-map last_resort permit 10
match ip address test
ip access-list extended testzscaler
permit ip host 10.3.20.2 any ( just trying one address for now)
ip local policy route-map zscaler_last_resort
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.0.90 track 10 Only for specific subnets
ip route 0.0.0.0 0.0.0.0 10.20.0.1 200 Default for everyone else
If I trace from the switch everything goes out the 10.20.0.90. However I just want the 10.3.20.2 to go that way.
Tracy
01-30-2019 01:42 PM
I don't think I owe anyone anything from the requests. The PBR will work the way I want on other platforms and yes it is the ip default next hop statement. I have just not gotten it to work on the 3750 so I am trying to find a different way to do the same thing.
Thanks everyone for any help.
02-06-2019 01:24 PM
Thanks for all the replies, did anyone find a different way to do this?
02-05-2019 12:16 PM
Jon I think you were going to do some testing, is there any other way I can accomplish the same type of gateway of last resort for a specific ip or subnet besides the ip default next hop?
Thanks
01-30-2019 01:22 PM
Thinking about this I seem to remember we have had this issue before and there is no easy solution.
You could in your acl for the route map use deny lines for the traffic to your internal subnets (you could summarise) and then have a permit for everything else ie. internet traffic but using deny lines in a PBR acl on a 3750 can cause high CPU and is not advised.
There really is no easy way to do what you want on the 3750 but IP SLA is most definitely not going to do what you want.
Jon
01-30-2019 01:27 PM
01-30-2019 01:31 PM
You can do that but on a 3750 switch it can cause high CPU presumably because those lines would be dealt with in software and not hardware switched.
Might be worth a try but from memory the Cisco docs recommend against it
Jon
01-30-2019 12:55 AM
Hello,
just one more thing: I didn't mean to remove the default route from your config, leave that in there. Just add the two more specific routes (one tracked, one with the higher administrative dstance) for your speciic subnet...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide