10-20-2015 01:43 PM
Hello all !
Here I come again asking for help ! :)
Here is the goal : I want one set of computers to use one WAN and an other set using the other WAN, based on the IP Range.
I use a cisco 891 router. Fastethernet0 is one WAN, GigabitEthernet8 is the other WAN, and gigabitethernet 0 to 7 are 8 switch ports of the router.
As of now, I have my two internet access working fine, each one of them is plugged in one WAN port of my router. I have no problem have all of my computers using one WAN or the other, or even load balancing between them, but what I want is to fix some computers using one internet access and the other computer to use the other internet access.
I don't know how to do that, I was looking into routing by source IP but I don't really know how to do. I saw something about Policy based Routing but I can only apply these policy on incoming packets I don't seem to be able to apply these policy to one of the switch port of the router. I would need to use one of the WAN port to plug my incoming LAN in, but then I would not have enough WAN port for both of my internet connections.
Gateway of internet connection #1 is 172.26.2.254
Gateway of connection #2 is 192.168.1.254
Here is my actuel config :
I understand why I have poor connection whith this config since it is load balancing between the two default route and sending only to one of my two wan depending on the IP, but I don't know what to do to tell precilesy range of IP #1 to go there and range of IP #2 to go here.
Cisco891(config)#do sh run Building configuration... Current configuration : 3833 bytes ! ! Last configuration change at 15:11:43 UTC Tue Oct 20 2015 by *********** ! NVRAM config last updated at 14:58:11 UTC Tue Oct 20 2015 by *************** ! NVRAM config last updated at 14:58:11 UTC Tue Oct 20 2015 by ************** version 15.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco891 ! boot-start-marker boot-end-marker ! aqm-register-fnf ! enable secret 5 ************************/ enable password ************************ ! no aaa new-model ! ! ! ! ! ! ! ip dhcp excluded-address 172.26.1.1 172.26.1.49 ip dhcp excluded-address 172.26.1.100 172.26.1.254 ip dhcp excluded-address 10.10.20.1 10.10.20.49 ip dhcp excluded-address 10.10.20.100 10.10.20.254 ! ip dhcp pool vlan1pool network 172.26.1.0 255.255.255.0 default-router 172.26.1.254 dns-server 208.67.222.222 208.67.220.220 ! ! ! ip domain name lnc360.fr ip name-server 208.67.222.222 ip name-server 208.67.220.220 ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! license udi pid C891F-K9 sn ******************************* ! ! username ******************** privilege 15 secret ************************************* ! ! ! ! ! no ip ftp passive ip ssh time-out 60 ip ssh logging events ip ssh version 2 ! ! ! ! ! ! ! ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface FastEthernet0 ip address 192.168.1.1 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0 switchport mode trunk no ip address ! interface GigabitEthernet1 switchport mode trunk no ip address ! interface GigabitEthernet2 switchport mode trunk no ip address ! interface GigabitEthernet3 switchport mode trunk no ip address ! interface GigabitEthernet4 switchport mode trunk no ip address ! interface GigabitEthernet5 switchport mode trunk no ip address ! interface GigabitEthernet6 switchport mode trunk no ip address ! interface GigabitEthernet7 switchport mode trunk no ip address ! interface GigabitEthernet8 ip address 172.26.2.10 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface Vlan1 ip address 172.26.1.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Vlan2 ip address 10.10.10.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Async3 no ip address encapsulation slip ! ip forward-protocol nd ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list LAN_PCs interface GigabitEthernet8 overload ip nat inside source list LAN_servers interface FastEthernet0 overload ip route 0.0.0.0 0.0.0.0 172.26.2.254 ip route 0.0.0.0 0.0.0.0 192.168.1.254 ! ip access-list extended LAN_PCs deny ip 172.26.1.0 0.0.0.31 any deny ip 172.26.1.112 0.0.0.15 any deny ip 172.26.1.240 0.0.0.15 any permit ip 172.26.1.0 0.0.0.255 any ip access-list extended LAN_servers permit ip 10.10.10.0 0.0.0.255 any permit ip 172.26.1.0 0.0.0.31 any permit ip 172.26.1.112 0.0.0.15 any permit ip 172.26.1.240 0.0.0.15 any ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! line con 0 no modem enable line aux 0 line 3 modem InOut speed 115200 flowcontrol hardware line vty 0 4 privilege level 15 password 7 ****************************************** login local transport input ssh transport output ssh line vty 5 15 password 7 *********************************************** login local transport input telnet transport output telnet ! scheduler allocate 20000 1000 ntp update-calendar ntp server 0.europe.pool.ntp.org ! end
Thanks !
Solved! Go to Solution.
10-21-2015 03:44 AM
Hello
Apply the PBR policy on the SVI'sof the vlans
int vlan 1
ip policy route-map PBR
int vlan 2
ip policy route-map PBR
res
Paul
10-21-2015 03:44 AM
Hello
Apply the PBR policy on the SVI'sof the vlans
int vlan 1
ip policy route-map PBR
int vlan 2
ip policy route-map PBR
res
Paul
10-21-2015 04:09 AM
damn, I did not think to apply Policy to the vlan !
I have something working now but I like your solution better, I will try it this afternoon ! thanks !
10-21-2015 07:04 AM
it works ! thanks a lot :D (conf file under)
The following conf file make things work that way :
conf file :
Current configuration : 3973 bytes ! ! Last configuration change at 12:14:03 UTC Wed Oct 21 2015 by ************** ! NVRAM config last updated at 12:07:01 UTC Wed Oct 21 2015 by *************** ! NVRAM config last updated at 12:07:01 UTC Wed Oct 21 2015 by ****************** version 15.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco891 ! boot-start-marker boot-end-marker ! aqm-register-fnf ! enable secret ******************************************* enable password ************************************************ ! no aaa new-model ! ! ! ! ! ! ! ip dhcp excluded-address 172.26.1.1 172.26.1.49 ip dhcp excluded-address 172.26.1.100 172.26.1.254 ! ip dhcp pool vlan1pool network 172.26.1.0 255.255.255.0 default-router 172.26.1.254 dns-server 208.67.222.222 208.67.220.220 ! ! ! ip domain name lnc360.fr ip name-server 208.67.222.222 ip name-server 208.67.220.220 ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! license udi pid C891F-K9 sn ************************************ ! ! username *************************** privilege 15 secret ********************************** ! ! ! ! ! no ip ftp passive ip ssh time-out 60 ip ssh logging events ip ssh version 2 ! ! ! ! ! ! ! ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface FastEthernet0 ip address 192.168.1.1 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0 switchport mode trunk no ip address ! interface GigabitEthernet1 switchport mode trunk no ip address ! interface GigabitEthernet2 switchport mode trunk no ip address ! interface GigabitEthernet3 switchport mode trunk no ip address ! interface GigabitEthernet4 switchport mode trunk no ip address ! interface GigabitEthernet5 switchport mode trunk no ip address ! interface GigabitEthernet6 switchport mode trunk no ip address ! interface GigabitEthernet7 switchport mode trunk no ip address ! interface GigabitEthernet8 ip address 192.168.0.1 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface Vlan1 ip address 172.26.1.254 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PCs_ROUTE ! interface Vlan2 ip address 10.10.10.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Async3 no ip address encapsulation slip ! ip forward-protocol nd ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list LAN_PCs interface GigabitEthernet8 overload ip nat inside source list LAN_servers interface FastEthernet0 overload ip route 0.0.0.0 0.0.0.0 192.168.1.254 ! ip access-list extended LAN_PCs deny ip 172.26.1.0 0.0.0.31 any deny ip 172.26.1.112 0.0.0.15 any deny ip 172.26.1.240 0.0.0.15 any permit ip 172.26.1.0 0.0.0.255 any ip access-list extended LAN_servers permit ip 10.10.10.0 0.0.0.255 any permit ip 172.26.1.0 0.0.0.31 any permit ip 172.26.1.112 0.0.0.15 any permit ip 172.26.1.240 0.0.0.15 any ip access-list extended vlan1_to_vlan2 permit ip 172.26.1.0 0.0.0.255 10.10.10.0 0.0.0.255 ! ! route-map PCs_ROUTE permit 10 match ip address vlan1_to_vlan2 ! route-map PCs_ROUTE permit 20 match ip address LAN_PCs set ip next-hop 192.168.0.254 ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! line con 0 no modem enable line aux 0 line 3 modem InOut speed 115200 flowcontrol hardware line vty 0 4 privilege level 15 password 7 ********************* login local transport input ssh transport output ssh line vty 5 15 password 7 **************************************** login local transport input telnet transport output telnet ! scheduler allocate 20000 1000 ntp update-calendar ntp server 0.europe.pool.ntp.org ! end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide