Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6041
Views
0
Helpful
9
Replies

connect to 2 ISP using route-map

Go to solution
dannan lin
Level 1
Level 1

‎06-21-2012 01:33 AM - edited ‎03-07-2019 07:22 AM

hi:

i have a following  scenario.

2012-06-21_155538.jpg

both R2 and R3 act as ISPs. and R1 as company gateway router ,R4 as normal PCs.

R2 and R3 have same loopback interfaces with ip address 5.5.5.5 /24(emulate internet)  .

requirement :

1. traffic which  is sourced from 10.10.10.0/24 must go through s0/0 at R1

2. traffic from 20.20.20.0/24 must go through s0/1 at R1

here is what i have done

R1(config)#do show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, Serial0/0

     2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Serial0/1

     3.0.0.0/24 is subnetted, 1 subnets

C       3.3.3.0 is directly connected, FastEthernet1/0

     20.0.0.0/24 is subnetted, 1 subnets

S       20.20.20.0 [1/0] via 3.3.3.3

     10.0.0.0/24 is subnetted, 1 subnets

S       10.10.10.0 [1/0] via 3.3.3.3

S*   0.0.0.0/0 is directly connected, Serial0/0

               is directly connected, Serial0/1   /* i used default route to connect to 5.5.5.5.

Access lists

R1(config)#do show access-list

Standard IP access list 1

    10 permit 10.10.10.0, wildcard bits 0.0.0.255

Standard IP access list 2

    10 permit 20.20.20.0, wildcard bits 0.0.0.255

Route-map


R1(config)#do show route

route-map ISP_R3, permit, sequence 20

  Match clauses:

    ip address (access-lists): 2

  Set clauses:

    interface Serial0/1

  Policy routing matches: 0 packets, 0 bytes

route-map ISP_R2, permit, sequence 10

  Match clauses:

    ip address (access-lists): 1

  Set clauses:

    interface Serial0/0

  Policy routing matches: 0 packets, 0 bytes

i applied two policies on both serial links.

interface Serial0/0

ip address 1.1.1.1 255.255.255.0

ip policy route-map ISP_R2

serial restart-delay 0

!        

interface Serial0/1

ip address 2.2.2.2 255.255.255.0

ip policy route-map ISP_R3

serial restart-delay 0

!        

interface Serial0/2

no ip address

shutdown

serial restart-delay 0

!        

interface Serial0/3

no ip address

shutdown

serial restart-delay 0

!        

interface FastEthernet1/0

ip address 3.3.3.1 255.255.255.0

duplex auto

speed auto

!        

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 0.0.0.0 0.0.0.0 Serial0/1

ip route 10.10.10.0 255.255.255.0 3.3.3.3

ip route 20.20.20.0 255.255.255.0 3.3.3.3

!        

!        

!        

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 2 permit 20.20.20.0 0.0.0.255

!        

route-map ISP_R3 permit 20

match ip address 2

set interface Serial0/1

!        

route-map ISP_R2 permit 10

match ip address 1

set interface Serial0/0

i have no ideas what's wrong with this setup. the route-map did not work.

below is trace route output

R4(config)#do trace 5.5.5.5 source 20.20.20.20

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 3.3.3.1 36 msec 20 msec 24 msec

  2 2.2.2.22 48 msec

*Mar  1 01:35:35.403: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.427: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.455: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.503: ICMP: dst (20.20.20.20) port unreachable rcv from 2.2.2.22 *  48 msec

R4(config)#

*Mar  1 01:35:38.551: ICMP: dst (20.20.20.20) port unreachable rcv from 2.2.2.22

R4(config)#do trace 5.5.5.5 source 10.10.10.10                              

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 3.3.3.1 52 msec 24 msec 20 msec

  2 2.2.2.22 48 msec

*Mar  1 01:37:17.351: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.379: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.399: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.447: ICMP: dst (10.10.10.10) port unreachable rcv from 2.2.2.22 *  56 msec

ping 5.5.5.5 had no problems but why did both traffic go through 2.2.2.22 ?

i have no ideas what's wrong with this setup. the route-map just did not work.

I hope some one could help me out here.

thank you in advance.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
bava_ccna
Level 1
Level 1

‎06-21-2012 01:59 AM

Hi,

You have to apply the policy in the ingress interface of R1 (i.e fa1/0) and also you don't need two different route-map for acheiving this. Match the access-list in two different sequence of the same route-map and assign a different next-hop for each matching criteria..

-HTH

bava

View solution in original post

0 Helpful

Go to solution
smehrnia
Level 7
Level 7
In response to dannan lin

‎06-21-2012 07:52 AM

Hi Dannan,

route-maps are sequenced, like access lists. use the Same Name and different sequence numbers to apply different Match/Set clauses. and remeber there is an implicit Deny at the end of the route-map, just like access-lists.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.

View solution in original post

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to smehrnia

‎06-22-2012 12:39 AM

Hi,

No need for an empty permit clause at the end in a route-map used for PBR because the denied traffic will just simply routed based on the RIB.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎06-21-2012 01:46 AM

Hi,

the PBR policy must be applied to f0/1 interface of R3 not on the serials as it must be applied on the ingress interface of the source.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
dannan lin
Level 1
Level 1
In response to cadet alain

‎06-21-2012 03:27 AM

thanks for your quick reply, i am still  new to policy routing. if i have to apply the policy on f0/1, how am i supposed to do that? everytime i wrote an ip policy , the new one overwrote the older one.  i thought one interface can have a only one route map policy applied.

much appreciated.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to dannan lin

‎06-21-2012 05:13 AM

Hi,

Look at Bava's answer: you only need one route-map but with multiple clauses.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
smehrnia
Level 7
Level 7
In response to dannan lin

‎06-21-2012 07:52 AM

Hi Dannan,

route-maps are sequenced, like access lists. use the Same Name and different sequence numbers to apply different Match/Set clauses. and remeber there is an implicit Deny at the end of the route-map, just like access-lists.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.
0 Helpful

Go to solution
dannan lin
Level 1
Level 1
In response to smehrnia

‎06-21-2012 05:34 PM

thanks . i will try that.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to smehrnia

‎06-22-2012 12:39 AM

Hi,

No need for an empty permit clause at the end in a route-map used for PBR because the denied traffic will just simply routed based on the RIB.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
bava_ccna
Level 1
Level 1

‎06-21-2012 01:59 AM

Hi,

You have to apply the policy in the ingress interface of R1 (i.e fa1/0) and also you don't need two different route-map for acheiving this. Match the access-list in two different sequence of the same route-map and assign a different next-hop for each matching criteria..

-HTH

bava

0 Helpful

Go to solution
dannan lin
Level 1
Level 1
In response to bava_ccna

‎06-21-2012 05:35 PM

thanks for your help,i will try that later.

0 Helpful

Go to solution
dannan lin
Level 1
Level 1

‎06-23-2012 01:20 AM

it worked, thanks.

0 Helpful
Top