02-16-2015 01:22 AM - edited 03-07-2019 10:40 PM
Hello all,
i'm working on a LAN, i have a VLAN named server (composed by VM servers). The PBR is configured on the core switch and it allow the servers to access the internet using the WIMAX link.
I want to change the configuration in order to make a particular VM access the internet using another gateway (using the fiber line).
I dont know how can i do this. I tried the folowing and i does'nt work:
access list 105 permit ip host 10.10.10.5 any
route-map WAC
match ip address 105
set ip next hop 10.10.10.102
Thank you in advance :)
Solved! Go to Solution.
02-16-2015 03:06 AM
Try editing your config like this:
no access-list 110
access-list 110 deny ip host 10.10.10.40 any
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.3
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.6
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.5
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.40.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 172.31.16.0 0.0.0.255
access-list 110 deny ip host 10.10.10.5 any
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 permit ip host 10.10.10.5 any
route-map VLAN10 permit 1
match ip address 105
set ip next-hop 10.10.101.2
route-map VLAN10 permit 2
match ip address 110
set ip next-hop 10.10.100.1
CF
02-16-2015 02:38 AM
If the default gateway you want this server to use is the default route in the routing table then just pit a deny line in your existing PBR acl for that host before the permit line for the other servers.
If it is not the default route then you need another line in your PBR route map.
But it needs to go before the existing one.
Perhaps if you post the existing PBR configuration we can help more.
Jon
02-16-2015 02:52 AM
i explain the situation:
What i have as a confioguration is:
interface Vlan10
ip address 10.10.10.253 255.255.255.0
ip policy route-map VLAN10
!
access-list 110 deny ip host 10.10.10.40 any
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.3
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.6
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.5
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.40.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 172.31.16.0 0.0.0.255
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
route-map VLAN10 permit 1
match ip address 110
set ip next-hop 10.10.100.1
!
My goal is to change this config inorder to add an exception for a specific server having the ip address 10.10.10.5. Packets sent from this server will take a different way . so first i create a new access list that i puted before the access list 110:
access-list 105 permit ip host 10.10.10.5 any
and i configured a new route map as follow:
route-map WAC permit 1
match ip address 105
set ip next-hop 10.10.101.2
!
But this didnt solve the problem and packets from the particular server continue to be routed according to the route map applied to the vlan interface !!!
Thank you for help :)
02-16-2015 03:06 AM
Try editing your config like this:
no access-list 110
access-list 110 deny ip host 10.10.10.40 any
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.3
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.6
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.5
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.40.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 172.31.16.0 0.0.0.255
access-list 110 deny ip host 10.10.10.5 any
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 permit ip host 10.10.10.5 any
route-map VLAN10 permit 1
match ip address 105
set ip next-hop 10.10.101.2
route-map VLAN10 permit 2
match ip address 110
set ip next-hop 10.10.100.1
CF
02-16-2015 05:48 AM
Thank you for reply, i will test this and i will go back to say if it is ok :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide