Solved: Thank you for reply, i will

marwa.jeljli1 · ‎02-16-2015

Hello all,

i'm working on a LAN, i have a VLAN named server (composed by VM servers). The PBR is configured on the core switch and it allow the servers to access the internet using the WIMAX link.

I want to change the configuration in order to make a particular VM access the internet using another gateway (using the fiber line).

I dont know how can i do this. I tried the folowing and i does'nt work:

access list 105 permit ip host 10.10.10.5 any

route-map WAC

match ip address 105

set ip next hop 10.10.10.102

Thank you in advance :)

Cisco Freak · ‎02-16-2015

Try editing your config like this:

no access-list 110

access-list 110 deny ip host 10.10.10.40 any

access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.3

access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.6

access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.5

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.40.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 172.31.16.0 0.0.0.255

access-list 110 deny ip host 10.10.10.5 any

access-list 110 permit ip 10.10.10.0 0.0.0.255 any

access-list 105 permit ip host 10.10.10.5 any

route-map VLAN10 permit 1

match ip address 105

set ip next-hop 10.10.101.2

route-map VLAN10 permit 2

match ip address 110

set ip next-hop 10.10.100.1

CF

View solution in original post

Jon Marshall · ‎02-16-2015

If the default gateway you want this server to use is the default route in the routing table then just pit a deny line in your existing PBR acl for that host before the permit line for the other servers.

If it is not the default route then you need another line in your PBR route map.

But it needs to go before the existing one.

Perhaps if you post the existing PBR configuration we can help more.

Jon

marwa.jeljli1 · ‎02-16-2015

i explain the situation:

What i have as a confioguration is:

interface Vlan10

ip address 10.10.10.253 255.255.255.0

ip policy route-map VLAN10

!

access-list 110 deny ip host 10.10.10.40 any

access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.3

access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.6

access-list 110 deny ip 10.10.10.0 0.0.0.255 host 10.10.100.5

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.40.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255

access-list 110 deny ip 10.10.10.0 0.0.0.255 172.31.16.0 0.0.0.255

access-list 110 permit ip 10.10.10.0 0.0.0.255 any

route-map VLAN10 permit 1

match ip address 110

set ip next-hop 10.10.100.1

!

My goal is to change this config inorder to add an exception for a specific server having the ip address 10.10.10.5. Packets sent from this server will take a different way . so first i create a new access list that i puted before the access list 110:

access-list 105 permit ip host 10.10.10.5 any

and i configured a new route map as follow:

route-map WAC permit 1

match ip address 105

set ip next-hop 10.10.101.2

!

But this didnt solve the problem and packets from the particular server continue to be routed according to the route map applied to the vlan interface !!!

Thank you for help :)

Cisco Freak · ‎02-16-2015