03-16-2022 04:38 PM
I have a 3850 with several VLANs and two Internet gateways. The switch has a static route for it's default gw and I need 1 of the VLANs to route to a different gw. I used the config below and it seems like "default next-hop" is working like if it was "next-hop" because when I add it the default route works but I lose connectivity to all other subnets in the switch's routing table. I tested by adding a deny for one of my internal networks and it the subject VLAN works to that internal subnet.
I have seen posts with similar issues and recommendations were to use "match interface" but that is not available on my platform. I saw another suggestion to use tracking but I don't see why I would need to track for this to work. Any ideas? TIA
ip access-list extended RouteMap1
permit ip 10.3.3.0 0.0.0.255 any
deny ip any any
!
route-map RouteMap1 permit 10
match ip address RouteMap1
set ip default next-hop 10.4.4.254
!
interface Vlan300
description alt gateway VLAN
ip address 10.3.3.1 255.255.255.0
!
interface Vlan400
desc where gateways live
ip address 10.4.4.1 255.255.255.0
18:58:41.681: IP: route map RouteMap1, item 10, permit
16 18:58:41.681: IP: s=10.3.3.10 (Vlan300), d=10.3.3.255, len 229, policy rejected -- normal forwarding
16 18:58:45.307: IP: s=10.3.3.24 (Vlan300), d=10.5.5.255, len 229, policy match
16 18:58:45.308: IP: route map RouteMap1, item 10, permit
16 18:58:45.308: IP: s=10.3.3.24 (Vlan300), d=10.5.5.255, len 229, policy rejected -- normal forwarding
16 18:58:46.980: IP: s=10.3.3.23 (Vlan300), d=10.3.3.255, len 229, policy match
16 18:58:46.980: IP: route map RouteMap1, item 10, permit
Solved! Go to Solution.
03-16-2022 05:19 PM
03-16-2022 05:19 PM
03-16-2022 07:44 PM
If set default next-hop is not supported do I have any other options?
Probably doesn't help that I am running 3.06.06E
03-17-2022 03:40 AM
Hi friend,
we can try the following
add two line in route-map
first one is use next-hop that appear in routing table with availability option if it failed then the route-map<-same as default behavior
use the second set next-hop
03-17-2022 05:54 AM
Unfortunately that will not work for me because I am not looking for failover, I need to route to both gateways simultaneously. I appreciate your help sir!
Thanks
03-16-2022 05:22 PM
what is the version of IOS Code running on this Cisco 3850 switch ( we need to bear in mind this is a switch not full fledge router)
where is your policy map applied, not seen the config posted or i ignore it?
03-16-2022 08:36 PM
Hello
FYI - you need to set the PBR statement to = set ip next-hop x.x.x.x
Set ip default next-hop x.x.x.x -works ONLY when there is no alternative default- route existing in the route table
Set ip next-hop x.x.x.x = works implicitly irrespective of a current default route existing in the route table
06-15-2023 05:07 PM
The accepted solution, is not a solution, typical, this is what we did with our 3850 03.07.05E, to add a separate default gateway, I used your info for the example.
ip access-list 100 deny 10.3.3.0 0.0.0.255 10.0.0.0 0.255.255.255
ip access-list 100 permit 10.3.3.0 0.0.0.255 any
route-map PBR permit 100
match ip address 100
set ip next-hop 10.4.4.254
interface Vlan300
ip policy route-map PBR
ip address 10.3.3.1 255.255.255.0
First ACL just blocks the Policy based route from being applied when you are accessing the rest of your network, you can adjust the wildcard or add other VLANs, I made the assumption you are working with 10.x.x.x internally, you can add multiple deny ACLs if you have other networks. Second ACL picks up the subnet you want sent to a different gateway as long as it isn't destine internally/ previously blocked from policy. The ACLs are in the 100 range to make them extended, the "PBR" (Policy Based Route) is just a word you could insert "RouteMap1" in its place. We have a similar setup and multiple gateways without issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide