ā12-18-2013 12:39 PM - edited ā03-07-2019 05:09 PM
Hello,
I have 2 ISP connections on the Cisco router 29121 i.e. Leased Line and PPPoe and single LAN subnet
I want to use PBR.
I want to allow ip traffic destined for 1.1.1.1,2.2.2.2,3.3.3.3 ( Fictitious IP) to go through Lease Line
and all other traffic through PPPoe
Please help me to achieve this.
Thanks in advance.
Solved! Go to Solution.
ā12-18-2013 11:13 PM
Hi,
here's an example
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3
access-list 100 permit ip 192.165.5.0 0.0.0.255 any
route-map PBR permit 10
match ip address 101
set ip next-hop x.x.x.x where x.x.x.x is leased line next-hop
int f0/0
description LAN interface
ip policy route-map PBR
ip nat inside
int dialer 1
desc pppoe
ip nat outside
int f0/1
desc leased line
ip nat outside
route-map NAT-leased p 10
match ip address 101
match interface f0/1
route-map NAT-pppoe p 10
match ip address 100
match interface dialer1
ip nat inside source route-map NAT-leased interface f0/1
ip nat inside source route-map NAT-pppoe interface dialer1
ip route 0.0.0.0 0.0.0.0 dialer1
ip route 0.0.0.0 0.0.0.0 x.x.x.x where x.x.x.x is leased line next-hop
Regards
Alain
Don't forget to rate helpful posts.
ā12-18-2013 12:44 PM
LAN subnet 192.168.5.0/24
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3
route-map PBR permit 10
match ip address 101
set ip next-hop x.x.x.x <-- where x.x.x.x is the IP address of the next hop router via the lease line
int fa0/0 <-- this connects to your LAN subnet
ip policy route-map PBR
You should also have a default route on your router pointing to the PPPoE connection.
Jon
ā12-18-2013 12:47 PM
Thanks for a very quick response
How about the NAT setup ?
ā12-18-2013 12:52 PM
You didn't ask about NAT
What do you want do with NAT ? Do you want to NAT to the interface the traffic goes out on ?
Jon
ā12-18-2013 12:56 PM
Sorry for that
Yes.
I want to NAT the traffic for 1.1.1.1,2.2.2.2,3.3.3.3 to Leased Line WAN interface
and other traffic to PPPoe WAN interface.
Thanks
ā12-18-2013 01:20 PM
What about failover ie. if the leased line goes down do you then want all traffic via PPoE line and vice versa ?
Jon
ā12-18-2013 01:23 PM
HI,
Yes for sure.
Sorry for all the missing information in my question.
ā12-18-2013 01:32 PM
Okay, have a look at this document. It is for PBR/NAT plus failover. It sends all traffic out of one link but you can modify it to meet your requirements -
https://supportforums.cisco.com/docs/DOC-8313
Jon
ā12-18-2013 01:52 PM
I have followed that article before but couldn't succeed. Please can help with the configuration without failover So I can start step by step.
Thanks
ā12-18-2013 02:15 PM
Does you router support IP SLA ie. if you do -
router(config)# ip sla ?
what happens ?
Jon
ā12-18-2013 09:46 PM
Here you go.
However, failover is not that important for me now. I just want to setup the router with PBR and NAT.
Router(config)#ip sla ?
<1-2147483647> Entry Number
auto IP SLAs Auto Configuration
enable Enable IPSLA features
endpoint-list Endpoint list configuration
ethernet-monitor IP SLAs Auto Ethernet Configuration
group Group Configuration or Group Scheduling
key-chain Use MD5 Authentication for IP SLAs Control Messages
logging Enable Syslog
low-memory Configure Low Water Memory Mark
reaction-configuration IP SLAs Reaction-Configuration
reaction-trigger IP SLAs Trigger Assignment
reset IP SLAs Reset
responder Enable IP SLAs Responder
restart Restart An Active Entry
schedule Entry Scheduling
server IPPM server configuration
Thanks for your help
ā12-18-2013 11:13 PM
Hi,
here's an example
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2
access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3
access-list 100 permit ip 192.165.5.0 0.0.0.255 any
route-map PBR permit 10
match ip address 101
set ip next-hop x.x.x.x where x.x.x.x is leased line next-hop
int f0/0
description LAN interface
ip policy route-map PBR
ip nat inside
int dialer 1
desc pppoe
ip nat outside
int f0/1
desc leased line
ip nat outside
route-map NAT-leased p 10
match ip address 101
match interface f0/1
route-map NAT-pppoe p 10
match ip address 100
match interface dialer1
ip nat inside source route-map NAT-leased interface f0/1
ip nat inside source route-map NAT-pppoe interface dialer1
ip route 0.0.0.0 0.0.0.0 dialer1
ip route 0.0.0.0 0.0.0.0 x.x.x.x where x.x.x.x is leased line next-hop
Regards
Alain
Don't forget to rate helpful posts.
ā12-19-2013 01:09 AM
Thanks.
I am failover looking in this manner
If ISP 1 goes down, the client should be directed to ISP2
However, ISP2 goes down, client should NOT BE directed to ISP1
ā12-19-2013 01:10 AM
Now i'll give a try with your configuration.
ā12-19-2013 01:49 AM
I've configured the router :
Its not working as expected. I can ping from router but unable to browse from the client ( both ISP connection)
Here is the config
interface GigabitEthernet0/0
description << Leased Line >>
ip address 100.100.100.101 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description << PPPoe >>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/2
ip address 10.1.50.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in max-reassemblies 512
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname XXXXXXXXXXXXXX
ppp chap password 0 9860
ppp pap sent-username XXXXXXXXXXXXXXXXXX password 0 9860
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map leased interface GigabitEthernet0/0 overload
ip nat inside source route-map pppoe interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 100.100.100.102
!
access-list 100 permit ip 10.1.50.1 0.0.0.255 any
access-list 101 permit ip 10.1.50.0 0.0.0.255 host 2.2.2.2 ( Fictitious IP)
!
route-map leased permit 10
match ip address 101
match interface GigabitEthernet0/0
!
route-map pppoe permit 10
match ip address 100
match interface Dialer0
!
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide