03-05-2012 08:26 PM - edited 03-07-2019 05:22 AM
Dear all,
FYI
10.1.18.71 (Firewall A)
10.1.2.1 (Firewal B) (connected through
I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.
Currently set my default static route 0.0.0.0 0.0.0.0 10.1.18.71 to my Firewall A
Currently all of the VLAN for will be routed to 10.1.18.71
I've created a new VLAN 2 for my 10.1.2.0/24 network with the VLAN interface 2 ip address 10.1.2.10, my intention is to route 10.1.2.0/24 traffic to my 10.1.2.1 by creating the access list and route-map.
I've created an access-list & route-map as below.
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
no cdp run
route-map route10traffic permit 10
match ip address 101
set ip next-hop 10.1.2.1
I've configure my test pc with a static ip and my gateway pointing to 10.1.2.10 (VLAN 2 gateway) , i'm not able to route to 10.1.2.1. Any idea ?
Thanks & Regards,
yeewensmc
03-05-2012 09:51 PM
Hello,
Have you tried the below?
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
no cdp run
route-map route10traffic permit 10
match ip address 101
set interface
interface
ip policy route-map route10traffic
Also, the configs which you posted doesn't show anything wrong. It should also work fine. To troubleshoot further, check if the 10.1.2.0/24 exists in the routing table. Could you please post me the show ip route output?
Vivek.
03-11-2012 09:12 PM
Dear Vivek,
I've enter the
set interface gigabitethernet 1/0/6 (interface trunk to my next firewall B)
but when i key in the
interface gigabitethernet 1/0/6
ip policy route-map route10traffic (don't have this command)
I've enter the this instead
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
no cdp run
route-map route10traffic permit 10
match ip address 101
set ip next-hop 10.1.2.1
!
route-map route10trafic permit 10
match ip address 101
set interface GigabitEthernet1/0/6
interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
ip access-group 101 in
Is the ip access-group 101 in command will replace
ip policy route-map route10traffic ?
Here's the output of my coreswitch show ip route
CORE#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.1.18.71 to network 0.0.0.0
S 192.168.4.0/24 [1/0] via 10.1.18.6
10.0.0.0/8 is variably subnetted, 22 subnets, 2 masks
S 10.10.0.0/16 [1/0] via 10.1.18.6
S 10.11.0.0/16 [1/0] via 10.1.18.6
C 10.1.9.0/24 is directly connected, Vlan9
S 10.1.8.0/24 [1/0] via 10.1.18.70
C 10.1.3.0/24 is directly connected, Vlan3
C 10.1.2.0/24 is directly connected, Vlan2
S 10.2.4.0/24 [1/0] via 10.1.18.6
C 10.1.7.0/24 is directly connected, Vlan7
C 10.1.6.0/24 is directly connected, Vlan6
C 10.1.5.0/24 is directly connected, Vlan5
C 10.1.4.0/24 is directly connected, Vlan4
C 10.1.18.0/24 is directly connected, Vlan18
S 10.20.2.0/24 [1/0] via 10.1.18.6
S 10.1.40.0/24 [1/0] via 10.1.18.6
S 10.1.33.0/24 [1/0] via 10.1.18.71
S 10.1.32.0/24 [1/0] via 10.1.18.6
S 10.1.36.0/24 [1/0] via 10.1.18.6
S 10.200.18.0/24 [1/0] via 10.1.18.6
S 10.200.19.0/24 [1/0] via 10.1.18.6
S 10.200.16.0/24 [1/0] via 10.1.18.6
S 10.200.17.0/24 [1/0] via 10.1.18.6
S 10.200.21.0/24 [1/0] via 10.1.18.6
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 10.1.18.71
Thanks Viviek for your reply, i'm looking forward for your reply soon.
03-11-2012 09:50 PM
Dear Yee Wen Low,
Pls try the below:
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
no cdp run
route-map route10traffic permit 10
match ip address 101
set ip next-hop 10.1.2.1
interface vlan 2
ip policy route-map route10traffic
and why do you use trunk link between Switch 3750 and Firewall B?
03-12-2012 12:09 AM
Hi,
interface Vlan51
ip policy route-map Net-access1
route-map Net-access permit 10
match ip address 170
set ip default next-hop 10.28.1.100-
access-list 170 permit ip 10.1.2.0 0.0.0.255 any
Please rate the helpfull posts.
Regards,
Naidu.
03-12-2012 12:50 AM
Dear all,
I've encounter some problem while setting the command below,
interface vlan 2
ip policy route-map route10traffic
It prompt out
CORE(config-if)#
000252: *Aug 30 05:01:16.189 MYT: %PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing
I've google it and found out that there something to do with the SDM template
May i know would if be any problem if i change my SDM template from default to sdm prefer routing ? Since it didn't shutdown for almost 25 weeks = 175days
CORE(Config)# sdm prefer routing
03-12-2012 01:18 AM
Hi,
you'll have to reload in order to take effect.
Regards.
Alain
03-12-2012 12:59 AM
Dear mr Anh
The trunk link is because the firewall B is located @ another location which is passing throught a switch. My switch is a 3750 12 fiber port switch. The interface 6 is the trunk link to my switch where my firewall B is located.
Thanks & regards,
yeewensmc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide