03-14-2013 10:52 AM - edited 03-07-2019 12:15 PM
Hi,
I have a cpe with one interface that has 3 sub interfaces off of it for the local lan. I also have two mpls circuits. Once metro ethernet and one t1.
When failover happens to the T1 i want to have only the lan traffic destined for other mpls sites go over this connection and internet traffic go to the firewall onsite.
The T1s are part of a multilink.
Can I apply the policy based route map to the multilink? I am thinking something like the following
!
interface Multilink1
ip policy route-map Failover
!
route-map Failover permit 10
match ip address 120
set ip next-hop 10.0.0.1
!
route-map Failover permit 20
match ip address 130
set ip next-hop 192.168.2.226
((((The below are the sites accessed over the MPLS T1s))))
access-list 120 permit any 10.77.77.0 0.0.0.255
access-list 120 permit any 192.168.200.0 0.0.0.255
access-list 120 permit any 172.16.1.0 0.0.0.255
access-list 120 permit any 192.168.0.0 0.0.0.255
access-list 120 permit any 192.168.2.0 0.0.0.255
access-list 120 permit any 10.0.0.0 0.0.0.255
access-list 130 permit 0.0.0.0 0.0.0.0
=========================================================================
!
interface Multilink1
ip address 10.0.0.2 255.255.255.252
ppp multilink
ppp multilink group 1
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description LAN
encapsulation dot1Q 1 native
ip address 192.168.1.226 255.255.255.0
!
interface GigabitEthernet0/0.9
encapsulation dot1Q 9
ip address 192.168.2.226 255.255.255.0
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.77.76.1 255.255.255.0
==================================
Or should I apply the route map to the sub interfaces and change the access list to a standard one?
Or should I just change the access list to a standard one and leave it on the multilink?
Thank you.
03-14-2013 11:12 AM
Hi,
you have to apply the route-map to the subinterfaces as this will only work for source IP going inbound the interface.
if you only care about the source and not the destination then you can use a standard ACL but if you also care about the destination which is your case apparently then you need an extended ACL.
Regards
Alain
Don't forget to rate helpful posts.
03-14-2013 11:48 AM
I only want this to work under a fail over condition. Is there any way I can accomplish that?
Ie . I only want it to be applied when the metro connection goes down and the traffic then goes over the T1s?
Ideally I would like it to work without any intervention.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide