Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
2
Replies

policy based route-map - will it work

lkadlik
Level 1
Level 1

‎03-14-2013 10:52 AM - edited ‎03-07-2019 12:15 PM

Hi,

I have a cpe with one interface that has 3 sub interfaces off of it for the local lan.  I also have two mpls circuits. Once metro ethernet and one t1. 


When failover happens to the T1 i want to have only the lan traffic destined for other mpls sites go over this connection and internet traffic go to the firewall onsite.

The T1s are part of a multilink.

Can I apply the policy based route map to the multilink?  I am thinking something like the following         


!
interface Multilink1
ip policy route-map Failover
!
route-map Failover permit 10
match ip address 120
set ip next-hop 10.0.0.1
!
route-map Failover permit 20
match ip address 130
set ip next-hop 192.168.2.226


((((The below are the sites accessed over the MPLS T1s))))

access-list 120 permit any 10.77.77.0 0.0.0.255
access-list 120 permit any 192.168.200.0 0.0.0.255
access-list 120 permit any 172.16.1.0 0.0.0.255
access-list 120 permit any 192.168.0.0 0.0.0.255
access-list 120 permit any 192.168.2.0 0.0.0.255
access-list 120 permit any 10.0.0.0 0.0.0.255

access-list 130 permit 0.0.0.0 0.0.0.0


=========================================================================
!
interface Multilink1
ip address 10.0.0.2 255.255.255.252
ppp multilink
ppp multilink group 1
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description LAN
encapsulation dot1Q 1 native
ip address 192.168.1.226 255.255.255.0
!
interface GigabitEthernet0/0.9
encapsulation dot1Q 9
ip address 192.168.2.226 255.255.255.0

!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.77.76.1 255.255.255.0

==================================

Or should I apply the route map to the sub interfaces and change the access list to a standard one?

Or should I just change the access list to a standard one and leave it on the multilink?

Thank you.

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎03-14-2013 11:12 AM

Hi,

you have to apply the route-map to the subinterfaces as this will only work for source IP going inbound the interface.

if you only care about the source and not the destination then you can use a standard ACL but if you also care  about the destination which is your case apparently then you need an extended ACL.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

lkadlik
Level 1
Level 1
In response to cadet alain

‎03-14-2013 11:48 AM

I only want this to work under a fail over condition. Is there any way I can accomplish that?

Ie . I only want it to be applied when the metro connection goes down and the traffic then goes over the T1s?

Ideally I would like it to work without any intervention.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card