Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
2
Replies

Policy-Based Routing - Cisco 1811

Go to solution
OSJF2009SDL
Level 1
Level 1

‎11-02-2010 07:19 AM - edited ‎03-06-2019 01:50 PM

Hi,

I have two Cisco 1811 routers, each router has a WAN connection and at least one local subnet connected.

Router #A

IF_WAN          IP_ISP_A

IF_VLAN01     10.10.10.1

IF_VLAN02     10.10.11.1

IF_VLAN03     192.168.7.252

Router #B

IF_WAN         IP_ISP_B

IF_VLAN04     192.168.7.254

I need to re-route traffic from IF_VLAN02 to use IP_ISP_B to connect to the internet.


I created an ACL

ip access-list extended reroutetest
permit ip 10.10.11.0 0.0.0.255 any


A route-map

route-map reroutetest permit 10
 match ip address reroutetest
 set ip next-hop 192.168.7.254


and assigned the route-map to IF_VLAN02

interface vlan 108
ip policy route-map reroutetest


On router #B i created a static route and added a NAT rule so that the packets find their way back to router #A

From a client on the subnet I need to re-route (IF_VLAN02) I run a tracert to google DNS server.

Tracing route to 8.8.8.8 over a maximum of 30 hops
1     7ms     3ms     <1ms     10.10.11.1
2     1ms     <1ms    <1ms     192.168.7.254
3     *       *       *        *
4     25ms    25ms    25ms     8.8.8.8

So it seems to work fine. However, at this point I cannot connect from IF_VLAN02 to IF_VLAN01 anymore.

How can I reroute IF_VLAN02 traffic without loosing connectivity to IF_VLAN01?

router #a config is attached to this post Any help would be greatly appreciated!

regards

Sebastian

Labels:
74564-hydra01.config.log.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-02-2010 08:14 AM

Hello Sebastian,

you need a line to deny = do not apply PBR for inter vlan routing

something like:

ip access-list extended reroutetest
deny ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.10.11.0 0.0.0.255 any

traffic denied will be routed normally that is what you want to do

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-02-2010 08:14 AM

Hello Sebastian,

you need a line to deny = do not apply PBR for inter vlan routing

something like:

ip access-list extended reroutetest
deny ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.10.11.0 0.0.0.255 any

traffic denied will be routed normally that is what you want to do

Hope to help

Giuseppe

0 Helpful

Go to solution
OSJF2009SDL
Level 1
Level 1
In response to Giuseppe Larosa

‎11-02-2010 08:35 AM

Hello giuslar,

I tried that before but there must have been a typo somewhere. It works fine now!


Thank You!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card