01-27-2012 05:38 AM - edited 03-07-2019 04:35 AM
Dear All,
i'm already has one internet connection is conecting directily to the Core Switch 6509,Vlan 500 (1921.168.1.0) and the Switch is route any internet request with default route:
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.170.10.10
10.170.10.10 is --> Next hop for the DSL router internal IP, and it's working fine.
The Problem:
==========
We have a new internet connection with new Vlan 600 (172.16.1.0) another ISP/ with another DSL router, so i need your kindly support and suggest how to connect both of them to exit from the Core Switch 6509.
is it ok if i make another default route to the Next hop to the new DSL router as:
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.80.10.10
10.80.10.10 is --> Next hop for the new DSL router internal IP.
is there any way like deafault route , route-map or any other features to :
route Vlan 500 (192.168.1.0) to exit from DSL 1 --> 10.170.10.10
route Vlan 600 (172.16.1.0) to exit from DSL 2 --> 10.80.10.10
Solved! Go to Solution.
01-27-2012 06:05 AM
To answer your question
is it ok if i make another default route to the Next hop to the new DSL router as:
>>it depends whether you would like to do load balancing over 2 links or want to configure fail over.If load balancing then you can add the second route as you mentioned and modify the NAT staments with route-map which will match the exit interface and based on that will perform NAT.
For you second question:You are talking about policy based routing or in other words source based routing.
Following config should work for you
ip route 0.0.0.0 0.0.0.0 10.170.10.10
Route-map ISP2
match ip address 110
set ip next-hop 10.80.10.10
ip access-list ext 110
permit ip 172.16.1.0 0.0.0.255 any
int vlan 600
ip policy route-map ISP2
so with this config any traffic hitting interface vlan 600 and sourced from 172.16.1.0/24 subnet will hit the route-map and will get policy routed.Any other traffic which is not matching ACL will go through normal routing information base.
Side note:you need t make sure that 10.80.10.10 ip is directly connected and pingable,if it is not directly connected an device has to perform RIB lookup to reach this ip , then you need to use "recursive"
keyword in the set ip next hop command
HTH
---
Posted by WebUser Mukti Chandwani
01-27-2012 05:49 AM
Well, I see you have two internal VLANs, 500 and 600. Both of these internal vlans connect to the Core Switch. Were both of these ISP links, bought to provide redundancy? What are the speeds of each DSL link? You can setup redundancy between these two internet links incase one of them fails. How are you doing your NAT'ng and do you have any public servers offered, such as web sites, ftp sites, etc etc?
Another thing you could do is setup a route map on each vlan interface. With an access-list of anything other than local set with a next hop of this ip.
01-27-2012 06:05 AM
To answer your question
is it ok if i make another default route to the Next hop to the new DSL router as:
>>it depends whether you would like to do load balancing over 2 links or want to configure fail over.If load balancing then you can add the second route as you mentioned and modify the NAT staments with route-map which will match the exit interface and based on that will perform NAT.
For you second question:You are talking about policy based routing or in other words source based routing.
Following config should work for you
ip route 0.0.0.0 0.0.0.0 10.170.10.10
Route-map ISP2
match ip address 110
set ip next-hop 10.80.10.10
ip access-list ext 110
permit ip 172.16.1.0 0.0.0.255 any
int vlan 600
ip policy route-map ISP2
so with this config any traffic hitting interface vlan 600 and sourced from 172.16.1.0/24 subnet will hit the route-map and will get policy routed.Any other traffic which is not matching ACL will go through normal routing information base.
Side note:you need t make sure that 10.80.10.10 ip is directly connected and pingable,if it is not directly connected an device has to perform RIB lookup to reach this ip , then you need to use "recursive"
keyword in the set ip next hop command
HTH
---
Posted by WebUser Mukti Chandwani
01-27-2012 06:21 AM
ip access-list extended 110
permit ip 172.16.1.0 0.0.0.255 any
route-map ISP2 permit 10
match ip address 110
set ip next-hop 10.80.10.10
int vlan 600
ip policy route-map ISP2
That configuration should work fine, but if you want clients on 172.16.1.0/24 to access anything on 192.168.1.0/24
you may run into some problems. If 172.16.1.0/24 wants to access for instance 192.168.1.50, it will go to its default
gateway which is the vlan 600 interface. With the ISP2 route-map applied, it will match ALL traffic that 172.16.1.0/24
sends out which will also match traffic from 172.16.1.0/24 to 192.168.1.50. So traffic going from 172.16.1.0/24 to 192.168.1.50 will go to 10.80.10.10, if there is no route to the 192.168.1.0/24 network you could run into some problems.
Just something to think about.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide