Route VLAN internet traffic through a specific WAN Interface

Cameron McKay · ‎02-19-2011

I have a 2851 router acting as our Vlan router. There is a default route pointing to Gi0/0 which is our primary internet gateway. We recently installed a second satellite based internet link and I need to route internet traffic from a specific VLAN out this interface and to the internet instead of the default route.

Can anyone point me in the right direction in terms of a simple config. I've tried simply adding an IP route with the next hop being the satellite modem gateway, but it's not working.

The 2851 is the default router for the Vlan in question, and has an interface of Gi0/1.32

Any help would be appreciated.

Thanks.

jonathanaxford · ‎02-19-2011

Hi Cameron,

It sounds like Policy Routing may help you here - I don't have a huge amount of experience with it myself but the following doco may help:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

Many thanks

Jonathan

Kishore Chennupati · ‎02-19-2011

Hi Cameron,

Lets assume that your vlan has the following ip range 203.12.70.0/24.

So, the config would be as follows on your 2851 router.

access-list 110 permit ip 203.12.70.0 0.0.0.255 any log

route-map SELECT-203 permit 10

match ip address 110

set next-hop

route-map SELECT-203 permit 20

int gi0/1

ip policy route-map SELECT-203

HTH,

Regards,

Please rate if helpful

Cameron McKay · ‎02-19-2011

Thanks Kishore,

I entered the commands as described and still cannot route traffic from my two VLAN's. attached is the config (external IP's / PW's removed).. is there anything that you (or anyone) can see that would prevent routing traffic from 10.17.1.0 and 10.16.1.0 out to 80.92.49.162 ?

IAN WHITMORE · ‎02-19-2011

Hi Cameron,

Your attachment still isn't available (queued) so I can't see the config. Did you apply the policy to the g0/1 interface or the g0/1.32 subinterface? It should go on the subinterface.

Regards,

Ian

Kishore Chennupati · ‎02-19-2011

Hi Cameron,

My bad..typo. It should go on the respective subinterface. Also, your attachment is queued. Cant see it.

HTH

Regards,

Please rate if helpful.

Cameron McKay · ‎02-19-2011

Hmm.. even applied to the sub interface it's not routing...

Any ideas based on the attached config ? (fixed)

IAN WHITMORE · ‎02-20-2011

In the route map instead of ip next-hop, try the set interface f0/0/0 command instead, and let me know what happens.

Otherwise it might be an idea to do a debug ip packet and term mon to capture some debug data. The access-list should be one to limit traffic you want to see and to avoid putting the CPU at 100%

Regards,

Ian

Cameron McKay · ‎02-20-2011

The router won't accept the command. I'm receiving a : Warning: Use P2P interface for routemap setinterface clause error ?

IAN WHITMORE · ‎02-20-2011

It's because it's an ethernet link...otherwise it should accept it.

Can you do a #sh ip route

and post the results here. 'Cos it should work with the setup you got. Can you even ping the next hop address that you are trying to reach?

IAN WHITMORE · ‎02-20-2011

Also, you are natting on these interfaces. ~~Does the traffic know the route back from the other side? Maybe you are sending data but it down't know how to come back to natted address?~~

Sorry talking rubbish here.

Let me think....

Do you see the translations when you do a #sh ip nat trans ?

Can you successfully ping the next hop?

IAN WHITMORE · ‎02-21-2011

In your config you have this:

ip nat inside source route-map nonat interface GigabitEthernet0/0 overload

but you a re missing a statement for the outside nat on the f0/0/0 interface.

So it looks like a NAT problem.

access-list 110 permit ip 10.16.1.0 255.255.255.0 any

ip nat inside source list 110 interface fastethernet0/0/0 overload

That should do the trick.

Regards,

Ian