05-04-2007 03:51 AM - edited 03-05-2019 03:52 PM
Hi all,
Hi have heard about Policy Based Routing, and i dont know if exist a better way to doing what i want.
The main goal, is to choose a diferent destination next hop ip address, from a Wan site router, with 2 diferent networks in their LAN.
I wanna do this in my Wan router, not in client Wan router.
Remote Site:
Lan Subnet: 172.23.55.0 / 24
2nd Lan Subnet: 172.24.55.0 / 24
IP WAN 192.168.156.26 / 30 - RIP - OSPF (ISP)
Central Site:
Default Gateway: 172.20.0.254 / 24
Interface Vlan 1135 - IP WAN 192.168.156.2 / 30 <-> OSPF - ISP - RIP (192.168.156.25 / 30) <-> Remote Site
Interface GigabitEthernet1/0/24 - Trunk 1135, more...
Gateway for source network 172.24.55.0 - 172.20.1.254
Best Regards,
Bruno Petr?nio
05-04-2007 04:00 AM
05-04-2007 04:43 AM
Hi,
I've seen that configuration before, but this Wan Link, is a multi-remote sites one.
Each site will have a secondary Lan Address, and traffic sourced on that networks must have a diferent next hop address, from the the Principal Lan Address Remote Sites.
In my Central Site Router, the routes for remote sites are learned from OPSF, but i have other Vlans in the same interface that i dont want to participate on this PBR.
Should i apply the PBR only in the Vlan1135 ?
Here are an example "show ip route ospf"
...
O E2 172.23.54.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 1 - Lan)
O E2 172.24.54.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 1 - Secundary Lan)
O E2 172.23.62.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 2)
O E2 172.23.61.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 3)
...
Running-Config
****
interface GigabitEthernet1/0/24
description Connected to WAN
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1135,"others"
switchport mode trunk
...
interface Vlan1135
ip address 192.168.156.2 255.255.255.252
ip ospf hello-interval 3
...
router ospf 1135
router-id 192.168.156.2
log-adjacency-changes
redistribute connected metric 1 subnets
redistribute static subnets
network 192.168.156.0 0.0.0.3 area 0
default-information originate
****
If there are any other simple way of doing this, please fill free to comment.
Best Regards,
Petr?nio
05-04-2007 06:20 AM
Hi have reading some documents, and found the folowing sentence regarding PBR:
"Enabling PBR -
To enable PBR, you must create a route map that specifies the match criteria and the resulting action if all of the match clauses are met. Then, you must enable PBR for that route map on a particular interface.
***All packets arriving on the specified interface matching the match clauses will be subject to PBR. ***
"
And the all rest ?
Pass's trough with out any policy?
The reference interface could be a interface VLAN, the example one, 1135 ?
In my case, all that is not matching 172.24.0.0, will passtrought as the policy wasn't exist? saying in other words, is not filtered ?
Tks,
Bruno Petr?nio
05-04-2007 07:10 AM
Bruno,
We appreciate you efforts that your are puuting to make us understand you requirement but its a little complex to understand it correctly.A brief network topology/diagram would help us to understand the exact requirement that you have.
As far as PBR traffic is concerned, If there is a certain type of traffic which doesnot match route map, it will not be policy routed and will passthrough using the normal routing table lookup. It doesnot drop that trraffic.
Do you want that traffic to be dropped? What is the exact requirement here on this front ??
-amit singh
05-04-2007 07:26 AM
Tks Amit,
All, that i want is to destinguish the Source of the packets that is arrinving at my wan interface, (Vlan1135), from remote sites.
Why?
I will need to create a Secondary LAN Addressing in my remote sites, and the people having that 2nd range, will have a different next hop address at my central site.
They should be routed to a different router than the other guys in the same location but in a different remote LAN network.
I'll try to design a scheme for ur understanding.
By the way, i just started the Access-list to match the 2nd LAN Address, and is not matching any packet, when i do a ping sourced in Secondary address Lan.
"access-list 25 permit 172.24.55.0 0.0.0.255 log"
The source's of the packet will change if u have a routing network between the sites ?
Tks,
Petr?nio
05-04-2007 07:33 AM
Sorry again,
I'm trying to put this running fast, and was just configuring the default configuration.
I've just barred when i was trying to config the interface Vlan 1135, "ip policy route-map NAME" command.
It says "%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing", and as i could search, the L3Switch, needs a reload after change the sdm prefer to routing. (It have a desktop default template).
My N?x question is:
As i have another type of routing in here, ip route vrf, ip route and ospf, this will be affecting the other routing processes ?
Many thanks.
Petr?nio
05-04-2007 07:44 AM
Bruno,
You have to enable SDM " routing template " to use the policy based routing. This will not effect the other features that you have enabled for routing. The routing template maximizes system resources for unicast routing.
Please try putting the network diagram and a brief explanation to suggest the design/config gurther.
-amit singh
05-04-2007 08:37 AM
I hope it help's understanding my issue.
Best Regards,
Petr?nio
05-04-2007 08:41 AM
05-04-2007 09:46 AM
Bruno,
I did see your overall topology and the configurations that you want to do. I could see that you have multiple remote sites connected over MPLS WAN and are coming on Vlan1135. Here is what we will do:
1. Configure the " SDM template to routing " on 3750.
2. Reload the switch and it will get the new template config.
3. Configure the policy based routing for all the secondry subnets that you want the traffic to be forwraded to TESTIE router.You can configure a single access-list.
4. Apply the route map to " VLAN 1135" SVI i.e the L3 interface.
I think once we do that, we should be able to policy route the traffic.
HTH,Please rate if it does.
-amit singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide