Routing to two ISP's with one L3 switch - using route-maps

roliveira11 · ‎11-19-2019

Hello Cisco Community! I have a 3750 acting as WAN switch connected to CrownCastle and MetTel

I was able to get the routing up for the CrownCastle side as that circuit was available/installed first..so the default route that's configured routes to Crown currently.... now that MetTel has been installed, I'd like to carve out a few ports on the 3750 for MetTel and route it's respective public LAN IP's out to MetTel.

vlan 222 - MetTel LAN

vlan 444 - MetTel WAN

Is it possible to configure a routemap for just the 2nd ISP to be used? What am I missing? I configured an ACL, a route map, and applied the route-map to the vlan interface. I must be missing something silly! Please help! Thank you!

Configuration is below!:

interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 333
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 333
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 333
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 333
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 333
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 333
spanning-tree portfast
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
switchport access vlan 50
!
interface GigabitEthernet1/0/11
switchport access vlan 50
!
interface GigabitEthernet1/0/12
switchport access vlan 50
!
interface GigabitEthernet1/0/13
switchport access vlan 222
!
interface GigabitEthernet1/0/14
switchport access vlan 444
!
interface GigabitEthernet1/0/15
switchport access vlan 444
!
interface GigabitEthernet1/0/16
switchport access vlan 444
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
switchport access vlan 222
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
description ToCrownModem
switchport access vlan 777
!
interface GigabitEthernet1/1/1
switchport access vlan 444
speed nonegotiate
!
interface GigabitEthernet1/1/2
switchport access vlan 444
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
switchport access vlan 444
switchport mode access
speed nonegotiate
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan50
description AryakaTransitVLAN
no ip address
!
interface Vlan222
description MetTelLAN
ip address x.x.x.123 255.255.255.248
!
interface Vlan333
description CrownCastleLAN
ip address x.x.x.33 255.255.255.240
!
interface Vlan444
description MetTelWAN
ip address x.x.x.30 255.255.255.252
!
interface Vlan777
description CrownCastleWAN
ip address x.x.x.146 255.255.255.252
!
!
ip route 0.0.0.0 0.0.0.0 x.x.x.145
!
access-list 110 permit ip 1.1.1.0 0.0.0.255 any
!
route-map To-MetTelWAN permit 10
match ip address 110
set ip next-hop 1.1.1.29

roliveira11 · ‎11-19-2019

HaemoWANswitch#show route-map To-MetTelWAN
route-map To-MetTelWAN, permit, sequence 10
Match clauses:
ip address (access-lists): 110
Set clauses:
ip next-hop x.x.x.29
Policy routing matches: 0 packets, 0 bytes
HaemoWANswitch#

Reza Sharifi · ‎11-19-2019

Hi,

You shouldn't need any route-map.

Configure a default route toward CrownCastle which you already have (ip route 0.0.0.0 0.0.0.0 x.x.x.145)

Now, configure a second default route toward MetTel (ip route 0.0.0.0 0.0.0.0 x.x.x.29)

This will load balance traffic between the 2 ISPs for you. If you want CrownCastle to be the primary and MetTel to be the backup provider you can configure MetTel with a higher AD (100).

ip route 0.0.0.0 0.0.0.0 x.x.x.145

ip route 0.0.0.0 0.0.0.0 x.x.x.29 100

HTH

roliveira11 · ‎11-19-2019

Thank you for the reply Reza!! I do not want to load balance over the two ISP. I would like to route CrownLAN traffic over the CrownWAN link...

and MetTelLAN traffic over the MetTelWAN link.

I should use a route-map for this scenario, right?

thanks again! I really appreciate the help!

Reza Sharifi · ‎11-19-2019

Ok, than in that case you need route-maps.

HTH

roliveira11 · ‎11-19-2019

thanks for confirming Reza! Do you happen to see where my configuration is off for configuring route map for MetTel?? I configured the ACL, the route-map(matching the IP of ACL), and applying the route-map policy to the vlan interface that is vlan 222 (MetTelLAN) with a next hop of MetTelWAN

What am i missing??

Reza Sharifi · ‎11-19-2019

I don't see anything on interface vlan 222.

can you confirm?

HTH

roliveira11 · ‎11-19-2019

Hi Reza.. very good point. I look at the vlan interface and dont see the policy route map applied but when I try to apply it to the vlan interface, it accepts the command output.. but still does not show the ip policy route-map statement.. weird????

HaemoWANswitch#sh run int vlan 222
Building configuration...

Current configuration : 88 bytes
!
interface Vlan222
description MetTelLAN
ip address x.x.x.123 255.255.255.248
end

HaemoWANswitch#
HaemoWANswitch#
HaemoWANswitch#
HaemoWANswitch#
HaemoWANswitch#
HaemoWANswitch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HaemoWANswitch(config)#int vlan 222
HaemoWANswitch(config-if)#ip policy route-map To-MetTelWAN
HaemoWANswitch(config-if)#
HaemoWANswitch(config-if)#
HaemoWANswitch(config-if)#
HaemoWANswitch(config-if)#exi
HaemoWANswitch(config)#do sh run int vlan 222
Building configuration...

Current configuration : 88 bytes
!
interface Vlan222
description MetTelLAN
ip address x.x.x.123 255.255.255.248
end

HaemoWANswitch(config)#

Reza Sharifi · ‎11-19-2019

Ok, is this just a regular 3750 or 3750G, 3750x, etc..?

Can you post "sh ver"?

Just wanting to make sure your image support route-maps.

roliveira11 · ‎11-19-2019

HaemoWANswitch#sh ver
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 01-Dec-15 06:19 by prod_rel_team

ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)

HaemoWANswitch uptime is 2 weeks, 4 days, 4 hours, 57 minutes
System returned to ROM by power-on
System image file is "flash:/c3750e-universalk9-mz.150-2.SE9.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: ipservices
License Type: Permanent
Next reload license Level: ipservices

cisco WS-C3750X-24 (PowerPC405) processor (revision A0) with 262144K bytes of memory.
Processor board ID FDO1621V1NR
Last reset from power-on
6 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : D8:67:D9:90:9A:80
Motherboard assembly number : 73-12530-05
Motherboard serial number : FDO16210T6N
Model revision number : A0
Motherboard revision number : C0
Model number : WS-C3750X-24T-S
Daughterboard assembly number : 800-32727-01
Daughterboard serial number : FDO16211G8B
System serial number : FDO1621V1NR
Top Assembly Part Number : 800-31327-02
Top Assembly Revision Number : E0
Version ID : V02
CLEI Code Number : COMJV00ARB
Hardware Board Revision Number : 0x03

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3750X-24 15.0(2)SE9 C3750E-UNIVERSALK9-M

Configuration register is 0xF

HaemoWANswitch#

roliveira11 · ‎11-19-2019

Got the show SDM Prefer output--- desktop default template?!?!

HaemoWANswitch#show sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv6 multicast groups: 64
number of IPv6 unicast routes: 106
number of directly-connected IPv6 addresses: 74
number of indirect IPv6 unicast routes: 32
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 0.875k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0
number of IPv6 security aces: 60

HaemoWANswitch#

Georg Pauwen · ‎11-19-2019

Hello,

in your access-list 110, you are permitting 1.1.1.0/24, so that is the traffic you want to go to MeT Tel WAN. On which interface is that traffic entering your layer 3 switch ? There is no interface on the switch with an IP address that corresponds to 1.1.1.0/24.

Either way, that is the interface where you would have to apply the route map using the command 'ip policy route-map To-MetTelWAN'. On which interface did you configure this ( as I don't see it in the config you have posted) ?

roliveira11 · ‎11-19-2019

Hi Georg! I'm attempting to apply the route-map to the vlan interface of MetTelLAN.. but for some reason the "ip policy route-map ToMetTelWAN" command is being accepted, but the statement is not being applied under the vlan interface

Jaderson Pessoa · ‎11-19-2019

try it

!
route-map To-MetTelWAN permit 10
match ip address 110
set ip default next-hop 1.1.1.29

Jaderson Pessoa
*** Rate All Helpful Responses ***

paul driver · ‎11-19-2019

Hello
First of all you need to apply the route-map to the l3 interface
interface Vlan222
ip policy route-map To-MetTelWAN
Also does the network in the ACL to be policy routed sit behind vlan 222 because it needs to be?

Lastly for PBR to work on a 3750, You may need o change the SDM template.
show sdm prefer

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul