cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
792
Views
8
Helpful
2
Replies

Source based Routing PBR

Sandip Barot
Level 1
Level 1

Hi,

Refer to the attach diagram, we have a cisco 3750 switch attached to 2 routers. These 2 routers are connected to 2 WAN links from different ISPs

Here, i would like to route traffic from certain IP addresses in 192.168.1.x LAN through router connected to ISP1 and others through default route (ISP2).

Following is the config :

==================================================================

interface FastEthernet1/0/1   --> this is interface connected to router (which connects to ISP1)

switchport access vlan 10  

interface FastEthernet1/0/2  -->    this is interface connected to router (which connects to ISP2)

switchport access vlan 20 

interface FastEthernet1/0/6

switchport access vlan 50     --> this is connected to host on 192.168.1.x LAN

interface FastEthernet1/0/7  -->  this is connected to host on 192.168.1.x LAN

switchport access vlan 50 

interface FastEthernet1/0/8   -->  this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface FastEthernet1/0/9 -->  this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface FastEthernet1/0/10  -->  this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface Vlan10

ip address 10.10.6.254 255.255.255.0

interface Vlan20

ip address 10.10.4.254 255.255.255.0

interface Vlan50

ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.10.4.1

route-map PBR permit 10

match ip address 101

set ip next-hop 10.10.6.1

access-list 101 permit ip host 192.168.1.10 any

access-list 101 permit ip host 192.168.1.50 any

Now,,,,,,,question is :

Where should above policy to be applied ? vlan10/vlan 50 or  Fa1/0/1 ?

i.e.

int vlan 10

ip policy route-map PBR

OR

int vlan 50

ip policy route-map PBR

Also, if i apply it to vlan 50 interface, then what will happen to the traffic from hosts not in above access list (i.e. 192.168.1.20, 192.168.1.30, 192.168.1.60 etc...) will it take default route by default from routing table...?

Is there any other command needs to be put in order to make above source based routing working.?

thanks

Sandip



2 Replies 2

Abzal
Level 7
Level 7

Hi,

First you'll need to have on 3750 IP Services image. And SDM Template should be "routing".

https://supportforums.cisco.com/community/netpro/network-infrastructure/routing/blog/2011/03/31/pbr-on-switches-37503560

> Where should above policy to be applied ? vlan10/vlan 50 or  Fa1/0/1 ?

Then you need to apply PBR on interface (logical/physical) that connected to subnet want to policy route. And router that connected to ISP1 must be aware of the subnet 192.168.1.0/24 to forward packets back.

int vlan 50

ip policy route-map PBR

> if i apply it to vlan 50 interface, then what will happen to the  traffic from hosts not in above access list (i.e. 192.168.1.20,  192.168.1.30, 192.168.1.60 etc...) will it take default route by default  from routing table...?

Yes, correct. Traffic (that goes outside of LAN) that will not match in PBR ACL will be forwarded according routing table (default route).

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Hi,

Hope so u fine and in good health.

You can do in in Sample Way.

First Create Access List IPs you want to them route to other ISP.

ip access-list extended ACL-ISP1

First of all Deny 1.x to other Subnet So You inter vlan routing should go on

deny ip 192.168.1.0 0.0.0.255 10.10.6.0 0.0.0.255

deny ip 192.168.1.0 0.0.0.255 10.10.4.0 0.0.0.255

Now Allow IPs you want to route to other ISP

permit ip host 192.168.1.x any

permit ip host 192.168.1.x any

Now Create Router MAP

Router-map RM-ISP1 permit 10

match ip address ACL-ISP1

SET ip next hop (Next Hope IP Address Towads which Internet Traffice will be Routed)

int vlan 50

ip policy route-map RM-ISP1

*** Do Rate Helpful Posts***

Jawad