03-17-2013 02:17 AM - edited 03-07-2019 12:17 PM
Hi,
Refer to the attach diagram, we have a cisco 3750 switch attached to 2 routers. These 2 routers are connected to 2 WAN links from different ISPs
Here, i would like to route traffic from certain IP addresses in 192.168.1.x LAN through router connected to ISP1 and others through default route (ISP2).
Following is the config :
==================================================================
interface FastEthernet1/0/1 --> this is interface connected to router (which connects to ISP1)
switchport access vlan 10
interface FastEthernet1/0/2 --> this is interface connected to router (which connects to ISP2)
switchport access vlan 20
interface FastEthernet1/0/6
switchport access vlan 50 --> this is connected to host on 192.168.1.x LAN
interface FastEthernet1/0/7 --> this is connected to host on 192.168.1.x LAN
switchport access vlan 50
interface FastEthernet1/0/8 --> this is connected to host on 192.168.1.x LAN
switchport access vlan 50
interface FastEthernet1/0/9 --> this is connected to host on 192.168.1.x LAN
switchport access vlan 50
interface FastEthernet1/0/10 --> this is connected to host on 192.168.1.x LAN
switchport access vlan 50
interface Vlan10
ip address 10.10.6.254 255.255.255.0
interface Vlan20
ip address 10.10.4.254 255.255.255.0
interface Vlan50
ip address 192.168.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.4.1
route-map PBR permit 10
match ip address 101
set ip next-hop 10.10.6.1
access-list 101 permit ip host 192.168.1.10 any
access-list 101 permit ip host 192.168.1.50 any
Now,,,,,,,question is :
Where should above policy to be applied ? vlan10/vlan 50 or Fa1/0/1 ?
i.e.
int vlan 10
ip policy route-map PBR
OR
int vlan 50
ip policy route-map PBR
Also, if i apply it to vlan 50 interface, then what will happen to the traffic from hosts not in above access list (i.e. 192.168.1.20, 192.168.1.30, 192.168.1.60 etc...) will it take default route by default from routing table...?
Is there any other command needs to be put in order to make above source based routing working.?
thanks
Sandip
03-17-2013 04:04 AM
Hi,
First you'll need to have on 3750 IP Services image. And SDM Template should be "routing".
> Where should above policy to be applied ? vlan10/vlan 50 or Fa1/0/1 ?
Then you need to apply PBR on interface (logical/physical) that connected to subnet want to policy route. And router that connected to ISP1 must be aware of the subnet 192.168.1.0/24 to forward packets back.
int vlan 50
ip policy route-map PBR
> if i apply it to vlan 50 interface, then what will happen to the traffic from hosts not in above access list (i.e. 192.168.1.20, 192.168.1.30, 192.168.1.60 etc...) will it take default route by default from routing table...?
Yes, correct. Traffic (that goes outside of LAN) that will not match in PBR ACL will be forwarded according routing table (default route).
Hope it will help.
Best regards,
Abzal
03-18-2013 12:22 AM
Hi,
Hope so u fine and in good health.
You can do in in Sample Way.
First Create Access List IPs you want to them route to other ISP.
ip access-list extended ACL-ISP1
First of all Deny 1.x to other Subnet So You inter vlan routing should go on
deny ip 192.168.1.0 0.0.0.255 10.10.6.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 10.10.4.0 0.0.0.255
Now Allow IPs you want to route to other ISP
permit ip host 192.168.1.x any
permit ip host 192.168.1.x any
Now Create Router MAP
Router-map RM-ISP1 permit 10
match ip address ACL-ISP1
SET ip next hop (Next Hope IP Address Towads which Internet Traffice will be Routed)
int vlan 50
ip policy route-map RM-ISP1
*** Do Rate Helpful Posts***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide