Source based Routing PBR

Sandip Barot · ‎03-17-2013

Hi,

Refer to the attach diagram, we have a cisco 3750 switch attached to 2 routers. These 2 routers are connected to 2 WAN links from different ISPs

Here, i would like to route traffic from certain IP addresses in 192.168.1.x LAN through router connected to ISP1 and others through default route (ISP2).

Following is the config :

==================================================================

interface FastEthernet1/0/1 --> this is interface connected to router (which connects to ISP1)

switchport access vlan 10

interface FastEthernet1/0/2 --> this is interface connected to router (which connects to ISP2)

switchport access vlan 20

interface FastEthernet1/0/6

switchport access vlan 50 --> this is connected to host on 192.168.1.x LAN

interface FastEthernet1/0/7 --> this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface FastEthernet1/0/8 --> this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface FastEthernet1/0/9 --> this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface FastEthernet1/0/10 --> this is connected to host on 192.168.1.x LAN

switchport access vlan 50

interface Vlan10

ip address 10.10.6.254 255.255.255.0

interface Vlan20

ip address 10.10.4.254 255.255.255.0

interface Vlan50

ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.10.4.1

route-map PBR permit 10

match ip address 101

set ip next-hop 10.10.6.1

access-list 101 permit ip host 192.168.1.10 any

access-list 101 permit ip host 192.168.1.50 any

Now,,,,,,,question is :

Where should above policy to be applied ? vlan10/vlan 50 or Fa1/0/1 ?

i.e.

int vlan 10

ip policy route-map PBR

OR

int vlan 50

ip policy route-map PBR

Also, if i apply it to vlan 50 interface, then what will happen to the traffic from hosts not in above access list (i.e. 192.168.1.20, 192.168.1.30, 192.168.1.60 etc...) will it take default route by default from routing table...?

Is there any other command needs to be put in order to make above source based routing working.?

thanks

Sandip

Abzal · ‎03-17-2013

Hi,

First you'll need to have on 3750 IP Services image. And SDM Template should be "routing".

https://supportforums.cisco.com/community/netpro/network-infrastructure/routing/blog/2011/03/31/pbr-on-switches-37503560

> Where should above policy to be applied ? vlan10/vlan 50 or Fa1/0/1 ?

Then you need to apply PBR on interface (logical/physical) that connected to subnet want to policy route. And router that connected to ISP1 must be aware of the subnet 192.168.1.0/24 to forward packets back.

int vlan 50

ip policy route-map PBR

> if i apply it to vlan 50 interface, then what will happen to the traffic from hosts not in above access list (i.e. 192.168.1.20, 192.168.1.30, 192.168.1.60 etc...) will it take default route by default from routing table...?

Yes, correct. Traffic (that goes outside of LAN) that will not match in PBR ACL will be forwarded according routing table (default route).

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

jawad-mukhtar · ‎03-18-2013

Hi,

Hope so u fine and in good health.

You can do in in Sample Way.

First Create Access List IPs you want to them route to other ISP.

ip access-list extended ACL-ISP1

First of all Deny 1.x to other Subnet So You inter vlan routing should go on

deny ip 192.168.1.0 0.0.0.255 10.10.6.0 0.0.0.255

deny ip 192.168.1.0 0.0.0.255 10.10.4.0 0.0.0.255

Now Allow IPs you want to route to other ISP

permit ip host 192.168.1.x any

Now Create Router MAP

Router-map RM-ISP1 permit 10

match ip address ACL-ISP1

SET ip next hop (Next Hope IP Address Towads which Internet Traffice will be Routed)

int vlan 50

ip policy route-map RM-ISP1

*** Do Rate Helpful Posts***

Jawad