Route traffic by selective tcp port ?

Unanswered Question

Hi All,


Can I route traffic on either a layer 3 device whilst being selective about the destination port ??


I have been asked if I can route all MSN Messenger traffic via another ISP route (rather than blocking it altogether), freeing up valuable bandwidth on our main web link.


I think that the port is 1863 for MSN ? is there a way of doing this ??


Cheers,

Stuart

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Fri, 06/22/2007 - 05:46
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You need to implement Policy Based Routing and apply it at the ingress interface of the L3 device.


Your PBR would look like this:


ip access-list extended MSN

permit tcp any any eq 1863


route-map MSN permit 10

match ip address MSN

set ip next-hop [ISP next hop]



[ingress interface]

interface f0/0

ip policy route-map MSN


Hi EdisonOrtiz,


Many thanks for your reply.


I've tried implementing this onto both a 3750 & 3560 switch but to no avail. I don't seem to be able to input the 'IP POLICY ROUTE-MAP MSN' statement into the desired interface, it just display's unrecognised command. So, I tried implementing it into the VLAN interface which is accepted but then I see no traffic matching the access-list.


I must be doing something silly here ...


Stu

Edison Ortiz Sun, 06/24/2007 - 10:19
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You need to change the SDM in the switch to sdm prefer routing and then reboot.

royalblues Mon, 06/25/2007 - 07:48
User Badges:
  • Green, 3000 points or more

Which image are you running on the switch,

ipbase or IP services?


Can you post sh ver and sh runn


Narayan

Edison Ortiz Mon, 06/25/2007 - 10:10
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The policy-based routing can only be applied on routed interfaces. If you are trying to apply it on a L2 switchport interface, it won't work. You need to apply at the SVI (Switch Virtual Interface) of the respective VLAN.



Actions

This Discussion