VLAN Routing

Unanswered Question
Feb 28th, 2008
User Badges:

I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rickyjohnt Fri, 02/29/2008 - 21:42
User Badges:

This is the sample configuration for PBR


access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface fastethernet 1

ip policy route-map equal-access

!

route-map equal-access permit 10

match ip address 1

set ip default next-hop 6.6.6.6

route-map equal-access permit 20

match ip address 2

set ip default next-hop 7.7.7.7

route-map equal-access permit 30

set default interface null0



From this above sample configuration can you please explain the below mentioned two lines two lines


Please refer my N/W Diagram attached with this mail


interface fastethernet 1

ip policy route-map equal-access




rickyjohnt Fri, 02/29/2008 - 21:44
User Badges:

This is the sample configuration for PBR


access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface fastethernet 1

ip policy route-map equal-access

!

route-map equal-access permit 10

match ip address 1

set ip default next-hop 6.6.6.6

route-map equal-access permit 20

match ip address 2

set ip default next-hop 7.7.7.7

route-map equal-access permit 30

set default interface null0



From this above sample configuration can you please explain the below mentioned two lines two lines


Please refer my N/W Diagram attached with this mail


interface fastethernet 1

ip policy route-map equal-access






royalblues Sat, 03/01/2008 - 00:17
User Badges:
  • Green, 3000 points or more

Ricky,


The configuration tells the router to do PBR i.e to look at the route-map equal-access before making the forwarding decision.


BTW, as per your earlier post you wanted one of the vlans to be sent to the ASA and hence the above command should actually be configured under the VLAN SVI


Narayan

rickyjohnt Sat, 03/01/2008 - 00:36
User Badges:

Can you tell under which VLAN i have to configure that


Please refer the Network diagram and tell

me

royalblues Sat, 03/01/2008 - 00:54
User Badges:
  • Green, 3000 points or more

As per the network diagram, both the ISA and ASA are having the same ip address 10.0.17.1


Also i am not sure which vlans traffic needs to go the ASA from the network diagram

for eg... if you require vlan 5 traffic to go to ASA, then configure it under vlan 5 interface

int vlan 5

ip policy route-map


You also need to make sure that the access-lists are defined properly which are eferenced under the route map


HTH

Narayan


rickyjohnt Sun, 04/13/2008 - 23:15
User Badges:

access-list 105 permit ip x.x.x.x x.x.x.x any


!

interface vlan 4

ip policy route-map test

!

route-map test permit 1


match ip address 105

set ip default next-hop x.x.x.x (ASA Gateway)



I have 5 Vlans in my L3 Switch i want to all 4 vlans traffic to route via my ISA Proxy sever (Proxy Server Connected to 1st ISP) and . I want to route the 5th vlan traffic via my ASA firewall (ASA is connected to 2nd ISP )



I tried this but it is not working



Actions

This Discussion