cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
748
Views
0
Helpful
9
Replies

route-map / next-hop

Gerard Gacusan
Level 1
Level 1

I have an example as shown in the attachment.

Host 192.168.200.1 must route to RTR-1 as primary route and the rest of the traffic will be thru RTR-2. I made this possible already by putting the route-map/next-hop 10.10.1.1 on RTR-1 which is okay.

But if you'll notice, the routes is awkward because host 192.168.200.1 will route to RTR-2 (10.10.1.2) first and back to 10.10.1.1.

Is there any way that host 192.168.200.1 will go directly to 10.10.1.1? I am trying to put the PBR statement on the inside-sw1 but it still passing to RTR-2.

the traceroute to 4.2.2.2 looks like this:

192.168.200.3 (HSRP VIP)

10.10.1.2

10.10.1.1

4.2.2.2

9 Replies 9

You can try using a PBR at the interface with IP 10.10.10.5 of the firewall (interface towards RTR-1) to route all traffic from 192.168.200.1 to the 10.10.10.1 ip. Similarly, for the reverse route, you may put routing information of the host only ip (255.255.255.255 subnet mask) and then route the entire subnet 192.168.200.0/24 separately

purohit_810
Level 5
Level 5

What about if you put default route at 192.168.200.1 as a 10.10.10.1?

" Drawing doesn't shows 10.10.1.1, so i consider 10.10.1.1 as a 10.10.10.1-RTR-1 "

Thanks,

Dharmesh Purohit

This will not work with the scenario.

yeah ... typo error ... that is 10.10.10.0/24

yeah ... typo error ... that is 10.10.10.0/24

a.alekseev
Level 7
Level 7

your traffic is going through firewall,

but you cannot do PBR on the firewall.

so RTR2 is the first hop, where you can do it.

[Pls RATE if HELPS]

looks like PBR on the firewall is not an option and i tried that too.

bmcginn
Level 3
Level 3

I don't think you can have traffic with source address 192.168.200.1 go directly to 10.10.10.1 (through 10.10.10.5) unless you send all traffic to 10.10.10.1. Firewalls don't support PBR (at least they don't that I know of) so you won't be able to route to 10.10.10.1 from 10.10.10.5 based on source address.

Have you thought about replacing the two layer 2 switches with layer 3 devices that can do PBR?

Is that the outside L2 switches you're referring to? Yeah, that is what i'm thinking...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco