10-07-2008 08:27 AM - edited 03-06-2019 01:48 AM
Hello,
I want, for example that the traffic from subnet 172.17.1.0/24 (Interface Vlan2) on all switches will be routed on the router (3750G) to another next hop as the routing table would do.
In the moment when I'm able to route from 172.17.1.0/24(interface vlan2) to 192.168.250.0/24 (interface vlan 20). Like I understand Policy-based routing I can't do this now, NOT when i configure it. So I will be routed always to the next hop i configured, but i think my configuration is not woking. because i still be routed directly.
Example Switch 1, 172.17.1.50-> over 172.17.1.10 -> 192.168.250.X.
I want 172.17.1.50 -> over 172.17.1.10 (router) -> 172.17.1.254
Policy Based Routing config:
SW-10#show route-map
route-map M, permit, sequence 10
Match clauses:
ip address (access-lists): Management
Set clauses:
ip next-hop 172.17.1.254
Policy routing matches: 0 packets, 0 bytes
Access List:
Standard IP access list Management
10 permit 172.17.1.0, wildcard bits 0.0.0.255
I hope somebody can help me or have any Idea how i can solve it.
A "static route" on the switch will will not be possiblen in my case. because only the traffic from this subnet should be allowed to route to this special Server. All other traffic mus be routed normally.
Thanks
Sebastian
Solved! Go to Solution.
10-07-2008 09:50 AM
What interface are you applying the route-map to?
If your router interface is on vlan 100, you would put the route-map on the vlan 100 interface of this router.
The next-hop IP address would be the VLAN 100 IP address of the other (second) router.
If you need to route to something specific on the second router, you can put a route-map on VLAN 100 on the second router, and set the next hop to be a physical interface or IP address on that second router.
Hope this helps!
10-07-2008 11:56 PM
as i understood from ur desicreption
u have vlan2 interface on ur switches and on L3 switch that do intervaln routing as well which is 3750G
make the default gateway for switches in vlan 2 as vlan 2 interface on 3750G
on the vlan 2 interface on the 3750G
apply the policy-route
good luck
10-07-2008 09:50 AM
What interface are you applying the route-map to?
If your router interface is on vlan 100, you would put the route-map on the vlan 100 interface of this router.
The next-hop IP address would be the VLAN 100 IP address of the other (second) router.
If you need to route to something specific on the second router, you can put a route-map on VLAN 100 on the second router, and set the next hop to be a physical interface or IP address on that second router.
Hope this helps!
10-07-2008 11:18 PM
Thank you very much, but I'm not sure...
I applied the route-map to "interface vlan2".
I want that only traffic which comes from the subnet 172.17.1.X and will go to any other subnet must go to next-hop 172.17.1.254 and will not routed directly via "Inter-vlan-routing".
Is this possible?
Here the example for the situation:
VLAN 2 is our Switch management. x.x.x.254 is our firewall for that subnet. when a trap comes from 172.17.1.20 he will go to 10.1.1.1 (Monitoring server), normaly he would use the default gateway of the router, because no interface on the router(This subnet is routed on the firewall). Then the firewall says this IP is not allowed on this interface, block.
When i make a static route all traffic which goes to the monitoring will go to 172.17.1.254, for example 192.168.250.x to 172.17.1.254, firewall said wrong ip on that interface...
So i want to use policy-bades routing..
Our security people want that nobody has direct access to the management subnet, it must be handelt by firewall..
10-07-2008 11:56 PM
as i understood from ur desicreption
u have vlan2 interface on ur switches and on L3 switch that do intervaln routing as well which is 3750G
make the default gateway for switches in vlan 2 as vlan 2 interface on 3750G
on the vlan 2 interface on the 3750G
apply the policy-route
good luck
10-08-2008 03:17 AM
Thanks to all...
I found the problem..
It was a mistake in the test I made and the next router was not configures right.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: