cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
404
Views
0
Helpful
4
Replies

Policy based Routing

Hello,

I want, for example that the traffic from subnet 172.17.1.0/24 (Interface Vlan2) on all switches will be routed on the router (3750G) to another next hop as the routing table would do.

In the moment when I'm able to route from 172.17.1.0/24(interface vlan2) to 192.168.250.0/24 (interface vlan 20). Like I understand Policy-based routing I can't do this now, NOT when i configure it. So I will be routed always to the next hop i configured, but i think my configuration is not woking. because i still be routed directly.

Example Switch 1, 172.17.1.50-> over 172.17.1.10 -> 192.168.250.X.

I want 172.17.1.50 -> over 172.17.1.10 (router) -> 172.17.1.254

Policy Based Routing config:

SW-10#show route-map

route-map M, permit, sequence 10

Match clauses:

ip address (access-lists): Management

Set clauses:

ip next-hop 172.17.1.254

Policy routing matches: 0 packets, 0 bytes

Access List:

Standard IP access list Management

10 permit 172.17.1.0, wildcard bits 0.0.0.255

I hope somebody can help me or have any Idea how i can solve it.

A "static route" on the switch will will not be possiblen in my case. because only the traffic from this subnet should be allowed to route to this special Server. All other traffic mus be routed normally.

Thanks

Sebastian

2 Accepted Solutions

Accepted Solutions

lynne.meeks
Level 1
Level 1

What interface are you applying the route-map to?

If your router interface is on vlan 100, you would put the route-map on the vlan 100 interface of this router.

The next-hop IP address would be the VLAN 100 IP address of the other (second) router.

If you need to route to something specific on the second router, you can put a route-map on VLAN 100 on the second router, and set the next hop to be a physical interface or IP address on that second router.

Hope this helps!

View solution in original post

Marwan ALshawi
VIP Alumni
VIP Alumni

as i understood from ur desicreption

u have vlan2 interface on ur switches and on L3 switch that do intervaln routing as well which is 3750G

make the default gateway for switches in vlan 2 as vlan 2 interface on 3750G

on the vlan 2 interface on the 3750G

apply the policy-route

good luck

View solution in original post

4 Replies 4

lynne.meeks
Level 1
Level 1

What interface are you applying the route-map to?

If your router interface is on vlan 100, you would put the route-map on the vlan 100 interface of this router.

The next-hop IP address would be the VLAN 100 IP address of the other (second) router.

If you need to route to something specific on the second router, you can put a route-map on VLAN 100 on the second router, and set the next hop to be a physical interface or IP address on that second router.

Hope this helps!

Thank you very much, but I'm not sure...

I applied the route-map to "interface vlan2".

I want that only traffic which comes from the subnet 172.17.1.X and will go to any other subnet must go to next-hop 172.17.1.254 and will not routed directly via "Inter-vlan-routing".

Is this possible?

Here the example for the situation:

VLAN 2 is our Switch management. x.x.x.254 is our firewall for that subnet. when a trap comes from 172.17.1.20 he will go to 10.1.1.1 (Monitoring server), normaly he would use the default gateway of the router, because no interface on the router(This subnet is routed on the firewall). Then the firewall says this IP is not allowed on this interface, block.

When i make a static route all traffic which goes to the monitoring will go to 172.17.1.254, for example 192.168.250.x to 172.17.1.254, firewall said wrong ip on that interface...

So i want to use policy-bades routing..

Our security people want that nobody has direct access to the management subnet, it must be handelt by firewall..

Marwan ALshawi
VIP Alumni
VIP Alumni

as i understood from ur desicreption

u have vlan2 interface on ur switches and on L3 switch that do intervaln routing as well which is 3750G

make the default gateway for switches in vlan 2 as vlan 2 interface on 3750G

on the vlan 2 interface on the 3750G

apply the policy-route

good luck

Thanks to all...

I found the problem..

It was a mistake in the test I made and the next router was not configures right.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco