Router with two default routes

Answered Question
Oct 7th, 2008

Hi all,

I know that a single router can have two default routes on it but with varying priorities, but is it possible to configure the router in such a way that customer A goes to one default route whereas customer B goes through the other default route? Customer A and Customer B are connected to this router via different interfaces. So basically the idea is that Customer A goes to the internet via default route A and customer B goes to the internet via default route B. And all these guys are connected to the same router.

Any help is greatly appreciated.

Thanks!

I have this problem too.
0 votes
Correct Answer by Marwan ALshawi about 8 years 3 months ago

lets say u have to defual routes like

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2

and i will assume sourceA IPs 192.168.1.0/24

and sourceB 10.1.1.0/24

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.10 0.0.0.255

policy-map A permit 10

match ip address 1

set ip next-hop 1.1.1.1

policy-map Bpermit 10

match ip address 2

set ip next-hop 2.2.2.2

apply policy A to the interface that customerA come through and the same idea for B

good luck

if helpful Rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Scott Cannon Tue, 10/07/2008 - 20:33

Sure can.

Create a policy map for each customer and assign it the interface they connect to. In the policy map set the next hop address to the gateway of your choice.

eg. (forgive any command hiccups, i'm going from memory)

config)# interface _whatever_

if)# ip policy route-map _whatever_

map)# set ip default next-hop _whatever_

HTH

Cheers

Scott

Scott Cannon Tue, 10/07/2008 - 20:35

Just a thought on that actually, you will need to create a match condition.

ie.

config)#ip access-list extended CustomerA

config)#permit ip any any [or wahtever is appropraite]

config)#ip policy route-map _whatever_

map)#match list CustomerA

HTH

Cheers

Scott

Correct Answer
Marwan ALshawi Wed, 10/08/2008 - 00:49

lets say u have to defual routes like

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2

and i will assume sourceA IPs 192.168.1.0/24

and sourceB 10.1.1.0/24

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.10 0.0.0.255

policy-map A permit 10

match ip address 1

set ip next-hop 1.1.1.1

policy-map Bpermit 10

match ip address 2

set ip next-hop 2.2.2.2

apply policy A to the interface that customerA come through and the same idea for B

good luck

if helpful Rate

Giuseppe Larosa Wed, 10/08/2008 - 12:56

Hello Muhammad,

if the two customers have also to be isolated and never talk to each other I would go to use VRF lite on your router:

this will allow you to have customerA and ISPA in a routing table and customerB and ISPB in another routing table

If this can be interesting for you look at

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vrf.html

otherwise PBR can be a good starting point as well explained in previous posts

Hope to help

Giuseppe

svanguilder Wed, 10/15/2008 - 12:43

Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.

svanguilder Wed, 10/15/2008 - 12:43

Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.

WabukiSensei Wed, 10/15/2008 - 18:31

Hello folks, thank you for the feedback. I haven't had a chance to try this out yet but I definitely will and subsequently rate your posts. Thanks again for the help.

Actions

This Discussion