Router with two default routes

Answered Question
Oct 7th, 2008
User Badges:

Hi all,


I know that a single router can have two default routes on it but with varying priorities, but is it possible to configure the router in such a way that customer A goes to one default route whereas customer B goes through the other default route? Customer A and Customer B are connected to this router via different interfaces. So basically the idea is that Customer A goes to the internet via default route A and customer B goes to the internet via default route B. And all these guys are connected to the same router.



Any help is greatly appreciated.


Thanks!

Correct Answer by Marwan ALshawi about 8 years 7 months ago

lets say u have to defual routes like


ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2


and i will assume sourceA IPs 192.168.1.0/24

and sourceB 10.1.1.0/24


access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.10 0.0.0.255


policy-map A permit 10

match ip address 1

set ip next-hop 1.1.1.1



policy-map Bpermit 10

match ip address 2

set ip next-hop 2.2.2.2


apply policy A to the interface that customerA come through and the same idea for B


good luck

if helpful Rate



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Scott Cannon Tue, 10/07/2008 - 20:33
User Badges:

Sure can.


Create a policy map for each customer and assign it the interface they connect to. In the policy map set the next hop address to the gateway of your choice.


eg. (forgive any command hiccups, i'm going from memory)


config)# interface _whatever_

if)# ip policy route-map _whatever_

map)# set ip default next-hop _whatever_


HTH


Cheers

Scott




Scott Cannon Tue, 10/07/2008 - 20:35
User Badges:

Just a thought on that actually, you will need to create a match condition.


ie.

config)#ip access-list extended CustomerA

config)#permit ip any any [or wahtever is appropraite]

config)#ip policy route-map _whatever_

map)#match list CustomerA


HTH

Cheers

Scott

Correct Answer
Marwan ALshawi Wed, 10/08/2008 - 00:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

lets say u have to defual routes like


ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2


and i will assume sourceA IPs 192.168.1.0/24

and sourceB 10.1.1.0/24


access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 10.1.1.10 0.0.0.255


policy-map A permit 10

match ip address 1

set ip next-hop 1.1.1.1



policy-map Bpermit 10

match ip address 2

set ip next-hop 2.2.2.2


apply policy A to the interface that customerA come through and the same idea for B


good luck

if helpful Rate



Giuseppe Larosa Wed, 10/08/2008 - 12:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Muhammad,

if the two customers have also to be isolated and never talk to each other I would go to use VRF lite on your router:

this will allow you to have customerA and ISPA in a routing table and customerB and ISPB in another routing table


If this can be interesting for you look at


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vrf.html


otherwise PBR can be a good starting point as well explained in previous posts


Hope to help

Giuseppe


svanguilder Wed, 10/15/2008 - 12:43
User Badges:

Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.

svanguilder Wed, 10/15/2008 - 12:43
User Badges:

Does anyone know if I can do something similar on an ASA5510 firewall. I added a new connection to our device to be used for VPN traffic only. The only problem is I have a lot of remote access clients and L2L sites set up already and need to to move them one at a time. So changing my default route all in one fell swoop would nearly be impossible. I know I can do the L2L with Static routes, but the remote access clients are another story.

WabukiSensei Wed, 10/15/2008 - 18:31
User Badges:

Hello folks, thank you for the feedback. I haven't had a chance to try this out yet but I definitely will and subsequently rate your posts. Thanks again for the help.

Actions

This Discussion