internet re-routing using static routes

Unanswered Question
Feb 16th, 2009

Hi,

We have two Internet connectivity in our office. One is through Leased line and other through Business ADSL line. Right now we are routing the Internet traffic manually for some of the vlans through ADSL and some are through Leased line.with out re-routing entire internet traffic will flow through leased line.hence we put route-map to divert the traffic to ADSL through policy based routing in L3 Core Switch and PATting through the pix.Now when the adsl link down we need to manually remove the subnet from the access-list so that the internet traffic will go through leased line. is there any way through which we can changeover the internet traffic between these line using static routing.

Please find the current setup and configs

Internet Leased line setup:-

================================

LL Modem ----> Internet Leased Router -----> Cisco PIX ---> Cisco Core L3 Switch -----> Users/Servers connected

Business ADSL Setup:-

=============================

ADSL Router -----> Cisco PIX ---> same Cisco Core L3 Switch -----> Users/Servers connected.

L3 -Core Switch

===============

route-map rerouting-vlan102 permit 10

match ip address route-to-adsl

set ip next-hop 10.0.0.138

!

route-map rerouting-vlan102 permit 20

!

route-map rerouting-vlan100 permit 10

match ip address route-to-adsl

set ip next-hop 10.0.0.138

!

route-map rerouting-vlan100 permit 20

!

route-map rerouting-vlan1 permit 10

match ip address route-to-adsl

set ip next-hop 10.0.0.138

interface Vlan100

description Users_local DHCP network: 10.1.100.0/24

ip address 10.1.100.254 255.255.255.0

ip helper-address 10.1.10.1

no ip proxy-arp

no ip route-cache

no ip mroute-cache

ip policy route-map rerouting-vlan100

!

interface Vlan101

description VLAN 101 interface (Users_static)

ip address 10.1.101.254 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

ip policy route-map rerouting-vlan101

!

interface Vlan102

description Workstation in DEV department (Static net: 10.1.102.0/24)

ip address 10.1.102.254 255.255.255.0

no ip proxy-arp

no ip route-cache

no ip mroute-cache

ip policy route-map rerouting-vlan102

!

interface Vlan103

description Aironet Wireless (10.1.103.0/24)

ip address 10.1.103.254 255.255.255.0

ip helper-address 10.1.10.1

no ip proxy-arp

no ip route-cache

no ip mroute-cache

ip policy route-map rerouting-vlan101

!

interface Vlan104

description AccessControlVLAN

ip address 10.1.104.254 255.255.255.0

!

interface Vlan110

description RO-VLAN

ip address 10.1.110.252 255.255.255.0

ip helper-address 10.1.10.1

!

interface Vlan199

description Satcom Temp Testing VLAN

ip address 10.1.199.254 255.255.255.0

ip policy route-map rerouting-vlan101

!

ip access-list extended route-to-adsl

deny ip any 10.0.0.0 0.255.255.255

deny ip any 192.168.0.0 0.0.255.255

deny ip any 194.177.108.0 0.0.0.255

deny ip any 172.16.0.0 0.15.255.255

deny ip any host 217.17.247.33

deny ip host 10.1.103.237 any

deny ip host 10.1.100.20 any

deny ip host 10.1.103.28 any

deny ip host 10.1.101.160 any

deny ip host 10.1.102.50 any

permit ip host 192.168.101.5 any

permit ip host 10.1.10.25 any

permit ip host 10.1.10.8 any

permit ip 10.1.199.0 0.0.0.255 any

permit ip host 10.1.10.108 any

permit ip host 10.1.110.118 any

permit ip host 10.1.10.64 any

permit ip host 10.1.30.50 any

permit ip host 10.1.40.1 any

permit ip 10.1.200.0 0.0.0.255 any

permit ip host 10.1.10.80 any

permit ip 10.1.101.0 0.0.0.255 any

permit ip 10.1.103.0 0.0.0.255 any

permit ip 10.1.102.0 0.0.0.255 any

permit ip 10.1.100.0 0.0.0.255 any

permit ip host 192.168.101.108 any

permit ip host 10.1.10.7 any

permit ip host 10.1.10.55 any

permit ip host 10.1.110.124 any

permit ip host 10.1.101.145 any

Thanks in advance

Regards,

Shibu

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
ohassairi Tue, 02/17/2009 - 00:14

your L3 switch must know if the adsl or LL is still up. this can be done by monitoring one IP address : if it can ping it then the connection is up.

for LL this can be the wan interface of your router.

for the adsl, it is more diffucult to determine. try the first isp router.

then you must use ip sla to check links state

!

ip sla monitor 1

type echo protocol ipIcmpEcho 212.0.100.2

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2

type echo protocol ipIcmpEcho 89.0.100.2

ip sla monitor schedule 2 life forever start-time now

!

track 123 rtr 1 reachability

track 321 rtr 2 reachability

---------------

then add in route map a second entry that forward packet to the PIX connected to the up link:

route-map mymap1 permit 10

match ip address 1

set ip next-hop verify-availability 212.0.100.2 10 track 123

set ip next-hop verify-availability 89.0.100.2 20 track 321

hope this help

orbitbahrain Tue, 02/17/2009 - 01:35

Dear,

Thanks for your quick response.

Appreciated.

by the by i tried the below command in my L3 switch (IP sla ,track .e.tc) but it does not recongnise in the system. i think my current IOS does not have the option to enable it.

We have the below IOS in place

Cisco Internetwork Operating System Software

IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I5S-M), Version 12.2(20)EWA, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by cisco Systems, Inc.

Compiled Wed 08-Sep-04 18:28 by kellythw

Image text-base: 0x00000000, data-base: 0x01224644

Any suggestion please

Thanks

shibu

Actions

This Discussion