06-17-2009 04:08 PM - edited 03-06-2019 06:19 AM
Need help configuring the cisco 2600 router to make sure the two subnet are directed thru two separate ports to a firewall. Then, from the firewall it connects to my internet service provider.
1) The security levels including port traffic allow individual ips or subnets will be handle at the firewall.
2)I'd like to be able to direct the two individual subnet going out from the router to the firewall thru two separate interfaces.
So, the two subnets comes thru a singel interface in the cisco 2600 router. And, the subnets are routed to navigate thru two separate interfaces.
internal subnets:
(labs)192.168.1.0 /24
(employees) 192.168.2.0 /24
router and switches management subnet:
10.2.1.0 /24
Can you provide cisco router code examples on how to acomplish this goal?
Thanks
06-19-2009 07:15 PM
I would use a route map on your router:
access-list 100 permit 192.168.1.0 0.0.0.255
route-map source permit 10
match ip address 100
set ip default next-hop
As long as you have your default route set to the interface for the employees traffic, the route map will catch all of the lab traffic and direct it to the other interface.
Hope that helps
06-20-2009 09:59 AM
Hi,
set ip default next-hop will policy route the packet only if there is not route available in the RIB.
You need to use the set ip next-hop instead which will do the opposite.
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
HTH
Laurent.
06-20-2009 10:12 AM
Hey Laurent,
Can you clarify a bit? Assuming his traffic is destined for the internet there wouldn't be a route in the RIB don't you think?
Thanks,
--Brandon
06-22-2009 05:16 AM
Hi Brandon,
Your solution suggests employee traffic will use a default-route and PBR will focus on LAB traffic. In this case, set ip default next-hop will not forward the lab traffic to another interface if the default route is in the RIB.
Personally, I would use the following config:
route-map PBR permit 10
match ip address
set ip next-hop NH1
!
route-map PBR permit 10
match ip address
set ip next-hop NH2
!
But may be I missed something in your solution Brandon.
HTH
Laurent.
06-22-2009 05:10 PM
Hi Laurent,
Thanks for clarifying. The reason I'm curious is because I'm using PBR to do pretty much the same thing as what he wants to do and I'm using a default route for half of my traffic. I use PBR on my ISP facing router to seperate traffic between my two ISP's. I match one IP range and send it down one link, and the rest is default routed out the other link.
I like your solution though -- there's no guess work about who goes where.
Thanks,
--Brandon
06-23-2009 02:30 AM
Is any one has a cisco 2620xm and cisco 2621xm ios software.(c2600-i-mz.123-10.bin)
tnx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide