Solved: traffic of vlans to internet

erodrig · ‎08-03-2009

Hi

i have 5 vlans configured and two links to internet (172.17.6.254 and 172.17.6.253) i need that vlan 2 and 3 go to internet through 172.17.6.254 and vlan 4 and 5 through 172.17.6.253 how can i do this?

Jon Marshall · ‎08-03-2009

Eduardo

Policy Based Routing will do this.

vlan 2 = 192.168.5.0/24

vlan 3 = 192.168.6.0/24

vlan 4 = 192.168.7.0/24

vlan 5 = 192.168.8.0/24

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

access-list 101 permit ip 192.168.6.0 0.0.0.255 any

access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip 192.168.7.0 0.0.0.255 any

access-list 102 permit ip 192.168.8.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop 172.17.6.254

route-map PBR permit 20

match ip address 102

set ip next-hop 172.17.6.253

int vlan 2

ip policy route-map PBR

int vlan 3

ip policy route-map PBR

int vlan 4

ip policy route-map PBR

int vlan 5

ip policy route-map PBR

Jon

View solution in original post

Jon Marshall · ‎08-03-2009

Eduardo

Policy Based Routing will do this.

vlan 2 = 192.168.5.0/24

vlan 3 = 192.168.6.0/24

vlan 4 = 192.168.7.0/24

vlan 5 = 192.168.8.0/24

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

access-list 101 permit ip 192.168.6.0 0.0.0.255 any

access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 102 deny ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip 192.168.7.0 0.0.0.255 any

access-list 102 permit ip 192.168.8.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop 172.17.6.254

route-map PBR permit 20

match ip address 102

set ip next-hop 172.17.6.253

int vlan 2

ip policy route-map PBR

int vlan 3

ip policy route-map PBR

int vlan 4

ip policy route-map PBR

int vlan 5

ip policy route-map PBR

Jon

erodrig · ‎08-12-2009

thanks Jon, now is working