cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
718
Views
0
Helpful
4
Replies

Transparent Bridging and Policy Based routing combination

rene.van.dalen
Level 1
Level 1

Hi all,

I wonder if it is possible to have an IOS router running transparent bridging doing Policy Based Routing based on the source IP address in the packet.

Situation is that we are adding a second Internet link to which we want to route the traffic from specific source addresses. Problem however is that our firewall doesn't support Policy Based Routing.

In order not to have to change the existing interface definitions and IP's on the firewalls it would be nice to be able to forward everything from source IP x.x.x.x to next hop x.x.x.1 and all from y.y.y.y to next hop y.y.y.1 but without needing to have additional L3 routing enabled between the current firewall and router.

rgds,

Rene

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Rene,

PBR requires an inbound L3 interface to work so it is not possible to have PBR working on traffic that is bridged.

Hope to help

Giuseppe

Rene

I do not have enough information about your environment to fully understand your need for Policy Based Routing, but I will accept that you need PBR. There is not anything in your post that explains why you need transparent bridging or how it is implemented and without knowing that it is difficult to advise on how to combine PBR and transparent bridging.

If you have implemented transparent bridging by turning off ip routing (the simple way to do transparent bridging) then the suggestion from Giuseppe is correct that you need a layer three interface for PBR and can not combine PBR with transparent bridging. If you have implemented transparent bridging using Integrated Routing and Bridging then IRB provides the layer three interface in the BVI and I believe that it would be possible to do PBR on the BVI (but I have never tested this and can not say for sure whether it would work).

Perhaps you can clarify your situation and we could give you better advice?

HTH

Rick

HTH

Rick

Hi guys,

Thanks for you comments. Understand that the traffic would have to go to L3 cause IP routing is done on L3.

Could IRB be implemented without changing the IP addresses on the Firewall and the Internet router, or would we have the firewall and the router to the IRB IP address ?

Sorry if I'm asking the wrong questions... am a bit green on IRB and BVI.....

regards,

Rene

Rene

I believe that we can not provide helpful or accurate advice without a better understanding of your environment. Can you provide some explanation of your environment: what connects to what, and what is doing the transparet bridging? You have mentioned an Internet router and a firewall. Is there an inside router? Perhaps a drawing might be helpful.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: