Customized gateway for VLAN

Answered Question
Feb 15th, 2010

Hello

I am using a Catalyst 3750.

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)

I have several VLans on that catalyst and I'd like one of said VLans to used a specific default gateway,
which will not be the "regular/standard" default gateway.

IOW, whenever a packet is sent by some host on the VLAN in question, with an "unknown" destination,
I want it to be routed to a specific IP address, which is not the "defauklt gateway".

I tried to play with static routes, but I did not find how I could set the incoming interface


Thanks in advance

- Yves Gattegno

I have this problem too.
0 votes
Correct Answer by tdistlists about 6 years 9 months ago

Hey,

Depending on how much inter-vlan traffic you have, VRF-lite can be of help.

On the vlan interface that you want a different default gateway, you can put it in a different VRF. This will consult a different routing table than the global routing table -- so you can have a different gateway of last resort.

Then, for whatever segments you want communication between the two routing tables, you can use a number of redistribution methods, including static routes pointing to the other VRF/global routing table.

You need a min. code level of 12.2(25)SEC

Correct Answer by Jon Marshall about 6 years 9 months ago

YvesGattegno wrote:

Hello

I am using a Catalyst 3750.

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)

I have several VLans on that catalyst and I'd like one of said VLans to used a specific default gateway,
which will not be the "regular/standard" default gateway.

IOW, whenever a packet is sent by some host on the VLAN in question, with an "unknown" destination,
I want it to be routed to a specific IP address, which is not the "defauklt gateway".

I tried to play with static routes, but I did not find how I could set the incoming interface


Thanks in advance

- Yves Gattegno

Yves

You can normally use PBR which the 3750 supports with IPServices image. You need to change the sdm template to the routing template ie.

sdm prefer routing

However the 3750 does not support the "set ip default next-hop ..." which is what you need for your requirement. This command means that the the routing table is consulted first and if there is no match for the destination then the specificied next-hop is used.

But on the 3750 only the "set ip next-hop" command is available which does not consult the routing table at all.

So you would need to define the destination addresses in your route-map or you could just define the ones that you don't want to PBR eg.

lets says vlan 10 is the vlan you want to send traffic to the different next-hop. Also you have 2 other vlans - vlan 11 & 12

vlan 10 = 192.168.5.0/24

vlan 11 = 192.168.6.0/24

vlan 12 = 192.168.7.0/24

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x

int vlan 10

ip policy route-map PBR

what the above does is to route normally packets from 192.168.5.0/24 to 192.168.6/7.0/24 and then any other packets will be sent to the next-hop of x.x.x.x.  The idea is anything you want to route via the routing table you have to deny in acl 101 before the permit at the end.

The above is viable depending on how many routes you have on the 3750. If you only a few then you can do the above. If you have a lot then obviously it's not really practical to have to list all of them in the access-list as denies.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 02/15/2010 - 08:28

YvesGattegno wrote:

Hello

I am using a Catalyst 3750.

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)

I have several VLans on that catalyst and I'd like one of said VLans to used a specific default gateway,
which will not be the "regular/standard" default gateway.

IOW, whenever a packet is sent by some host on the VLAN in question, with an "unknown" destination,
I want it to be routed to a specific IP address, which is not the "defauklt gateway".

I tried to play with static routes, but I did not find how I could set the incoming interface


Thanks in advance

- Yves Gattegno

Yves

You can normally use PBR which the 3750 supports with IPServices image. You need to change the sdm template to the routing template ie.

sdm prefer routing

However the 3750 does not support the "set ip default next-hop ..." which is what you need for your requirement. This command means that the the routing table is consulted first and if there is no match for the destination then the specificied next-hop is used.

But on the 3750 only the "set ip next-hop" command is available which does not consult the routing table at all.

So you would need to define the destination addresses in your route-map or you could just define the ones that you don't want to PBR eg.

lets says vlan 10 is the vlan you want to send traffic to the different next-hop. Also you have 2 other vlans - vlan 11 & 12

vlan 10 = 192.168.5.0/24

vlan 11 = 192.168.6.0/24

vlan 12 = 192.168.7.0/24

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x

int vlan 10

ip policy route-map PBR

what the above does is to route normally packets from 192.168.5.0/24 to 192.168.6/7.0/24 and then any other packets will be sent to the next-hop of x.x.x.x.  The idea is anything you want to route via the routing table you have to deny in acl 101 before the permit at the end.

The above is viable depending on how many routes you have on the 3750. If you only a few then you can do the above. If you have a lot then obviously it's not really practical to have to list all of them in the access-list as denies.

Jon

Correct Answer
tdistlists Mon, 02/15/2010 - 10:17

Hey,

Depending on how much inter-vlan traffic you have, VRF-lite can be of help.

On the vlan interface that you want a different default gateway, you can put it in a different VRF. This will consult a different routing table than the global routing table -- so you can have a different gateway of last resort.

Then, for whatever segments you want communication between the two routing tables, you can use a number of redistribution methods, including static routes pointing to the other VRF/global routing table.

You need a min. code level of 12.2(25)SEC

Actions

This Discussion