Solved: Multiple ISP / VLAN routing question

strickj · ‎03-23-2010

How do I route a specific VLAN(s) out a specific ISP without interrupting all of the other VLANs.

We recently installed a new ISP(B) for our public wireless network that has a 7Mb circuit. We want that VLAN to be routed to that ISP and to not use our campus 100Mb ISP(A). We do have other wireless SSIDs on the 4402 that can use our campus connection. Each SSID is on its own VLAN.

Our setup is as follows:

VLANs --> 6509

|

/ \

public wireless rest of campus

| |

ASA5505 ASA5510

| |

ISP(B) ISP(A)

I have tried to implement route-maps but I cannot get it to work for some reason.

Public Wireless: 10.10.192.0 255.255.192.0

Authenticated Staff Wireless: 10.10.64.0 255.255.192.0

Authenticated Stud Wireless: 10.10.128.0 255.255.192.0

Wired connections are on various segments in the following: 172.17.x.x, 172.18.x.x, 172.27.x.x, 172.28.x.x, 172.22.x.x, 172.24.x.x, 172.19.x.x, 192.168.x.x

Any assistance is greatly appreciated.

Jon Marshall · ‎03-23-2010

strickj wrote:
How do I route a specific VLAN(s) out a specific ISP without interrupting all of the other VLANs.
We recently installed a new ISP(B) for our public wireless network that has a 7Mb circuit. We want that VLAN to be routed to that ISP and to not use our campus 100Mb ISP(A). We do have other wireless SSIDs on the 4402 that can use our campus connection. Each SSID is on its own VLAN.
Our setup is as follows:
     VLANs --> 6509
                        |
                 /              \
    public wireless   rest of campus
             |                       |
       ASA5505          ASA5510
             |                       |
        ISP(B)                ISP(A)
I have tried to implement route-maps but I cannot get it to work for some reason.
Public Wireless: 10.10.192.0 255.255.192.0
Authenticated Staff Wireless:  10.10.64.0 255.255.192.0
Authenticated Stud Wireless:  10.10.128.0 255.255.192.0
Wired connections are on various segments in the following: 172.17.x.x, 172.18.x.x, 172.27.x.x, 172.28.x.x, 172.22.x.x, 172.24.x.x, 172.19.x.x, 192.168.x.x
Any assistance is greatly appreciated.

Assuming the vlan you want to route via ISP B is 10.10.192.0/18 you can use PBR for this -

access-list 101 permit ip 10.10.192.0 0.0.63.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop

then on the L3 SVI for that vlan on the 6500 -

int vlan

ip policy route-map PBR

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

View solution in original post

Jon Marshall · ‎03-23-2010

strickj wrote:
How do I route a specific VLAN(s) out a specific ISP without interrupting all of the other VLANs.
We recently installed a new ISP(B) for our public wireless network that has a 7Mb circuit. We want that VLAN to be routed to that ISP and to not use our campus 100Mb ISP(A). We do have other wireless SSIDs on the 4402 that can use our campus connection. Each SSID is on its own VLAN.
Our setup is as follows:
     VLANs --> 6509
                        |
                 /              \
    public wireless   rest of campus
             |                       |
       ASA5505          ASA5510
             |                       |
        ISP(B)                ISP(A)
I have tried to implement route-maps but I cannot get it to work for some reason.
Public Wireless: 10.10.192.0 255.255.192.0
Authenticated Staff Wireless:  10.10.64.0 255.255.192.0
Authenticated Stud Wireless:  10.10.128.0 255.255.192.0
Wired connections are on various segments in the following: 172.17.x.x, 172.18.x.x, 172.27.x.x, 172.28.x.x, 172.22.x.x, 172.24.x.x, 172.19.x.x, 192.168.x.x
Any assistance is greatly appreciated.