×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PBR ACL configuration to PBR certain hosts

Unanswered Question
Mar 29th, 2006
User Badges:

Hello,


I have a route-map setup on a port to route only internet traffic to the next-hop. I would like to be able to route-map one of the ip's on the network that is being routed to a different next-hop. Here is my config:


ip access-list extended inet

deny ip any 192.168.0.0 0.255.255.255 (this is the network accessing the internet)

deny ip any 10.50.1.0 0.255.255.255 (this is the network on my switches)

deny ip any 10.51.3.0 0.255.255.255 (this is the network with different gateways to the internet)

permit ip any any

!

route-map dsl01 permit 10

match ip address inet

set ip next-hop 10.51.3.2


So the route-map is assigned to port 5 on the switch and it routes internet traffic to 10.51.3.2. But I would like to be able to route just machine 192.168.0.1 to a different hop (10.51.3.3). Can this be done in the route-map or acl?


Thanks,


Dan.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
pkhatri Wed, 03/29/2006 - 14:40
User Badges:
  • Purple, 4500 points or more

Dan,


Try this:


ip access-list extended list1

permit ip host 192.168.0.1 any

!

ip access-list extended inet

deny ip any 192.168.0.0 0.255.255.255 (this is the network accessing the internet)

deny ip any 10.50.1.0 0.255.255.255 (this is the network on my switches)

deny ip any 10.51.3.0 0.255.255.255 (this is the network with different gateways to the internet)

permit ip any any

!

route-map dsl01 permit 5

match ip address list

set ip next-hop 10.51.3.3

!

route-map dsl01 permit 10

match ip address inet

set ip next-hop 10.51.3.2


Hope that helps - pls rate the post if it does.


Paresh

vladrac-ccna Wed, 03/29/2006 - 17:10
User Badges:
  • Silver, 250 points or more

That should work fine!

just dont forget the list1 ;)


Vlad

pkhatri Wed, 03/29/2006 - 17:13
User Badges:
  • Purple, 4500 points or more

Damn.. gotta learn to type. Thanks Vlad.


Here's the corrected config:


ip access-list extended list1

permit ip host 192.168.0.1 any

!

ip access-list extended inet

deny ip any 192.168.0.0 0.255.255.255 (this is the network accessing the internet)

deny ip any 10.50.1.0 0.255.255.255 (this is the network on my switches)

deny ip any 10.51.3.0 0.255.255.255 (this is the network with different gateways to the internet)

permit ip any any

!

route-map dsl01 permit 5

match ip address list1

set ip next-hop 10.51.3.3

!

route-map dsl01 permit 10

match ip address inet

set ip next-hop 10.51.3.2



Paresh

Actions

This Discussion