Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2 different default routes for 2 different networks

I have a 3560 doing ip routing using eigrp.  I have 2 separate vlans, 1 is 10.15.16.0/24, and the other is 172.16.166.0/24.  I have 2 separate Firewalls that I want to have dedicated for each vlan.  How can I set a default route for the 10 subnet to 1 firewall, and a different default route for the 172 subnet for the other firewall?

thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: 2 different default routes for 2 different networks

david-flores wrote:

I have a 3560 doing ip routing using eigrp.  I have 2 separate vlans, 1 is 10.15.16.0/24, and the other is 172.16.166.0/24.  I have 2 separate Firewalls that I want to have dedicated for each vlan.  How can I set a default route for the 10 subnet to 1 firewall, and a different default route for the 172 subnet for the other firewall?

thanks.

You will need to use PBR and you will need IPServices on your 3560. Config would look like -

access-list 101 permit ip 10.15.16.0 0.0.0.255 any

access-list 102 permit ip 172.16.166.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x <-- where x.x.x.x is the firewall for this vlan

route-map PBR permit 20

match ip address 102

set ip next-hop y.y.y.y  >-- where y.y.y.y is the firewall for this vlan

then apply the route-map to each vlan interface eg.

int vlan 10

ip address 10.15.16.1 255.255.255.0

ip policy route-map PBR

int vlan 11

ip address 172.16.166.1 255.255.255.0

ip policy route-map PBR

Alternatively you could use vrf-lite (i think IPServices is needed for this as well) which allows each vlan to have it's own dedicated routing table on the 3560 but if you want the 2 vlans to be able to talk to each other PBR would be better. If you want these 2 vlans not to talk to ech other then vrf-lite is the way to go.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: 2 different default routes for 2 different networks

david-flores wrote:

I have a 3560 doing ip routing using eigrp.  I have 2 separate vlans, 1 is 10.15.16.0/24, and the other is 172.16.166.0/24.  I have 2 separate Firewalls that I want to have dedicated for each vlan.  How can I set a default route for the 10 subnet to 1 firewall, and a different default route for the 172 subnet for the other firewall?

thanks.

You will need to use PBR and you will need IPServices on your 3560. Config would look like -

access-list 101 permit ip 10.15.16.0 0.0.0.255 any

access-list 102 permit ip 172.16.166.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x <-- where x.x.x.x is the firewall for this vlan

route-map PBR permit 20

match ip address 102

set ip next-hop y.y.y.y  >-- where y.y.y.y is the firewall for this vlan

then apply the route-map to each vlan interface eg.

int vlan 10

ip address 10.15.16.1 255.255.255.0

ip policy route-map PBR

int vlan 11

ip address 172.16.166.1 255.255.255.0

ip policy route-map PBR

Alternatively you could use vrf-lite (i think IPServices is needed for this as well) which allows each vlan to have it's own dedicated routing table on the 3560 but if you want the 2 vlans to be able to talk to each other PBR would be better. If you want these 2 vlans not to talk to ech other then vrf-lite is the way to go.

Jon

New Member

Re: 2 different default routes for 2 different networks

Thanks Jon.

452
Views
0
Helpful
2
Replies
CreatePlease login to create content