cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
527
Views
0
Helpful
4
Replies

Need help with PBR

martin.belisle
Level 1
Level 1

Hello I'm trying to setup PBR and ran into an issue.  I'm need to have dual default gateway depending on traffic, but I can only set PBR for 1 VLAN.  I need a default route in the routing table, and a default route for matching traffic in the PBR.

access-list 15 permit 172.20.0.0 0.0.255.255

route-map test-gateway permit 15

match ip address 15

set ip default next-hop 172.20.1.2

interface Vlan3

ip address 172.20.0.230 255.255.0.0

ip policy route-map test-gateway

ip route 0.0.0.0 0.0.0.0 172.19.16.5

ip route 172.26.105.0 255.255.255.0 172.26.104.240

ip route 172.26.106.0 255.255.255.0 172.26.104.240

ip route 199.105.176.0 255.255.248.0 172.19.18.12

ip route 199.105.184.0 255.255.254.0 172.19.18.12

ip route 205.183.246.0 255.255.255.0 172.19.18.12

ip route 207.96.197.0 255.255.255.0 172.19.16.5

ip route 208.134.161.0 255.255.255.0 172.19.18.12

So what I need is traffic from 172.20.0.0/16 using 172.20.1.2 as default gateway while other traffic will use the default gateway int the routing table.

Is that possible?

thanks for any help  :-)

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

martin.belisle@cgi.com

Hello I'm trying to setup PBR and ran into an issue.  I'm need to have dual default gateway depending on traffic, but I can only set PBR for 1 VLAN.  I need a default route in the routing table, and a default route for matching traffic in the PBR.

access-list 15 permit 172.20.0.0 0.0.255.255

route-map test-gateway permit 15

match ip address 15

set ip default next-hop 172.20.1.2

interface Vlan3

ip address 172.20.0.230 255.255.0.0

ip policy route-map test-gateway

ip route 0.0.0.0 0.0.0.0 172.19.16.5

ip route 172.26.105.0 255.255.255.0 172.26.104.240

ip route 172.26.106.0 255.255.255.0 172.26.104.240

ip route 199.105.176.0 255.255.248.0 172.19.18.12

ip route 199.105.184.0 255.255.254.0 172.19.18.12

ip route 205.183.246.0 255.255.255.0 172.19.18.12

ip route 207.96.197.0 255.255.255.0 172.19.16.5

ip route 208.134.161.0 255.255.255.0 172.19.18.12

So what I need is traffic from 172.20.0.0/16 using 172.20.1.2 as default gateway while other traffic will use the default gateway int the routing table.

Is that possible?

thanks for any help  :-)

Well yes it is possible and your config should do that. Does it not work ?

When you say you can only set PBR for 1 vlan, what exactly do you mean ?

Jon

Jon Marshall
Hall of Fame
Hall of Fame

martin.belisle@cgi.com


Actually your config is wrong - sorry my mistake.

You have "set ip default next-hop 172.20.1.2" which means check the routing table first then use PBR. You need to change that to -

"set ip next-hop 172.20.1.2"

Also you should change your acl to -

acl 101 permit ip 172.20.0.0 0.0.255.255 any

any traffic not matched in your acl ie. any non 172.20.0.0/16 traffic will be routed via the routing table.

Hi Jon thanks for the help.

The thing is now all traffic matching the ACL (172.20.0.0/16) will be routed to the default route, by-passing the routing table, but what I want to do is influence only the default route.  I don't want all my traffic from 172.20.0.0 going to 172.20.1.2, only what doesn't match the routing table excepting the default gateway.

Martin

How big is the routing table ?

What are the source IPs other than 172.20.0.0/16 ie. can you summarise the other source IPs or are there lots of them

Is the default-route in the routing table only used on this device or is it redistributed to other devices ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco