I have two routers R1 and R2 who share the same broadcast domain. R1 is the DHCP server and R1 knows how to get to the internet but doesn't support PBR or additional static routes. R2 only knows how to get to subnet 1 and subnet 2, not to the Internet but does support PBR. Clients introduced on the network will belong to the same subnet/broadcast domain as R1 and R2. Clients should be able to reach subnets 1 and 2 and the Internet. These are the conditions I've got to work with.
So, I have got the DHCP server (R1) configured with default gateway option set to R2. Clients now send all traffic to R2. On R2, I have configured PBR to forward traffic for subnet 1 and 2 and then set the default next hop for all other traffic (Internet) to R1. Now, because the client has R2 as the default route, the intial TCP SYN it sends for a website goes to R2 (first packet dropped then ..). R2 then responds to the client with ICMP redirect to R1 and then the client forwards all traffic to R1 (client resends TCP SYN, there is the added ARP resolution etc). This process repeats for every new connection and I am not sure of its effects on other protocols, e.g. VPN.
Is there a better implementation?
Also, if R2 has L3 access-lists (non PBR ACLs) on its interface, will packets from clients be evaluated against these ACLs prior to PBR or for that matter even after?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.