Hi,

With same access list, how can I segregate the traffic

I want to allow ip traffic destined for  1.1.1.1,2.2.2.2,3.3.3.3 ( Fictitious IP) to go through Lease Line

and all other traffic through PPPoe

Please help me to achieve this.

Thanks in advance.

Hi,

The segregation is done with the PBR policy applied ingress on the inside nat interface and you forgot to add it to the config.

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3

route-map PBR permit 10

match ip address 101

set ip next-hop 100.100.100.102

int g0/2

ip policy route-map PBR

Regards

Alain

Don't forget to rate helpful posts.

WoW Great Thanks  cadet alain

It working as desired.

This is my current config. I just want you help for last thing

If leased line goes down, I want to direct the user to PPPoe

However, if PPPoe, the users should NOT BE directed to leased line

int gi0/0

description << Leased Line >>

ip address 100.100.100.101 255.255.255.252

ip nat outside

no shut

int gi0/2

description << LAN Subnet>>

ip address 10.1.50.1 ip nat inside

ip policy route-map lease

no shut

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in max-reassemblies 512

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname XXXXXXXXXXXXXXX

ppp chap password 0 9860

ppp pap sent-username XXXXXXXXXXXXXXX  password 0 9860

no cdp enable

interface GigabitEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no shut

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

access-list 100 permit ip 10.1.50.0 0.0.0.255

route-map lease permit 10

match ip address 100

match interface gi0/0

route-map pppoe permit 10

match ip address 100

match interface dialer 0

ip nat inside source route-map lease interface gi0/0 overload

ip nat inside source route-map pppe interface dialer 0 overload

access-list 101 permit ip 10.10.1.50.0 0.0.0.255 host 1.1.1.1

acess-list 101 permit ip 10.1.50.0 0.0.0.255 host 4.2.2.2

route-map PBR permit 10

match ip address 101

set ip next-hop 100.100.100.102

ip route 0.0.0.0 0.0.0.0 dialer0

ip route 0.0.0.0 0.0.0.0 100.100.100.102

Hi,

So you want the http traffic that is policy routed (on leased line)to take the other path if leased line is down but you don't want other traffic that is routed to adsl to take leased line if adsl goes down ?

if this is the case you can  do this:

ip route 8.8.8.8 255.255.255.255 100.100.100.102

ip sla 1

icmp-echo 8.8.8.8 source-interface g0/0

ip sla schedule 1 start now life forever

track 1 ip sla 1(  or track 1 rtr 1)

route-map PBR p 10

no set ip next-hop 100.100.100.102

set ip next-hop verifi-reachability 100.100.100.102 1 track 1

no ip route 0.0.0.0 0.0.0.0 100.100.100.102

Regards

Alain

Regards

Alain

Don't forget to rate helpful posts.

Hi,

Thanks. I have around 15 IP's I want to route them to leased line.

How would be possible in that case ?

I appreciate your big help.

BR

That's was easy

I just add the below and its working

route-map PBR permit 10

match ip address 101

set ip next-hop 100.100.100.102

set interface dialer 0

Thanks a lot for your support. I truly appreciate. It as BIG HELP

God bless you.

Hi,

if you've got no connectivity through leased line ISP what you did won't work, you have to track an IP through this interface with the IP sla feature like I proposed.

Also if you leave both  default routes then traffic going through dialer interface will use leased line if dialer is down.

Anyway if you consider your case as resolved could you mark the thread as solved and rate helpful answers.

Regards

Alain

Don't forget to rate helpful posts.