Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PBR using dual ISP and single LAN subnet

Hello,

I have 2 ISP connections on the Cisco router 29121 i.e. Leased Line and PPPoe and single LAN subnet

I want to use PBR.

I want to allow ip traffic destined for  1.1.1.1,2.2.2.2,3.3.3.3 ( Fictitious IP) to go through Lease Line

and all other traffic through PPPoe

Please help me to achieve this.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

PBR using dual ISP and single LAN subnet

Hi,

here's an example

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3

access-list 100 permit  ip 192.165.5.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x  where x.x.x.x is leased line next-hop

int f0/0

description LAN interface

ip policy route-map PBR

ip nat inside

int dialer 1

desc pppoe

ip nat outside

int f0/1

desc leased line

ip nat outside

route-map NAT-leased p 10

match ip address 101

match interface f0/1

route-map NAT-pppoe p 10

match ip address 100

match interface dialer1

ip nat inside source route-map NAT-leased interface f0/1

ip nat inside source route-map NAT-pppoe interface dialer1

ip route 0.0.0.0 0.0.0.0 dialer1

ip route 0.0.0.0 0.0.0.0 x.x.x.x  where x.x.x.x is leased line next-hop

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
22 REPLIES
Hall of Fame Super Blue

PBR using dual ISP and single LAN subnet

LAN subnet  192.168.5.0/24

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x    <-- where x.x.x.x is the IP address of the next hop router via the lease line

int fa0/0  <-- this connects to your LAN subnet

ip policy route-map PBR

You should also have a default route on your router pointing to the PPPoE connection.

Jon

New Member

PBR using dual ISP and single LAN subnet

Thanks for a very quick response

How about the NAT setup ?

Hall of Fame Super Blue

PBR using dual ISP and single LAN subnet

You didn't ask about NAT

What do you want do with NAT ? Do you want to NAT to the interface the traffic goes out on ?

Jon

New Member

PBR using dual ISP and single LAN subnet

Sorry for that

Yes.

I want to NAT the traffic for  1.1.1.1,2.2.2.2,3.3.3.3 to Leased Line WAN interface

and other traffic to PPPoe WAN interface.

Thanks

Hall of Fame Super Blue

PBR using dual ISP and single LAN subnet

What about failover ie. if the leased line goes down do you then want all traffic via PPoE line and vice versa ?

Jon

New Member

PBR using dual ISP and single LAN subnet

HI,

Yes for sure.

Sorry for all the missing information in my question.

Hall of Fame Super Blue

PBR using dual ISP and single LAN subnet

Okay, have a look at this document. It is for PBR/NAT plus failover. It sends all traffic out of one link but you can modify it to meet your requirements -

https://supportforums.cisco.com/docs/DOC-8313

Jon

New Member

PBR using dual ISP and single LAN subnet

I have followed that article before but couldn't succeed. Please can help with the configuration without failover So I can start step by step.

Thanks

Hall of Fame Super Blue

PBR using dual ISP and single LAN subnet

Does you router support IP SLA ie. if you do -

router(config)# ip sla ?

what happens ?

Jon

New Member

PBR using dual ISP and single LAN subnet

Here you go.

However, failover is not that important for me now. I just want to setup the router with PBR and NAT.

Router(config)#ip sla ?

  <1-2147483647>          Entry Number

  auto                    IP SLAs Auto Configuration

  enable                  Enable IPSLA features

  endpoint-list           Endpoint list configuration

  ethernet-monitor        IP SLAs Auto Ethernet Configuration

  group                   Group Configuration or Group Scheduling

  key-chain               Use MD5 Authentication for IP SLAs Control Messages

  logging                 Enable Syslog

  low-memory              Configure Low Water Memory Mark

  reaction-configuration  IP SLAs Reaction-Configuration

  reaction-trigger        IP SLAs Trigger Assignment

  reset                   IP SLAs Reset

  responder               Enable IP SLAs Responder

  restart                 Restart An Active Entry

  schedule                Entry Scheduling

  server                  IPPM server configuration

Thanks for your help

Purple

PBR using dual ISP and single LAN subnet

Hi,

here's an example

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3

access-list 100 permit  ip 192.165.5.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x  where x.x.x.x is leased line next-hop

int f0/0

description LAN interface

ip policy route-map PBR

ip nat inside

int dialer 1

desc pppoe

ip nat outside

int f0/1

desc leased line

ip nat outside

route-map NAT-leased p 10

match ip address 101

match interface f0/1

route-map NAT-pppoe p 10

match ip address 100

match interface dialer1

ip nat inside source route-map NAT-leased interface f0/1

ip nat inside source route-map NAT-pppoe interface dialer1

ip route 0.0.0.0 0.0.0.0 dialer1

ip route 0.0.0.0 0.0.0.0 x.x.x.x  where x.x.x.x is leased line next-hop

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

PBR using dual ISP and single LAN subnet

Thanks.

I am failover looking in this manner

If ISP 1 goes down, the client should be directed to ISP2

However, ISP2 goes down, client should NOT BE directed to ISP1

New Member

PBR using dual ISP and single LAN subnet

Now i'll give a try with your configuration.

New Member

PBR using dual ISP and single LAN subnet

I've configured the router :

Its not working as expected. I can ping from router but unable to browse from the client ( both ISP connection)

Here is the config

interface GigabitEthernet0/0

description << Leased Line >>

ip address 100.100.100.101 255.255.255.252

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description << PPPoe >>

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/2

ip address 10.1.50.2 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in max-reassemblies 512

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname XXXXXXXXXXXXXX

ppp chap password 0 9860

ppp pap sent-username XXXXXXXXXXXXXXXXXX password 0 9860

no cdp enable

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source route-map leased interface GigabitEthernet0/0 overload

ip nat inside source route-map pppoe interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 0.0.0.0 0.0.0.0 100.100.100.102

!

access-list 100 permit ip 10.1.50.1 0.0.0.255 any

access-list 101 permit ip 10.1.50.0 0.0.0.255 host 2.2.2.2 ( Fictitious IP)

!

route-map leased permit 10

match ip address 101

match interface GigabitEthernet0/0

!

route-map pppoe permit 10

match ip address 100

match interface Dialer0

!

!

Purple

PBR using dual ISP and single LAN subnet

Hi,

You forgot the PBR policy under g0/2 and the PBR route-map.

Right now you have got 2 default routes of equal longest match and same AD so CEF will load-share per src-dst IP and will select  one outgoing interface for communication between 2 end points but you can't predict which one it will choose for a particular communication.If CEF is using one outgoing interface for your client  http connection to this destination then the NAT route-map must match the outgoing interface and if this not the case it won't work.

This is due to   a wrong nat route-map statement I proposed so do this:

route-map leased permit 10

no match ip address 101

match ip address 100

match interface GigabitEthernet0/0

!

route-map pppoe permit 10

match ip address 100

match interface Dialer0

And don't forget the PBR if you want to force this traffic out a particuliar interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

PBR using dual ISP and single LAN subnet

Hi,

With same access list, how can I segregate the traffic

I want to allow ip traffic destined for  1.1.1.1,2.2.2.2,3.3.3.3 ( Fictitious IP) to go through Lease Line

and all other traffic through PPPoe

Please help me to achieve this.

Thanks in advance.

Purple

PBR using dual ISP and single LAN subnet

Hi,

The segregation is done with the PBR policy applied ingress on the inside nat interface and you forgot to add it to the config.

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 1.1.1.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 2.2.2.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 host 3.3.3.3

route-map PBR permit 10

match ip address 101

set ip next-hop 100.100.100.102

int g0/2

ip policy route-map PBR

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

PBR using dual ISP and single LAN subnet

WoW Great Thanks  cadet alain

It working as desired.

This is my current config. I just want you help for last thing

If leased line goes down, I want to direct the user to PPPoe

However, if PPPoe, the users should NOT BE directed to leased line

int gi0/0

description << Leased Line >>

ip address 100.100.100.101 255.255.255.252

ip nat outside

no shut

int gi0/2

description << LAN Subnet>>

ip address 10.1.50.1 ip nat inside

ip policy route-map lease

no shut

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in max-reassemblies 512

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname XXXXXXXXXXXXXXX

ppp chap password 0 9860

ppp pap sent-username XXXXXXXXXXXXXXX  password 0 9860

no cdp enable

interface GigabitEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no shut

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

access-list 100 permit ip 10.1.50.0 0.0.0.255

route-map lease permit 10

match ip address 100

match interface gi0/0

route-map pppoe permit 10

match ip address 100

match interface dialer 0

ip nat inside source route-map lease interface gi0/0 overload

ip nat inside source route-map pppe interface dialer 0 overload

access-list 101 permit ip 10.10.1.50.0 0.0.0.255 host 1.1.1.1

acess-list 101 permit ip 10.1.50.0 0.0.0.255 host 4.2.2.2

route-map PBR permit 10

match ip address 101

set ip next-hop 100.100.100.102

ip route 0.0.0.0 0.0.0.0 dialer0

ip route 0.0.0.0 0.0.0.0 100.100.100.102

Purple

PBR using dual ISP and single LAN subnet

Hi,

So you want the http traffic that is policy routed (on leased line)to take the other path if leased line is down but you don't want other traffic that is routed to adsl to take leased line if adsl goes down ?

if this is the case you can  do this:

ip route 8.8.8.8 255.255.255.255 100.100.100.102

ip sla 1

icmp-echo 8.8.8.8 source-interface g0/0

ip sla schedule 1 start now life forever

track 1 ip sla 1(  or track 1 rtr 1)

route-map PBR p 10

no set ip next-hop 100.100.100.102

set ip next-hop verifi-reachability 100.100.100.102 1 track 1

no ip route 0.0.0.0 0.0.0.0 100.100.100.102

Regards

Alain

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

PBR using dual ISP and single LAN subnet

Hi,

Thanks. I have around 15 IP's I want to route them to leased line.

How would be possible in that case ?

I appreciate your big help.

BR

New Member

PBR using dual ISP and single LAN subnet

That's was easy

I just add the below and its working

route-map PBR permit 10

match ip address 101

set ip next-hop 100.100.100.102

set interface dialer 0

Thanks a lot for your support. I truly appreciate. It as BIG HELP

God bless you.

Purple

PBR using dual ISP and single LAN subnet

Hi,

if you've got no connectivity through leased line ISP what you did won't work, you have to track an IP through this interface with the IP sla feature like I proposed.

Also if you leave both  default routes then traffic going through dialer interface will use leased line if dialer is down.

Anyway if you consider your case as resolved could you mark the thread as solved and rate helpful answers.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
289
Views
5
Helpful
22
Replies