Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy-Based Routing - Cisco 1811

Hi,

I have two Cisco 1811 routers, each router has a WAN connection and at least one local subnet connected.

Router #A

IF_WAN          IP_ISP_A

IF_VLAN01     10.10.10.1

IF_VLAN02     10.10.11.1

IF_VLAN03     192.168.7.252

Router #B

IF_WAN         IP_ISP_B

IF_VLAN04     192.168.7.254

I need to re-route traffic from IF_VLAN02 to use IP_ISP_B to connect to the internet.


I created an ACL

ip access-list extended reroutetest
permit ip 10.10.11.0 0.0.0.255 any


A route-map

route-map reroutetest permit 10
match ip address reroutetest
set ip next-hop 192.168.7.254


and assigned the route-map to IF_VLAN02

interface vlan 108

ip policy route-map reroutetest


On router #B i created a static route and added a NAT rule so that the packets find their way back to router #A

From a client on the subnet I need to re-route (IF_VLAN02) I run a tracert to google DNS server.

Tracing route to 8.8.8.8 over a maximum of 30 hops

1     7ms     3ms     <1ms     10.10.11.1

2     1ms     <1ms    <1ms     192.168.7.254

3     *       *       *        *

4     25ms    25ms    25ms     8.8.8.8

So it seems to work fine. However, at this point I cannot connect from IF_VLAN02 to IF_VLAN01 anymore.

How can I reroute IF_VLAN02 traffic without loosing connectivity to IF_VLAN01?

router #a config is attached to this post Any help would be greatly appreciated!

regards

Sebastian

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Policy-Based Routing - Cisco 1811

Hello Sebastian,

you need a line to deny = do not apply PBR for inter vlan routing

something like:

ip access-list extended reroutetest
deny ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.10.11.0 0.0.0.255 any

traffic denied will be routed normally that is what you want to do

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Silver

Re: Policy-Based Routing - Cisco 1811

Hello Sebastian,

you need a line to deny = do not apply PBR for inter vlan routing

something like:

ip access-list extended reroutetest
deny ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.10.11.0 0.0.0.255 any

traffic denied will be routed normally that is what you want to do

Hope to help

Giuseppe

New Member

Re: Policy-Based Routing - Cisco 1811

Hello giuslar,

I tried that before but there must have been a typo somewhere. It works fine now!


Thank You!

363
Views
0
Helpful
2
Replies
CreatePlease login to create content