At one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out. At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch. I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this?
Please could you paste a topology diagram, that would help.
You would basically need static routing in this case. You dont need a PBR if you are doing a destination based routing. In this you want all the internet traffic going down via DSL, you can use a default route say on your 3650 switch to send all traffic to the router via DSL and any other HQ subnets to travel via a different link.
You can also use PBR in this case if there is a requirement to route traffic from one subnet/all the subnets/any host via DSL and rest other traffic to go via HQ.
As I mentioned depening upon the topology you could use either of the configuration. I would try to get this done via static routes as this would put less load on the router CPU vs the PBR which is done is software.
Sorry for the horrible drawing I just threw it together. So if I decide to specify routes on the switch I am guessing it would be something like a route for all private traffic to go to the router: ip route 192.168.1.0 255.255.255.0 192.168.1.1, then set a default route for internet traffic to go to firewall: ip route 0.0.0.0 0.0.0.0 192.168.1.3?
Thanks for the drawing. Yes your default route for the internet traffic looks fine. However I am not sure about the private traffic to your router. Unless, its just for an example, it would not fly. What are the subnets located in your HQ, you need to define those in your routes pointing towards the router.
This is fine. Make sure you have ip routing enabled on the 3560 switch adn you can see you static routes when you do a " show ip route".
I see what you are saying. So if my HQ subnet was something like 172.16.0.0 my route for internal traffic would need to look something like: 172.16.0.0 255.255.0.0 192.168.1.1? Destination/Mask/Next hop, correct?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...