Hi have heard about Policy Based Routing, and i dont know if exist a better way to doing what i want.
The main goal, is to choose a diferent destination next hop ip address, from a Wan site router, with 2 diferent networks in their LAN.
I wanna do this in my Wan router, not in client Wan router.
Lan Subnet: 172.23.55.0 / 24
2nd Lan Subnet: 172.24.55.0 / 24
IP WAN 192.168.156.26 / 30 - RIP - OSPF (ISP)
Default Gateway: 172.20.0.254 / 24
Interface Vlan 1135 - IP WAN 192.168.156.2 / 30 <-> OSPF - ISP - RIP (192.168.156.25 / 30) <-> Remote Site
Interface GigabitEthernet1/0/24 - Trunk 1135, more...
Gateway for source network 172.24.55.0 - 172.20.1.254
I've seen that configuration before, but this Wan Link, is a multi-remote sites one.
Each site will have a secondary Lan Address, and traffic sourced on that networks must have a diferent next hop address, from the the Principal Lan Address Remote Sites.
In my Central Site Router, the routes for remote sites are learned from OPSF, but i have other Vlans in the same interface that i dont want to participate on this PBR.
Should i apply the PBR only in the Vlan1135 ?
Here are an example "show ip route ospf"
O E2 172.23.54.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 1 - Lan)
O E2 172.24.54.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 1 - Secundary Lan)
O E2 172.23.62.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 2)
O E2 172.23.61.0 [110/1000] via 192.168.156.1, 21:38:39, Vlan1135 (Site 3)
description Connected to WAN
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1135,"others"
switchport mode trunk
ip address 192.168.156.2 255.255.255.252
ip ospf hello-interval 3
router ospf 1135
redistribute connected metric 1 subnets
redistribute static subnets
network 192.168.156.0 0.0.0.3 area 0
If there are any other simple way of doing this, please fill free to comment.
Hi have reading some documents, and found the folowing sentence regarding PBR:
"Enabling PBR -
To enable PBR, you must create a route map that specifies the match criteria and the resulting action if all of the match clauses are met. Then, you must enable PBR for that route map on a particular interface.
***All packets arriving on the specified interface matching the match clauses will be subject to PBR. ***
And the all rest ?
Pass's trough with out any policy?
The reference interface could be a interface VLAN, the example one, 1135 ?
In my case, all that is not matching 172.24.0.0, will passtrought as the policy wasn't exist? saying in other words, is not filtered ?
We appreciate you efforts that your are puuting to make us understand you requirement but its a little complex to understand it correctly.A brief network topology/diagram would help us to understand the exact requirement that you have.
As far as PBR traffic is concerned, If there is a certain type of traffic which doesnot match route map, it will not be policy routed and will passthrough using the normal routing table lookup. It doesnot drop that trraffic.
Do you want that traffic to be dropped? What is the exact requirement here on this front ??
All, that i want is to destinguish the Source of the packets that is arrinving at my wan interface, (Vlan1135), from remote sites.
I will need to create a Secondary LAN Addressing in my remote sites, and the people having that 2nd range, will have a different next hop address at my central site.
They should be routed to a different router than the other guys in the same location but in a different remote LAN network.
I'll try to design a scheme for ur understanding.
By the way, i just started the Access-list to match the 2nd LAN Address, and is not matching any packet, when i do a ping sourced in Secondary address Lan.
"access-list 25 permit 172.24.55.0 0.0.0.255 log"
The source's of the packet will change if u have a routing network between the sites ?
I'm trying to put this running fast, and was just configuring the default configuration.
I've just barred when i was trying to config the interface Vlan 1135, "ip policy route-map NAME" command.
It says "%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing", and as i could search, the L3Switch, needs a reload after change the sdm prefer to routing. (It have a desktop default template).
My N?x question is:
As i have another type of routing in here, ip route vrf, ip route and ospf, this will be affecting the other routing processes ?
You have to enable SDM " routing template " to use the policy based routing. This will not effect the other features that you have enabled for routing. The routing template maximizes system resources for unicast routing.
Please try putting the network diagram and a brief explanation to suggest the design/config gurther.
I did see your overall topology and the configurations that you want to do. I could see that you have multiple remote sites connected over MPLS WAN and are coming on Vlan1135. Here is what we will do:
1. Configure the " SDM template to routing " on 3750.
2. Reload the switch and it will get the new template config.
3. Configure the policy based routing for all the secondry subnets that you want the traffic to be forwraded to TESTIE router.You can configure a single access-list.
4. Apply the route map to " VLAN 1135" SVI i.e the L3 interface.
I think once we do that, we should be able to policy route the traffic.
HTH,Please rate if it does.