03-25-2006 08:32 AM - edited 03-03-2019 02:28 AM
Hello,
I have 10 networks connected to a 3550 being routed with ospf. I have 4 dsl lines connected to the 3550 and I would like to route different networks to the different dsl internet lines. Currently all of the networks can see each other as planned. I have a default gateway setup on the router which is dslA. When i setup a pbr route-map all it does is forward all requests to one of the dsl lines and kills the ospf routing on that port. Here is an example of my config.
interface FastEthernet0/6
description to network five
no switchport
ip address 192.168.5.5 255.255.255.0
ip policy route-map dslc
!
interface FastEthernet0/13
description to DSLA
no switchport
ip address 10.51.1.1 255.255.255.0
!
interface FastEthernet0/14
description to DSLB
no switchport
ip address 10.51.2.1 255.255.255.0
!
interface FastEthernet0/15
description to DSLC
no switchport
ip address 10.51.3.1 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.51.1.2
ip http server
!
access-list 101 permit ip any any
!
route-map dslc permit 10
match ip address 101
set ip next-hop 10.51.3.2
I would like for just the internet traffic to be policy routed and all of the network traffic to remain routed within the switch. Any help would be appreciated
Thanks,
Dan.
Solved! Go to Solution.
03-25-2006 08:59 AM
Dan
I am not entirely clear what you are trying to accomplish. But if you put PBR on an interface and the access list in the route map says permit any any, then every packet coming in that interface will be policy routed. If you want normal routing for your internal traffic and policy routing for the rest then your access list needs to deny the internal traffic and permit the rest. (Note that deny in the access list will not deny the traffic through the interface but will only deny it the activity of policy routing.) Since I do not know your network topology I can not come up the the specific correct access list but based on what you have posted I would suggest that your access list should look something like this:
access-list 101 deny ip any 192.168.5.0 0.0.0.255
access-list 101 deny ip any 10.51.0.0 0.0.3.255
access-list 101 permit ip any any
HTH
Rick
03-25-2006 08:59 AM
Dan
I am not entirely clear what you are trying to accomplish. But if you put PBR on an interface and the access list in the route map says permit any any, then every packet coming in that interface will be policy routed. If you want normal routing for your internal traffic and policy routing for the rest then your access list needs to deny the internal traffic and permit the rest. (Note that deny in the access list will not deny the traffic through the interface but will only deny it the activity of policy routing.) Since I do not know your network topology I can not come up the the specific correct access list but based on what you have posted I would suggest that your access list should look something like this:
access-list 101 deny ip any 192.168.5.0 0.0.0.255
access-list 101 deny ip any 10.51.0.0 0.0.3.255
access-list 101 permit ip any any
HTH
Rick
03-25-2006 09:30 AM
Rick,
I'm not sure how else i can explain our setup, but here it goes.
Port 13-16 have linux dsl routers connected to them with ip addresses of 10.51.1.2 (dsla), 10.51.2.2 (dslb), 10.51.3.2 (dslc), 10.51.4.2 (dsld)
Most of the other ports on the switch are routed ports to different networks. eg. Port 6 is network 192.168.5.0/24. Port 7 is network 192.168.6.0/24
I have routing setup and working between all of the networks connected to the switch. I want to be able to keep the connectivity between the networks but use PBR to route the internet to a certain dsl line.
eg. network 192.168.6.0/24 to dslb
I know that it needs to be done with PBR and acl's but i'm not sure how the acl is supposed to look.
I also have port 20 on the switch connected to another ospf router with three more networks behind it. 192.168.13.0/24, 192.168.14.0/24, 192.168.18.0/24. I would like to PBR these to the internet as well.
Hope that makes more sense.
Thanks,
Dan.
03-25-2006 02:20 PM
It worked like a charm, after i removed the default route from the switch. It was always failing over to the default route if the next-hop that i specified was down. Does the default route take precidence over a route-map?
Dan.
03-25-2006 03:36 PM
Hi Dan,
The default route is only relevant when a packet does not match the access-list conditions for a route-map. In your case, the default route was being used when the next-hop was down.
An alternative solution to what you did is to use something like the following:
route-map PBR permit 10
match ip address 101
set ip next hop x.x.x.x
set interface null0
With the above, if a packet matches ACL 101 but the next-hop of x.x.x.x, the 'set interface null0' statement will be invoked and the packet will be dropped.
Paresh
03-25-2006 09:16 PM
Thanks,
I was looking for a way to do that.
Dan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide