Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
5
Helpful
5
Replies

OSPF 3550 with 4 dsl lines and pbr routing

Go to solution
danletkeman
Level 1
Level 1

‎03-25-2006 08:32 AM - edited ‎03-03-2019 02:28 AM

Hello,

I have 10 networks connected to a 3550 being routed with ospf. I have 4 dsl lines connected to the 3550 and I would like to route different networks to the different dsl internet lines. Currently all of the networks can see each other as planned. I have a default gateway setup on the router which is dslA. When i setup a pbr route-map all it does is forward all requests to one of the dsl lines and kills the ospf routing on that port. Here is an example of my config.

interface FastEthernet0/6

description to network five

no switchport

ip address 192.168.5.5 255.255.255.0

ip policy route-map dslc

!

interface FastEthernet0/13

description to DSLA

no switchport

ip address 10.51.1.1 255.255.255.0

!

interface FastEthernet0/14

description to DSLB

no switchport

ip address 10.51.2.1 255.255.255.0

!

interface FastEthernet0/15

description to DSLC

no switchport

ip address 10.51.3.1 255.255.255.0

ip classless

ip route 0.0.0.0 0.0.0.0 10.51.1.2

ip http server

!

access-list 101 permit ip any any

!

route-map dslc permit 10

match ip address 101

set ip next-hop 10.51.3.2

I would like for just the internet traffic to be policy routed and all of the network traffic to remain routed within the switch. Any help would be appreciated

Thanks,

Dan.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-25-2006 08:59 AM

Dan

I am not entirely clear what you are trying to accomplish. But if you put PBR on an interface and the access list in the route map says permit any any, then every packet coming in that interface will be policy routed. If you want normal routing for your internal traffic and policy routing for the rest then your access list needs to deny the internal traffic and permit the rest. (Note that deny in the access list will not deny the traffic through the interface but will only deny it the activity of policy routing.) Since I do not know your network topology I can not come up the the specific correct access list but based on what you have posted I would suggest that your access list should look something like this:

access-list 101 deny ip any 192.168.5.0 0.0.0.255

access-list 101 deny ip any 10.51.0.0 0.0.3.255

access-list 101 permit ip any any

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-25-2006 08:59 AM

Dan

I am not entirely clear what you are trying to accomplish. But if you put PBR on an interface and the access list in the route map says permit any any, then every packet coming in that interface will be policy routed. If you want normal routing for your internal traffic and policy routing for the rest then your access list needs to deny the internal traffic and permit the rest. (Note that deny in the access list will not deny the traffic through the interface but will only deny it the activity of policy routing.) Since I do not know your network topology I can not come up the the specific correct access list but based on what you have posted I would suggest that your access list should look something like this:

access-list 101 deny ip any 192.168.5.0 0.0.0.255

access-list 101 deny ip any 10.51.0.0 0.0.3.255

access-list 101 permit ip any any

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
danletkeman
Level 1
Level 1
In response to Richard Burts

‎03-25-2006 09:30 AM

Rick,

I'm not sure how else i can explain our setup, but here it goes.

Port 13-16 have linux dsl routers connected to them with ip addresses of 10.51.1.2 (dsla), 10.51.2.2 (dslb), 10.51.3.2 (dslc), 10.51.4.2 (dsld)

Most of the other ports on the switch are routed ports to different networks. eg. Port 6 is network 192.168.5.0/24. Port 7 is network 192.168.6.0/24

I have routing setup and working between all of the networks connected to the switch. I want to be able to keep the connectivity between the networks but use PBR to route the internet to a certain dsl line.

eg. network 192.168.6.0/24 to dslb

I know that it needs to be done with PBR and acl's but i'm not sure how the acl is supposed to look.

I also have port 20 on the switch connected to another ospf router with three more networks behind it. 192.168.13.0/24, 192.168.14.0/24, 192.168.18.0/24. I would like to PBR these to the internet as well.

Hope that makes more sense.

Thanks,

Dan.

0 Helpful

Go to solution
danletkeman
Level 1
Level 1
In response to danletkeman

‎03-25-2006 02:20 PM

It worked like a charm, after i removed the default route from the switch. It was always failing over to the default route if the next-hop that i specified was down. Does the default route take precidence over a route-map?

Dan.

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to danletkeman

‎03-25-2006 03:36 PM

Hi Dan,

The default route is only relevant when a packet does not match the access-list conditions for a route-map. In your case, the default route was being used when the next-hop was down.

An alternative solution to what you did is to use something like the following:

route-map PBR permit 10

match ip address 101

set ip next hop x.x.x.x

set interface null0

With the above, if a packet matches ACL 101 but the next-hop of x.x.x.x, the 'set interface null0' statement will be invoked and the packet will be dropped.

Paresh

Go to solution
danletkeman
Level 1
Level 1
In response to pkhatri

‎03-25-2006 09:16 PM

Thanks,

I was looking for a way to do that.

Dan.

0 Helpful
Customers Also Viewed These Support Documents