Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
2
Helpful
2
Replies

PBR: traffic "A" through leased line and the rest through the ADSL line!

istr
Level 1
Level 1

‎07-11-2003 10:12 AM - edited ‎03-02-2019 08:48 AM

Dear all,

we have the following setup:

1) cisco 1721 connected to the corporate LAN (catalyst switch).

2) SDSL router also connected to the corporate LAN (catalyst switch). This router connects us to ISP1 via leased line.

3) ADSL WIC on the 1721, which connects us to ISP2 via ADSL & PPPoA (easy IP)

Our aim was (that was included in a previous post, where i got a lot of help from the forum, thanx once more BTW) to achieve the following scheme:

A) Forward all traffic matched by a specific ACL (ACL 105) to the leased line, ie to the ip address of the SDSL router, which is on the same subnet as the IP address of the Fastethernet interface of the 1721. This is the router situated at the customer premises, not the ISP1. If the leased line fails (however, the IP of the SDSL router should still be up), this traffic should be forwarded to the ADSL line. (BTW would it be wise to change the config of the SDSL routers, so that it could be easier to detect the failure of the leased line? For example use bridging? Or is it not needed?). The leased line works without NAT.

B) Forward all other traffic, ie traffic matched by ACL 166 to the ADSL line. The ADSL line works with a dialer interface configured with "ip address negotiated". The difference is that ADSL line works with NAT. However, issuing the "ip nat inside" command on the Fastethernet interface of the router seems to solve this (it works automatically: when the traffic is returned from the dialer interface it is deNATed, whereas when the traffic returns from the leased line it works ok (no deNATing).

My problem is that the route-map does not work: traffic matching ACL105 is indeed forwarded via the leased line, but the rest of the traffic is forwarded via the leased line also! When i debug ip policy, i can see that the permit 20 is (correctly) used, but why does the traffic follow the second (A.B.C.2) and not the first (int dialer1) "set" statement?

I have studied almost everything i found about the PBR and the series of the set conditions, so i found out that this should be the proper way to have the leased line as primary for traffic matching ACL 105 and the ADSL line as primary for the rest. But it did not worked!

The router has intentionally no default route.

However, when i issue the command "ip route 0.0.0.0 0.0.0.0 dialer1" an i simultaneously remove the route-map from the fastethernetinterface, all traffic is correctly forwarded to tha ADSL line!

I attach the config:

------------------------

interface ATM0

bandwidth 6400

no ip address

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface FastEthernet0

ip address A.B.C.1 255.255.255.128

ip nat inside

ip policy route-map f0

speed auto

!

interface Dialer1

description connected to Internet

ip address negotiated

ip nat outside

encapsulation ppp

no ip split-horizon

dialer pool 1

dialer idle-timeout 0

dialer redial interval 10 attempts 3

dialer string 99999

dialer persistent

dialer-group 1

ppp pap sent-username ***@**.**password 7 ****

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

no ip http server

!

!

logging trap debugging

logging facility local5

access-list 1 permit A.B.C.D 0.0.0.127

access-list 105 permit tcp any eq 47624 any

access-list 105 permit udp any eq 47624 any

!

access-list 105 deny ip any any

access-list 166 permit ip any any

access-list 166 permit icmp any any

access-list 166 permit tcp any any

access-list 166 permit udp any any

!

dialer-list 1 protocol ip permit

!

route-map f0 permit 10

match ip address 105

set ip next-hop A.B.C.2

set default interface Dialer1

!

route-map f0 permit 20

match ip address 166

set interface Dialer1

set ip next-hop A.B.C.2

---------------------------------------

I would be grateful if you could enlighten me guys!

This setup is very important for me.

Thanx once more,

ilias

Labels:
0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎07-11-2003 10:28 AM

ilias,

I assume, the above config is for the 1720,

what is A.B.C.2 ?? is it ip address of the lan interface of SDSL router ?? Then you need to remove the default interface dialer 1 command under the first route-map instance. the route map should look like,

route-map f0 permit 10

match ip address 105

set ip next-hop A.B.C.2 ==== forward all traffic back to sdsl router

!

route-map f0 permit 20

match ip address 166

set interface Dialer1 =======forward remaining traffic through adsl line

And also you need to remove the next-hop command under second route-map instance 20.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

istr
Level 1
Level 1
In response to thisisshanky

‎07-12-2003 06:04 AM

Hi Sankar,

first of all thank you for your very fast reply!

Well, A.B.C.2 is the LAN address of the SDSL router as you correctly state.

However, given that there is no default route on the router, if i remove the default interface dialer 1 command (which is the set clause of the first permit of the route-map), what will happen if the A.B.C.2 fails (actually the WAN address of the SDSL would fail, but it is a router, so it would send traffic back to the 1721)? What would happen to the traffic matching ACL 105 at that case?

I think that when the match clause is met but the set clause is not met (in that case, would the fall of the WAN interface of the SDSL router cause packets to return to the 1721?), then the normal routing process (routing table) is utilised-but we do not have a routing table, except for the directly connected networks:

the LAN and the ADSL WAN, but no default-route at all!

Similarly, if i remove the next-hop command from the second route-map instance, what would happen if the dialer1 is up, but it has not received any IP from the ISP, because the ADSL line (int ATM 0) is down?

Once again, i think that when the match clause is met but the set clause is not met (in that case, how would the fall of the ATM interface of the 1721 router affect the dialer interface? I think the dialer 1 would still be up, but without IP address. Would that cause packets to return to the 1721?), then the normal routing process (routing table) is utilised-but we do not have a routing table, except for the directly connected networks:

the LAN and the ADSL WAN, but no default-route at all!

Did you have similar experience on something like that?

Yours,

ilias

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents