Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy routing via address ranges

Is it possible to use policy routing based on ranges of a subnet? I want to have 192.168.1.1-100 go out e0 and 192.168.1.101-250 go out e1. From what I've read it only looks like policy routing works with route-maps using access lists

5 REPLIES
Purple

Re: Policy routing via address ranges

You certainly can.. just use multiple lines in your ACLs to cover each range.

For example,

192.168.1.1-100 can be covered by:

access-list 1 permit 192.168.1.0 0.0.0.63

access-list 1 permit 192.168.1.64 0.0.0.31

access-list 1 permit 192.168.1.96 0.0.0.3

access-list 1 permit 192.168.1.100 0.0.0.0

And use the following for everything else:

access-list 1 permit 192.168.1.0 0.0.0.255

So you can use the following:

route-map PBR permit 10

match ip address 1

set interface e0

!

route-map PBR permit 20

match ip address 2

set interface e1

Hope that helps - pls rate the post if it does.

Paresh

Re: Policy routing via address ranges

Hello,

Just a slight correction of a few things in the previous post:

It has to be

access-list 2 permit 192.168.1.0 0.0.0.255

And you have to apply the route-map on the input interface of your traffic - f.e. Serial0:

interface Serial0

ip address 10.1.1.1 255.255.255.252

ip policy route-map PBR

The route-map would have to look like:

route-map PBR permit 10

match ip address 1

set ip next-hop

!

route-map PBR permit 20

match ip address 2

set ip next-hop

Hope this helps! Please rate all posts.

Regards, Martin

Purple

Re: Policy routing via address ranges

Whoops :-)

Thanks Martin.

Regards

Paresh

New Member

Re: Policy routing via address ranges

thanks for your help so far, this definitely looks like what I want but I have a couple questions:

does the access list have to broken into 4 parts in order to cover that range? you can't use access-list 1 permit 192.168.1.0 0.0.0.100? if that is completely wrong can you point me to a resource explaining ACLs using IP ranges?

Hall of Fame Super Silver

Re: Policy routing via address ranges

Michael

Yes the access list has to be broken into 4 parts in order to cover the particular set of addresses that you specify. And no the statement access-list 1 permit 192.168.1.0 0.0.0.100 would not work.

Here is a link to a writeup which does a fairly good job of explaining the mask in access lists:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

HTH

Rick

123
Views
13
Helpful
5
Replies
CreatePlease login to create content