01-24-2006 12:31 PM - edited 03-03-2019 01:34 AM
Is it possible to use policy routing based on ranges of a subnet? I want to have 192.168.1.1-100 go out e0 and 192.168.1.101-250 go out e1. From what I've read it only looks like policy routing works with route-maps using access lists
01-24-2006 12:38 PM
You certainly can.. just use multiple lines in your ACLs to cover each range.
For example,
192.168.1.1-100 can be covered by:
access-list 1 permit 192.168.1.0 0.0.0.63
access-list 1 permit 192.168.1.64 0.0.0.31
access-list 1 permit 192.168.1.96 0.0.0.3
access-list 1 permit 192.168.1.100 0.0.0.0
And use the following for everything else:
access-list 1 permit 192.168.1.0 0.0.0.255
So you can use the following:
route-map PBR permit 10
match ip address 1
set interface e0
!
route-map PBR permit 20
match ip address 2
set interface e1
Hope that helps - pls rate the post if it does.
Paresh
01-24-2006 03:17 PM
Hello,
Just a slight correction of a few things in the previous post:
It has to be
access-list 2 permit 192.168.1.0 0.0.0.255
And you have to apply the route-map on the input interface of your traffic - f.e. Serial0:
interface Serial0
ip address 10.1.1.1 255.255.255.252
ip policy route-map PBR
The route-map would have to look like:
route-map PBR permit 10
match ip address 1
set ip next-hop
!
route-map PBR permit 20
match ip address 2
set ip next-hop
Hope this helps! Please rate all posts.
Regards, Martin
01-24-2006 03:25 PM
Whoops :-)
Thanks Martin.
Regards
Paresh
01-25-2006 06:57 AM
thanks for your help so far, this definitely looks like what I want but I have a couple questions:
does the access list have to broken into 4 parts in order to cover that range? you can't use access-list 1 permit 192.168.1.0 0.0.0.100? if that is completely wrong can you point me to a resource explaining ACLs using IP ranges?
01-25-2006 07:33 AM
Michael
Yes the access list has to be broken into 4 parts in order to cover the particular set of addresses that you specify. And no the statement access-list 1 permit 192.168.1.0 0.0.0.100 would not work.
Here is a link to a writeup which does a fairly good job of explaining the mask in access lists:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide