Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
13
Helpful
5
Replies

Policy routing via address ranges

mvoss
Level 1
Level 1

‎01-24-2006 12:31 PM - edited ‎03-03-2019 01:34 AM

Is it possible to use policy routing based on ranges of a subnet? I want to have 192.168.1.1-100 go out e0 and 192.168.1.101-250 go out e1. From what I've read it only looks like policy routing works with route-maps using access lists

Labels:
0 Helpful
5 Replies 5

pkhatri
Level 11
Level 11

‎01-24-2006 12:38 PM

You certainly can.. just use multiple lines in your ACLs to cover each range.

For example,

192.168.1.1-100 can be covered by:

access-list 1 permit 192.168.1.0 0.0.0.63

access-list 1 permit 192.168.1.64 0.0.0.31

access-list 1 permit 192.168.1.96 0.0.0.3

access-list 1 permit 192.168.1.100 0.0.0.0

And use the following for everything else:

access-list 1 permit 192.168.1.0 0.0.0.255

So you can use the following:

route-map PBR permit 10

match ip address 1

set interface e0

!

route-map PBR permit 20

match ip address 2

set interface e1

Hope that helps - pls rate the post if it does.

Paresh

mheusinger
Level 10
Level 10
In response to pkhatri

‎01-24-2006 03:17 PM

Hello,

Just a slight correction of a few things in the previous post:

It has to be

access-list 2 permit 192.168.1.0 0.0.0.255

And you have to apply the route-map on the input interface of your traffic - f.e. Serial0:

interface Serial0

ip address 10.1.1.1 255.255.255.252

ip policy route-map PBR

The route-map would have to look like:

route-map PBR permit 10

match ip address 1

set ip next-hop

!

route-map PBR permit 20

match ip address 2

set ip next-hop

Hope this helps! Please rate all posts.

Regards, Martin

pkhatri
Level 11
Level 11
In response to mheusinger

‎01-24-2006 03:25 PM

Whoops :-)

Thanks Martin.

Regards

Paresh

0 Helpful

mvoss
Level 1
Level 1
In response to pkhatri

‎01-25-2006 06:57 AM

thanks for your help so far, this definitely looks like what I want but I have a couple questions:

does the access list have to broken into 4 parts in order to cover that range? you can't use access-list 1 permit 192.168.1.0 0.0.0.100? if that is completely wrong can you point me to a resource explaining ACLs using IP ranges?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mvoss

‎01-25-2006 07:33 AM

Michael

Yes the access list has to be broken into 4 parts in order to cover the particular set of addresses that you specify. And no the statement access-list 1 permit 192.168.1.0 0.0.0.100 would not work.

Here is a link to a writeup which does a fairly good job of explaining the mask in access lists:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents