1800 Series Gateway issues \ PBR multiple gateway interfaces
Sigh,.. I'm sorry for being such a newbie..
ok,.. again, I've attached the network diagram.
im trying not to run before i can walk,.. so first thing I'm trying to do is ping out to a DNS server in the internet: 18.104.22.168 from my internal network.
If I put a default gateway on my router, and set to 172.16.32.254 (Firewall Vlan100 interface) and ping,.. it works fine from my router.
If put a default gateway on my switch below the router as 172.16.32.252 (VLAN100 interface of the router) and ping from the switch it doesnt work.
I assume its getting to the switch as I can ping the 172.16.32.252 from the switch so the router is dropping the packets... my question is why!?
once this bit works,.. the intention is to route any external bound traffic that comes from VLAN100 to 172.16.32.254, external bound traffice from VLAN200 to 172.16.64.254 etc etc
[4510G]dis ip rout Routing Tables: Public Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 172.16.32.252 Vlan100 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 172.16.32.0/19 Direct 0 0 172.16.32.253 Vlan100 172.16.32.253/32 Direct 0 0 127.0.0.1 InLoop0 172.16.64.0/19 Direct 0 0 172.16.64.253 Vlan200 172.16.64.253/32 Direct 0 0 127.0.0.1 InLoop0 172.16.96.0/19 Direct 0 0 172.16.96.253 Vlan300 172.16.96.253/32 Direct 0 0 127.0.0.1 InLoop0 172.16.128.0/19 Direct 0 0 172.16.128.253 Vlan400 172.16.128.253/32 Direct 0 0 127.0.0.1 InLoop0 172.16.160.0/19 Direct 0 0 172.16.160.253 Vlan500 172.16.160.253/32 Direct 0 0 127.0.0.1 InLoop0 192.168.1.0/24 Direct 0 0 192.168.1.253 Vlan1 192.168.1.253/32 Direct 0 0 127.0.0.1 InLoop0
Router running config:
Current configuration : 2436 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$XdN.$MwSFWx3ahZIkRxcfmdrqX1 enable password sys1881 ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip routing ! ! no ip cef ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto no cdp enable ! interface FastEthernet0.1 encapsulation dot1Q 1 native ip address 192.168.1.1 255.255.255.0 no ip route-cache no snmp trap link-status no cdp enable ! interface FastEthernet0.100 encapsulation dot1Q 100 no ip route-cache no snmp trap link-status no cdp enable ! interface FastEthernet0.200 encapsulation dot1Q 200 no ip route-cache no snmp trap link-status no cdp enable ! interface FastEthernet0.300 encapsulation dot1Q 300 no ip route-cache no snmp trap link-status no cdp enable ! interface FastEthernet0.400 encapsulation dot1Q 400 no ip route-cache no snmp trap link-status no cdp enable ! interface BRI0 no ip address encapsulation hdlc no ip route-cache shutdown no cdp enable ! interface FastEthernet1 switchport mode trunk no cdp enable ! interface FastEthernet2 switchport mode trunk no cdp enable ! interface FastEthernet3 shutdown no cdp enable ! interface FastEthernet4 shutdown no cdp enable ! interface FastEthernet5 shutdown no cdp enable ! interface FastEthernet6 shutdown no cdp enable ! interface FastEthernet7 shutdown no cdp enable ! interface FastEthernet8 shutdown no cdp enable ! interface ATM0 no ip address no ip route-cache shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 no ip route-cache vlan-id dot1q 1 exit-vlan-config ! ! interface Vlan100 ip address 172.16.32.252 255.255.224.0 ! interface Vlan200 ip address 172.16.64.252 255.255.224.0 ! interface Vlan300 ip address 172.16.96.252 255.255.224.0 ! interface Vlan400 ip address 172.16.128.252 255.255.224.0 ! ip default-gateway 172.16.32.254 ip classless ip route profile ! ! no ip http server no ip http secure-server ! no cdp run ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password sys1881 login ! no scheduler allocate no process cpu extended no process cpu autoprofile hog end
Re: 1800 Series Gateway issues \ PBR multiple gateway interfaces
arggg,... Soooo close
ok,.. I can get it working,.. but the problem I have now is that you can only seem to apply one route-map policy to each interface!?
Since my switch points to the default VLAN as its gateway,.. I get internet requests from all vlans hitting that interface.
So I wanted to put a policy on there that routes it to the firewall as below:
access-list 100 permit ip 172.16.32.0 0.0.31.255 any access-list 101 permit ip 172.16.64.0 0.0.31.255 any no cdp run ! route-map WebTraffic permit 100 match ip address 100 set ip next-hop 172.16.32.254 ! route-map WebTraffic1 permit 200 match ip address 101 set ip next-hop 172.16.64.254
Problem is you can only add one route-map to that interface,... how do I get aruiond that!?!?!??
Re: 1800 Series Gateway issues \ PBR multiple gateway interfaces
I know I cant put "corerct answer" on my own post, but if anyone searches this in google then at least theres an answer on the bottom of the feed. nothing worse than searching a problem, finding the exact same issue you have with no fix lol!
to send multiple VLAN's to different gateway IP addresses for use with Sonicwall (due to the fact Sonicwall do not support trunking or spanning tree and require seperate VLAN interfaces set up on them) the following config should help. (This is only nessersary if you want the switch to do the routing,... I have to use a cisco 1800 router as my apparntly L3 switch doesnt support PBR)
If anyone on here see's something wrong,.. please let me know, as I said before I'm no CISCO genius like everyone else on here,.. but the below seems to work for me.
interface Vlan1 # I used the default VLAN to recieve internet traffic requests from the switch ip address 192.168.1.1 255.255.224.0 ip policy route-map WebTraffic # Apply the route map policy (as below) ! interface Vlan100 ip address 172.16.32.252 255.255.224.0 ! interface Vlan200 ip address 172.16.64.252 255.255.224.0 ! interface Vlan300 ip address 172.16.96.252 255.255.224.0 ! interface Vlan400 ip address 172.16.128.252 255.255.224.0 !
access-list 100 permit ip 172.16.32.0 0.0.31.255 any #creates an access list to permit traffic from VLAN100 subnet to any address (in my setup the router only receives external traffic requests anyway) access-list 101 permit ip 172.16.64.0 0.0.31.255 any #as above but with VLAN200 access-list 102 permit ip 172.16.96.0 0.0.31.255 any #etc access-list 103 permit ip 172.16.128.0 0.0.31.255 any #etc no cdp run ! route-map WebTraffic permit 0 #route map rule 0 - required rule number to apply multiple rules to one interface match ip address 100 # if matches access-list ip subnet set ip next-hop 172.16.32.254 # send to sonicwall vlan interface ip ! route-map WebTraffic permit 5 match ip address 101 set ip next-hop 172.16.64.254 ! route-map WebTraffic permit 10 match ip address 102 set ip next-hop 172.16.96.254 ! route-map WebTraffic permit 15 match ip address 103 set ip next-hop 172.16.128.254 !
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.