Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Isolating WAN traffic

we have a 6 mg WAN pipe and a DSL connection would like to isolate the traffic to either the 6mg or the DSL by protocol or destination.

is anyone moving WAN traffic like that?

Thanks, Gary

6 REPLIES
Hall of Fame Super Silver

Re: Isolating WAN traffic

Hello Gary,

in the outbound direction towards internet you can use PBR to use different criteria then just destination based routing.

PBR= policy based routing uses route-maps and the command has to be applied on the lan interface(s) that receive the traffic to be sent outbound.

the route-map can reference an extended ip access-list where you can define what protocols you want to reroute.

Example:

access-list 125 permit tcp any any eq 80

route-map pbr-web permit 10

match ip address 125

set ip next-hop next-hop.on.-adsl

what doesn't need to be rerouted can use normal routing and what doesn't match the route-map is not dropped but routed normally

on lan interface

int fas0/0

ip policy route-map pbr-web

For the traffic inbound coming from internet much less control is possible.

Hope to help

Giuseppe

New Member

Re: Isolating WAN traffic

route-map pbr-web permit 10

match ip address 125

set ip next-hop next-hop.on.-adsl

next-hop.on.-adsl = the IP of my DSL interface connected to my LAN, correct?

Hall of Fame Super Silver

Re: Isolating WAN traffic

Hello Gary,

the next-hop ip address must be that on the other end of the DSL link not the one on your router : it is the same ip address you would use as next-hop in a static route.

otherwise you can use set interface name the name of your DSL interface that would be atm0 or atm0/0 or similar.

Hope to help

Giuseppe

New Member

Re: Isolating WAN traffic

We have an ASA 5505 between the cable modem and the path that we want some traffic to go out of. the ASA's interface that's connecting to the house router is called KWCH_LAN.

Hall of Fame Super Silver

Re: Isolating WAN traffic

Hello Gary,

in this case the ip next-hop is that of the ASA 5505 towards the router where you want to configure PBR.

But the ASA needs to send out to the cable modem everything it receives in the internal lan interface (a default-route pointing to the cable-modem)

Hope to help

Giuseppe

New Member

Re: Isolating WAN traffic

okay, it's getting clearer.

i'll take a look at it.

Thanks for your help.

134
Views
0
Helpful
6
Replies