I am trying to implement PBR on my network. Basically we have 2 LANs and 2ISPs. Business requirments that traffic from LAN1 would go to ISP1 and trafic from LAN2 go to ISP2. I implemented two route maps that match traffic from either LAN and set IP addresses of approprate ISP as next hop router. I also have two default routes to each ISP. The problem is that LAN1 has Internet access and LAN2 does not. Traceroute shows that traffic stops at the router, when I do show route-map the counter that shows matching packets and bytes increment for both route-maps.
access-list 101 ip deny LAN1 LAN2
access-list 101 ip permit LAN1 any
access-list 102 ip deny LAN2 LAN1
access-list 102 ip permit LAN2 any
route-map LAN1_internet permit 10
match ip address 101
set ip next-hop ISP1
route-map LAN2_internet permit 10
match ip address 102
set ip next-hop ISP2
ip route 0.0.0.0 0.0.0.0 ISP1
ip route 0.0.0.0 0.0.0.0 ISP2
What am I missing to get work? Do I need the static routes, or I better get rid of them?
There is one router. LAN2 cannot get on the Internet using either ISP; also ISP2 is what I need. I did same thing as you descibed. I guess I have to remove default routes. Any other thoughts? Also if this may help. I can ping from LAN2 to ISP2.
I wonder if the problem is not something different from a problem with PBR. Is it possible that the traffic going from lAN2 to ISP2 is not being translated when it should be (or is not being translated correctly)?
Perhaps a more comprehensive posting of the config (especially both input interfaces and both output interfaces, and any translations) would help us to identify the problem.
I am glad that my suggestion that is was perhaps not a problem with PBR pointed you in the right direction for solving your problem. Thank you for posting back to the thread and indicating that you had solved the problem and how you solved it. It makes the forum more useful when people can read a problem and can know what solution resolved the problem.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...