Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
0
Helpful
4
Replies

Route-map - policy-routing

Go to solution
chrislisser
Level 1
Level 1

‎07-20-2006 12:32 PM - edited ‎03-03-2019 01:24 PM

Can I use either or both to solve this issue?

I am managing a hub/spoke eigrp routed network. We have one spoke site we'd like to route out of a secondary Internet link at the hub site. However, the default route in the hub router points to the primary Internet link.

How would I go about routing just this one spoke site out of the secondary Internet link?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-20-2006 12:49 PM

Christopher

I would think that Policy Based Routing, which does use route maps, would provide a good solution for your requirements. You could implement it with something that might look something like this:

- configure an access list that will identify the traffic:

access-list 155 permit ip any

- configure a route map to manipulate the routing:

route-map test-map permit 10

match ip address 155

set ip next-hop

- assign the route map and policy based routing on the interface where this traffic will arrive:

interface

ip policy route-map test-map

This should identify traffic coming from the one spoke and send it out a different next hop address.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
tdrais
Level 7
Level 7
In response to Richard Burts

‎07-20-2006 01:13 PM

One thing to add to rick's post is that your access list may look a little backward. Since it sounds like hub router has a direct connection to other spoke sites as well as the intenet you may need to match the destination addresses also.

In essence you will need a access list that says any traffic from this spoke site that is not desnited for another internal location needs to be policy routed.

There are a couple of ways to do this either with deny's in the access list or deny's in the route-map.

This will very much depend on you network but lets assume that you use 10.10.0.0/16 and 10.11.0.0/16 and your spoke network is 10.10.10.0/24

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.10.0.0 0.0.255.255

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.11.0.0 0.0.255.255

access-list 155 permit ip 10.10.10.0 0.0.0.255 any

access-list 155 deny ip any any

Any traffic that you deny in a policy route is routed normally. Unlike a filter access list it does not block any traffic it only decides if it is to be selected or not.

>>>> saw your question after I posted this but yes you must deny all the subnets that you use internally

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-20-2006 12:49 PM

Christopher

I would think that Policy Based Routing, which does use route maps, would provide a good solution for your requirements. You could implement it with something that might look something like this:

- configure an access list that will identify the traffic:

access-list 155 permit ip any

- configure a route map to manipulate the routing:

route-map test-map permit 10

match ip address 155

set ip next-hop

- assign the route map and policy based routing on the interface where this traffic will arrive:

interface

ip policy route-map test-map

This should identify traffic coming from the one spoke and send it out a different next hop address.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
chrislisser
Level 1
Level 1
In response to Richard Burts

‎07-20-2006 01:08 PM

Rick,

thanks for the quick reply. I have a follow up question. What happens if the traffic is destined for one of the other local subnets and not the internet? Will I have to create acl statements for each network?

0 Helpful

Go to solution
tdrais
Level 7
Level 7
In response to Richard Burts

‎07-20-2006 01:13 PM

One thing to add to rick's post is that your access list may look a little backward. Since it sounds like hub router has a direct connection to other spoke sites as well as the intenet you may need to match the destination addresses also.

In essence you will need a access list that says any traffic from this spoke site that is not desnited for another internal location needs to be policy routed.

There are a couple of ways to do this either with deny's in the access list or deny's in the route-map.

This will very much depend on you network but lets assume that you use 10.10.0.0/16 and 10.11.0.0/16 and your spoke network is 10.10.10.0/24

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.10.0.0 0.0.255.255

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.11.0.0 0.0.255.255

access-list 155 permit ip 10.10.10.0 0.0.0.255 any

access-list 155 deny ip any any

Any traffic that you deny in a policy route is routed normally. Unlike a filter access list it does not block any traffic it only decides if it is to be selected or not.

>>>> saw your question after I posted this but yes you must deny all the subnets that you use internally

0 Helpful

Go to solution
chrislisser
Level 1
Level 1
In response to tdrais

‎07-20-2006 01:32 PM

Thanks

I'll give this a try!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card