07-20-2006 12:32 PM - edited 03-03-2019 01:24 PM
Can I use either or both to solve this issue?
I am managing a hub/spoke eigrp routed network. We have one spoke site we'd like to route out of a secondary Internet link at the hub site. However, the default route in the hub router points to the primary Internet link.
How would I go about routing just this one spoke site out of the secondary Internet link?
Solved! Go to Solution.
07-20-2006 12:49 PM
Christopher
I would think that Policy Based Routing, which does use route maps, would provide a good solution for your requirements. You could implement it with something that might look something like this:
- configure an access list that will identify the traffic:
access-list 155 permit ip
- configure a route map to manipulate the routing:
route-map test-map permit 10
match ip address 155
set ip next-hop
- assign the route map and policy based routing on the interface where this traffic will arrive:
interface
ip policy route-map test-map
This should identify traffic coming from the one spoke and send it out a different next hop address.
HTH
Rick
07-20-2006 01:13 PM
One thing to add to rick's post is that your access list may look a little backward. Since it sounds like hub router has a direct connection to other spoke sites as well as the intenet you may need to match the destination addresses also.
In essence you will need a access list that says any traffic from this spoke site that is not desnited for another internal location needs to be policy routed.
There are a couple of ways to do this either with deny's in the access list or deny's in the route-map.
This will very much depend on you network but lets assume that you use 10.10.0.0/16 and 10.11.0.0/16 and your spoke network is 10.10.10.0/24
access-list 155 deny ip 10.10.10.0 0.0.0.255 10.10.0.0 0.0.255.255
access-list 155 deny ip 10.10.10.0 0.0.0.255 10.11.0.0 0.0.255.255
access-list 155 permit ip 10.10.10.0 0.0.0.255 any
access-list 155 deny ip any any
Any traffic that you deny in a policy route is routed normally. Unlike a filter access list it does not block any traffic it only decides if it is to be selected or not.
>>>> saw your question after I posted this but yes you must deny all the subnets that you use internally
07-20-2006 12:49 PM
Christopher
I would think that Policy Based Routing, which does use route maps, would provide a good solution for your requirements. You could implement it with something that might look something like this:
- configure an access list that will identify the traffic:
access-list 155 permit ip
- configure a route map to manipulate the routing:
route-map test-map permit 10
match ip address 155
set ip next-hop
- assign the route map and policy based routing on the interface where this traffic will arrive:
interface
ip policy route-map test-map
This should identify traffic coming from the one spoke and send it out a different next hop address.
HTH
Rick
07-20-2006 01:08 PM
Rick,
thanks for the quick reply. I have a follow up question. What happens if the traffic is destined for one of the other local subnets and not the internet? Will I have to create acl statements for each network?
07-20-2006 01:13 PM
One thing to add to rick's post is that your access list may look a little backward. Since it sounds like hub router has a direct connection to other spoke sites as well as the intenet you may need to match the destination addresses also.
In essence you will need a access list that says any traffic from this spoke site that is not desnited for another internal location needs to be policy routed.
There are a couple of ways to do this either with deny's in the access list or deny's in the route-map.
This will very much depend on you network but lets assume that you use 10.10.0.0/16 and 10.11.0.0/16 and your spoke network is 10.10.10.0/24
access-list 155 deny ip 10.10.10.0 0.0.0.255 10.10.0.0 0.0.255.255
access-list 155 deny ip 10.10.10.0 0.0.0.255 10.11.0.0 0.0.255.255
access-list 155 permit ip 10.10.10.0 0.0.0.255 any
access-list 155 deny ip any any
Any traffic that you deny in a policy route is routed normally. Unlike a filter access list it does not block any traffic it only decides if it is to be selected or not.
>>>> saw your question after I posted this but yes you must deny all the subnets that you use internally
07-20-2006 01:32 PM
Thanks
I'll give this a try!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: