Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Route-map - policy-routing

Can I use either or both to solve this issue?

I am managing a hub/spoke eigrp routed network. We have one spoke site we'd like to route out of a secondary Internet link at the hub site. However, the default route in the hub router points to the primary Internet link.

How would I go about routing just this one spoke site out of the secondary Internet link?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: Route-map - policy-routing

Christopher

I would think that Policy Based Routing, which does use route maps, would provide a good solution for your requirements. You could implement it with something that might look something like this:

- configure an access list that will identify the traffic:

access-list 155 permit ip any

- configure a route map to manipulate the routing:

route-map test-map permit 10

match ip address 155

set ip next-hop

- assign the route map and policy based routing on the interface where this traffic will arrive:

interface

ip policy route-map test-map

This should identify traffic coming from the one spoke and send it out a different next hop address.

HTH

Rick

Gold

Re: Route-map - policy-routing

One thing to add to rick's post is that your access list may look a little backward. Since it sounds like hub router has a direct connection to other spoke sites as well as the intenet you may need to match the destination addresses also.

In essence you will need a access list that says any traffic from this spoke site that is not desnited for another internal location needs to be policy routed.

There are a couple of ways to do this either with deny's in the access list or deny's in the route-map.

This will very much depend on you network but lets assume that you use 10.10.0.0/16 and 10.11.0.0/16 and your spoke network is 10.10.10.0/24

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.10.0.0 0.0.255.255

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.11.0.0 0.0.255.255

access-list 155 permit ip 10.10.10.0 0.0.0.255 any

access-list 155 deny ip any any

Any traffic that you deny in a policy route is routed normally. Unlike a filter access list it does not block any traffic it only decides if it is to be selected or not.

>>>> saw your question after I posted this but yes you must deny all the subnets that you use internally

4 REPLIES
Hall of Fame Super Silver

Re: Route-map - policy-routing

Christopher

I would think that Policy Based Routing, which does use route maps, would provide a good solution for your requirements. You could implement it with something that might look something like this:

- configure an access list that will identify the traffic:

access-list 155 permit ip any

- configure a route map to manipulate the routing:

route-map test-map permit 10

match ip address 155

set ip next-hop

- assign the route map and policy based routing on the interface where this traffic will arrive:

interface

ip policy route-map test-map

This should identify traffic coming from the one spoke and send it out a different next hop address.

HTH

Rick

New Member

Re: Route-map - policy-routing

Rick,

thanks for the quick reply. I have a follow up question. What happens if the traffic is destined for one of the other local subnets and not the internet? Will I have to create acl statements for each network?

Gold

Re: Route-map - policy-routing

One thing to add to rick's post is that your access list may look a little backward. Since it sounds like hub router has a direct connection to other spoke sites as well as the intenet you may need to match the destination addresses also.

In essence you will need a access list that says any traffic from this spoke site that is not desnited for another internal location needs to be policy routed.

There are a couple of ways to do this either with deny's in the access list or deny's in the route-map.

This will very much depend on you network but lets assume that you use 10.10.0.0/16 and 10.11.0.0/16 and your spoke network is 10.10.10.0/24

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.10.0.0 0.0.255.255

access-list 155 deny ip 10.10.10.0 0.0.0.255 10.11.0.0 0.0.255.255

access-list 155 permit ip 10.10.10.0 0.0.0.255 any

access-list 155 deny ip any any

Any traffic that you deny in a policy route is routed normally. Unlike a filter access list it does not block any traffic it only decides if it is to be selected or not.

>>>> saw your question after I posted this but yes you must deny all the subnets that you use internally

New Member

Re: Route-map - policy-routing

Thanks

I'll give this a try!

516
Views
0
Helpful
4
Replies
CreatePlease login to create content