11-30-2006 01:11 PM - edited 03-03-2019 02:52 PM
I have a Cisco 2811 that has 2 Fast Ethernet interfaces. One interface
I want to use to control "Routes" on my local private network
(Basically just routing back throught same same interface).
The other Interface is the LAN side my T1 connection coming in on a WIC
card (WAN).
My issue is that I can only specifly one default-gateway and one
0.0.0.0 0
0.0.0 route for the router.
Ideally, I need to be able to route and specify gateway settings by
interface.
Is this possible?
11-30-2006 01:20 PM
Matt,
If you speciy multiple default gateways, then you will end up load-sharing over them which is really not what you want.
I suggest you consider the use of a routing protocol if you have more complex requirements.
Paresh
11-30-2006 02:26 PM
This is currently how it looks:
interface Multilink1
ip address 67.xxx.xxx.126 255.255.255.252
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
!
!
interface Serial0/0/0
description Quest Internet T1
no ip address
encapsulation ppp
no keepalive
no fair-queue
ppp multilink
ppp multilink group 1
no shutdown
!
interface Serial0/1/0
no ip address
encapsulation ppp
no keepalive
no fair-queue
ppp multilink
ppp multilink group 1
no shutdown
interface FastEthernet0/0
ip address 69.xxx.xxx.65 255.255.255.224
speed auto
full-duplex
no shutdown
speed auto
interface FastEthernet0/1
ip address 192.168.21.1 255.255.255.0
no shutdown
duplex auto
speed auto
For anything traveling though the FE0/1 interface, I want to use the below routes:
ip route 0.0.0.0 0.0.0.0 192.168.21.2 (Back to PIX, then gets filtered by Websense)
ip route 172.16.0.0 255.252.0.0 192.168.21.4
ip route 172.20.0.0 255.252.0.0 192.168.21.4
ip route 192.168.33.0 255.255.255.0 192.168.21.4
For anything traveling though the FE0/0 interface, I want to use the below routes:
ip route 0.0.0.0 0.0.0.0 67.XXX.XXX.125 (WAN Gateway back to ISP)
I would like to segragate the two interfaces, as if they were different routers.
Is this possible?
11-30-2006 03:47 PM
Hi.
Yes, that is possible using Policy-Based routing, which will allow you to route based on the source of the packets. Here's a document which describes it in more detail:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm
Paresh
PS> Pls do remember to rate posts
11-30-2006 08:01 PM
This really helps and after working with it a while I really like the concept. I was able to get one of my interfaces routing OK, but the Local Private LAN is not. Here is the Routing config I currently have.
interface FastEthernet0/0
ip address 67.xxx.xxx.65 255.255.255.224
ip policy route-map INETLAN
duplex full
speed auto
!
interface FastEthernet0/1
ip address 192.168.21.1 255.255.255.0
ip policy route-map ELGINLAN
duplex auto
speed auto
no routing dynamic
access-list 1 permit 192.168.21.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.3.255.255
access-list 3 permit 172.20.0.0 0.3.255.255
access-list 5 permit any
access-list 6 permit 192.168.33.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
route-map ELGINLAN permit 10
match ip address 1 2 3 6
set ip next-hop 192.168.21.4
set ip default next-hop 192.168.21.2
!
route-map INETLAN permit 10
match ip address 5
set ip next-hop 67.xxx.xxx.125
When doing a trace route to a public address, for instance 4.2.2.2 from behind the FE0/1 interface, the default route is not wanted to kick in. 192.168.21.1 is the default gateway for the workstation I am doing this from. Here is what the results look like:
- 192.168.21.1
- 192.168.21.4
- ************
- ************
or sometimes they come back starting with 192.168.21.4 as the first hop, assuming my machine is using the arp info.
Also it has come back like this:
- 192.168.21.1
- 67.xxx.xxx.65
- *********
Ideally, I would like it to come back as:
- 192.168.21.1
- 192.168.21.2 (PIX out to the internet)
Your thoughts?
11-30-2006 09:18 PM
Hi Matt,
The problem is with your route-map definition.
You have defined the next-hop as 192.168.21.4 and hence all the packets are being forwarded to it.
the command set ip default next-hop will kick in only when the above fails
HTH, rate if it does
Narayan
12-01-2006 07:29 AM
Here is the definition of "set ip default next-hop"; "Set next hop to which to route the packet, if there is no explicit route for this destination."
I would assume this mean since I did not explicitly specify a route for say, 4.2.2.2, then it would route to 192.168.21.4, which is the default.
Also, I have tried breaking the 0.0.0.0 route into a different sequence for the ELGLAN interface, but still the same result (see below).
access-list 1 permit 192.168.21.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.3.255.255
access-list 3 permit 172.20.0.0 0.3.255.255
access-list 5 permit any
access-list 6 permit 192.168.33.0 0.0.0.255
route-map ELGINLAN permit 10
match ip address 1 2 3 6
set ip next-hop 192.168.21.4
!
route-map ELGINLAN permit 20
match ip address 5
set ip next-hop 192.168.21.2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide