I am in the process of setting up a backup internet circuit, and am trying to figure out the best way to configure our core switch.
We have a 3550, and it has the default route set to the address of the PIX handling the primary internet circuit. I now have the backup circuit also connected to the switch (via a cable modem > PIX > 2801 router)
We want to limit the use of the backup circuit to only a select subnet by default, and then to a larger subnet (but not the entire network) should the primary internet circuit go down.
My first thought was to set the secondary circuit up also as a default route, but use an access-list to deny all traffic to it (on the port it is connected to) except for the specific subnet that I want to use this circuit all the time. I would then, I assume, have to apply another access list to the primary internet circuit port denying access to that specific subnet, and allowing all others.
Is there a simpler way to accomplish this?