Solved

Cisco ACL and PBR

Posted on 2008-10-19
1
843 Views
Last Modified: 2012-08-13
I am currently planning the installation of a Hotel Network.  The attached diagram shows a very simplified version of the network.  I am planning on setting up 4 VLANs and will enable IP routing on the Cisco Layer 3 switch.  Each VLAN will use the DHCP server on VLAN 20 for IP addresses.  

Could you give me an idea of what types of ACLs and PBRs I would need to set up to enable the following:
1) VLANs 10, 20, 30 uses ISP 1 and are able to fully communicate/route with each other.
2) VLAN 40 uses ISP 2 and should be fully segregated from the rest of the network.  

Thank you.

Network-2.jpg
0
Comment
Question by:sharwani
1 Comment
 
LVL 15

Accepted Solution

by:
wingatesl earned 500 total points
ID: 22752318
On your later 3 switch:

ip access-list extended ToISP1
   deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
   permit ip 172.16.1.0 0.0.0.255 any
   permit ip 172.16.2.0 0.0.0.255 any
   permit ip 172.16.3.0 0.0.0.255 any
ip access-list extended ToISP2
   deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
   permit ip 172.16.4.0 0.0.0.255 any  

route-map Director permit 10
   match ip address ToISP1
   set ip next-hop 172.16.1.2
route-map Director permit 20
   match ip address ToISP2
   set ip next-hop 172.16.1.3

int vlan 10
  ip policy route-map Director
int vlan 20
  ip policy route-map Director
int vlan 30
  ip policy route-map Director
int vlan 40
  ip policy route-map Director

Of course this is an example, if you post yur core switch config we can tailor it perfectly.
You will need to put an access list on vlan 40 to prevent intervlan communication.


0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question