Solved

Cisco ACL and PBR

Posted on 2008-10-19
1
840 Views
Last Modified: 2012-08-13
I am currently planning the installation of a Hotel Network.  The attached diagram shows a very simplified version of the network.  I am planning on setting up 4 VLANs and will enable IP routing on the Cisco Layer 3 switch.  Each VLAN will use the DHCP server on VLAN 20 for IP addresses.  

Could you give me an idea of what types of ACLs and PBRs I would need to set up to enable the following:
1) VLANs 10, 20, 30 uses ISP 1 and are able to fully communicate/route with each other.
2) VLAN 40 uses ISP 2 and should be fully segregated from the rest of the network.  

Thank you.

Network-2.jpg
0
Comment
Question by:sharwani
1 Comment
 
LVL 15

Accepted Solution

by:
wingatesl earned 500 total points
ID: 22752318
On your later 3 switch:

ip access-list extended ToISP1
   deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
   permit ip 172.16.1.0 0.0.0.255 any
   permit ip 172.16.2.0 0.0.0.255 any
   permit ip 172.16.3.0 0.0.0.255 any
ip access-list extended ToISP2
   deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
   permit ip 172.16.4.0 0.0.0.255 any  

route-map Director permit 10
   match ip address ToISP1
   set ip next-hop 172.16.1.2
route-map Director permit 20
   match ip address ToISP2
   set ip next-hop 172.16.1.3

int vlan 10
  ip policy route-map Director
int vlan 20
  ip policy route-map Director
int vlan 30
  ip policy route-map Director
int vlan 40
  ip policy route-map Director

Of course this is an example, if you post yur core switch config we can tailor it perfectly.
You will need to put an access list on vlan 40 to prevent intervlan communication.


0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
EXSi 6.x hosts on vCenter 5.5 7 78
OSPF Routing Problems 9 64
Can't access DMZ from internal network 7 44
Extending  a subnet 9 36
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now