Popeyediceclay
asked on
PBR Issue - Cisco 1811W
I tried to setup PBR so that I could route all traffic from VLAN1 to Fast0/Public1 and all traffic from VLAN2 to Fast1/Public2, but also to have all traffic from VLAN1 destined for VLAN2 to be routed directly and vice-versa. I've only connected the VLAN1 and Public1 networks for now to test and it appears to be working but is EXTREMELY slow when browsing the web. Does anyone see anything wrong or inefficient about this configuration?
Thanks
Thanks
Current configuration : 7467 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1811W
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 ????????????????????????????
enable password ?????????????
!
no aaa new-model
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
!
interface FastEthernet0
description Connection to Public1$ETH-WAN$
ip address Y.Y.Y.202 255.255.255.252
ip access-group 199 in
ip nat outside
ip virtual-reassembly
speed auto
half-duplex
!
interface FastEthernet1
description Connection to Public2$ETH-WAN$
ip address Z.Z.Z.2 255.255.255.252
ip access-group 189 in
ip nat outside
ip virtual-reassembly
speed auto
half-duplex
!
interface FastEthernet2
description Connected to VLAN1
!
interface FastEthernet3
description Connected to VLAN2
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address A.A.A.254 255.255.255.224
ip nat inside
ip virtual-reassembly
ip route-cache policy
ip policy route-map routePublic1
!
interface Vlan2
ip address B.B.B.62 255.255.255.224
ip nat inside
ip virtual-reassembly
ip route-cache policy
ip policy route-map routePublic2
!
interface Async1
no ip address
encapsulation slip
shutdown
!
router rip
redistribute connected
network B.0.0.0
network A.0.0.0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
logging trap debugging
logging A.A.A.230
access-list 100 permit icmp any any log
access-list 100 permit ip any any log
!
access-list 180 remark ----ALLOW ALL TO Public1 NETWORK
access-list 180 permit ip any A.A.A.224 0.0.0.31 log
!
access-list 181 remark --------BEGIN OUTGOING RULES - VLAN2
access-list 181 remark ----LOG ALL ICMP
access-list 181 permit icmp any any log
access-list 181 remark ----PERMIT ALL IP
access-list 181 permit ip any any log
access-list 181 remark ----IMPLICIT DENY ALL
access-list 181 deny ip any any log
access-list 181 remark --------END OUTGOING RULES - VLAN2
!
access-list 189 remark --------BEGIN INCOMING RULES - Public2
access-list 189 remark ----ALLOW ALL ESTABLISHED
access-list 189 permit tcp any any established
access-list 189 remark ----ALLOW ALL ICMP
access-list 189 permit icmp any any log
access-list 189 remark ----IMPLICIT DENY ALL
access-list 189 deny ip any any log
access-list 189 remark --------END INCOMING RULES - Public2
!
access-list 190 remark ----ALLOW ALL TO Public2 NETWORK
access-list 190 permit ip any B.B.B.32 0.0.0.31 log
!
access-list 191 remark --------BEGIN OUTGOING RULES - VLAN1
access-list 191 remark ----LOG ALL ICMP
access-list 191 permit icmp any any log
access-list 191 remark ----PERMIT ALL IP
access-list 191 permit ip any any log
access-list 191 remark ----IMPLICIT DENY ALL
access-list 191 deny ip any any log
access-list 191 remark --------END OUTGOING RULES - VLAN1
!
access-list 199 remark --------BEGIN INCOMING RULES - Public1
access-list 199 remark ----ALLOW ALL ESTABLISHED
access-list 199 permit tcp any any established
access-list 199 remark ----ALLOW ALL ICMP
access-list 199 permit icmp any any log
access-list 199 remark ----IMPLICIT DENY ALL
access-list 199 deny ip any any log
access-list 199 remark --------END INCOMING RULES - Public1
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
!
route-map routePublic1 permit 10
match ip address 190
set interface Vlan2
!
route-map routePublic1 permit 20
match ip address 191
set ip next-hop Y.Y.Y.201
set interface FastEthernet0
!
route-map routePublic2 permit 10
match ip address 180
set interface Vlan1
!
route-map routePublic2 permit 20
match ip address 181
set ip next-hop Z.Z.Z.1
set interface FastEthernet1
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password ??????????
login
!
!
!
webvpn cef
end
!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can always use debug IP packet command.
ASKER
Yeah, I tried that but it generated so many messages it basically locked up the router. Also, before I enabled PBR it was fine with CEF and the LOG parameter, do you think it has something to do with adding PBR or my PBR config?
ASKER