Solved

Cisco Policy-Based Routing

Posted on 2014-03-26
15
424 Views
Last Modified: 2014-04-02
Hi -

I have 3 interfaces on my cisco router. I would like to change the default route for one specific interface along with a couple of specific Ip's on the other interfaces

Fist I have tried to change the the default route with the following:

route-map map20 permit 10
 match ip address 150
 set ip next-hop 10.0.20.2
!
!
access-list 150 permit ip any host 10.0.20.7
access-list 150 permit ip any host 10.0.20.1
access-list 150 permit ip any host 10.0.20.2
access-list 150 permit ip any host 10.0.20.3
access-list 150 permit ip any host 10.0.20.4
access-list 150 permit ip any host 10.0.20.5
access-list 150 permit ip any host 10.0.20.6
access-list 150 permit ip any host 10.0.20.8
access-list 150 permit ip any host 10.0.20.9

But this does not seem to do anything
0
Comment
Question by:doctor069
  • 8
  • 5
  • 2
15 Comments
 
LVL 11

Expert Comment

by:Miftaul
Comment Utility
How come your next-hop is on the same subnet you're are applying the PBR.

The acl also is not correct, it should be

Access-list 150 permit ip host 10.0.20.x any
('any' is the destination, not the source)
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Mifttaul is correct. The source and destination is backwards.  Also he is correct in regards to the next hop being in the same subnet. That is not correct, it won' work. You also have included your next hop in your ACL.

You only option if in fact you are trying to get those hosts to hit the next hop on the same subnet is to configure the hosts' LOCAL routes and/or default gateway.
0
 

Author Comment

by:doctor069
Comment Utility
Hi-

Here is what i did as a test, but it did not make any difference. I was hoping that 10.0.10.17 would route through 172.16.10.2



(config)#Access-list 150 permit ip host 10.0.10.17 any
(config)#route-map map20 permit 10
(config-route-map)#match ip address 150
(config-route-map)#set ip next-hop 172.16.10.2
(config-route-map)#exit
(config)#exit
#wr mem
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Where is this 172 address?
0
 

Author Comment

by:doctor069
Comment Utility
here is an interface on the router 172.16.10.1. 172.16.10.2 is the firewall
0
 

Author Comment

by:doctor069
Comment Utility
To give you an idea what I am doing is trying the split up http and https traffic.

Certain computers will go through 172.16.10.2 for internet and others will go through 10.0.20.2
0
 

Author Comment

by:doctor069
Comment Utility
If I change my default route to 172.16.10.2 all traffic goes out, no issues
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Where are you performing the policy routing? Is that device connected to both th 172 subnet and the 10 subnet above?
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Can you post the config?
0
 

Author Comment

by:doctor069
Comment Utility
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.0.22.1 255.255.255.0 secondary
 ip address 10.0.10.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.0.20.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 172.16.10.1 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.0.20.2
ip route 10.0.1.0 255.255.255.0 10.0.10.62
ip route 10.0.2.0 255.255.255.0 10.0.10.62
ip route 10.0.3.0 255.255.255.0 10.0.10.62
ip route 10.0.4.0 255.255.255.0 10.0.10.62
ip route 10.0.5.0 255.255.255.0 10.0.10.62
ip route 10.0.6.0 255.255.255.0 10.0.10.62
ip route 10.0.7.0 255.255.255.0 10.0.10.62
ip route 10.0.8.0 255.255.255.0 10.0.10.62
ip route 10.0.9.0 255.255.255.0 10.0.10.62
ip route 10.0.11.0 255.255.255.0 10.0.10.62
ip route 10.0.12.0 255.255.255.0 10.0.10.62
ip route 10.0.13.0 255.255.255.0 10.0.10.62
ip route 10.0.14.0 255.255.255.0 10.0.10.62
ip route 10.0.15.0 255.255.255.0 10.0.10.62
ip route 10.0.16.0 255.255.255.0 10.0.10.62
ip route 10.0.17.0 255.255.255.0 10.0.10.62
ip route 10.0.18.0 255.255.255.0 10.0.10.62
ip route 10.0.19.0 255.255.255.0 10.0.10.62
ip route 10.0.21.0 255.255.255.0 10.0.20.3
ip route 10.0.25.0 255.255.255.0 10.0.10.62
ip route 10.0.60.0 255.255.255.0 10.0.20.3
ip route 10.0.61.0 255.255.255.240 10.0.20.3
ip route 10.0.62.0 255.255.255.0 10.0.20.3
ip route 10.0.65.0 255.255.255.0 10.0.10.62
ip route 10.0.70.0 255.255.255.0 10.0.20.3
ip route 10.0.71.0 255.255.255.240 10.0.20.3
ip route 10.0.72.0 255.255.255.0 10.0.20.3
ip route 10.0.75.0 255.255.255.0 10.0.10.62
ip route 10.0.80.0 255.255.255.0 10.0.20.3
ip route 10.0.81.0 255.255.255.240 10.0.20.3
ip route 10.0.82.0 255.255.255.0 10.0.20.3
ip route 10.0.90.0 255.255.255.0 10.0.10.62
ip route 10.0.91.0 255.255.255.0 10.0.10.62
ip route 10.0.92.0 255.255.255.0 10.0.10.62
ip route 10.0.93.0 255.255.255.0 10.0.10.62
0
 

Author Comment

by:doctor069
Comment Utility
I clear everything out and am starting again...

What I would like to do is have everything on the 20 subnet route through 20.2 and have certain computers on the 10 subnet route through 20.2 and the rest route through 172.16.10.2
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Okay so what interface are you applying the route map?
0
 

Author Comment

by:doctor069
Comment Utility
interface GigabitEthernet0/0
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
Comment Utility
Does the network looks something like this
NetDiagramDefault Route is pointing to 10.0.20.2, what device is that. Your next-hop is 10.0.20.3, right.
Do you have 10.0.0.0/17 subnets in your LAN.
Which Device is 10.0.10.62 in your LAN. Do you have any specific requirement to route all traffic to 10.0.10.62 and not towards Gi0/0 interface 10.0.10.1

Your PBR config looks good to me.
(config)#Access-list 150 permit ip host 10.0.10.17 any
(config)#route-map map20 permit 10
(config-route-map)#match ip address 150
(config-route-map)#set ip next-hop 172.16.10.2
(config-route-map)#exit
(config)#exit
(config)#interface GigabitEthernet0/0
(config-if)#ip policy route-map map20

Open in new window

0
 

Author Closing Comment

by:doctor069
Comment Utility
Forgot to apply to interface.

Thanks for your help
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Business Broadband for Small Office in Dubai 2 39
ASA 5510 PAT question 1 20
Eigrp Router 5 45
Guest VLAN not syncing email 13 19
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now