Solved

Cisco Policy Based Routing on Switch 2960G

Posted on 2014-09-08
3
789 Views
Last Modified: 2014-09-08
hi
I have managed to configure my Cisco 2960G with IP routing
I am trying to implement policy based routing. I have 3 VLANs and I want them to be able to all talk, but use three different internet connections.

I have been trying to use Access Lists and route-maps

I think i need to apply my policy map to the vlan interface but it work work. (incomplete command)
if I put a default route, all vlans get internet access so it looks like the PBR isn't working

interface Vlan1
 description Native Vlan
 ip address 192.168.0.5 255.255.255.0
!
interface Vlan10
 description "VLAN 10"
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 192.168.0.10
!
interface Vlan20
 description "VLAN 20"
 ip address 192.168.2.1 255.255.255.0
 ip helper-address 192.168.0.10
!
interface Vlan30
 ip address 192.168.3.1 255.255.255.0
 ip helper-address 192.168.0.10
!
ip local policy route-map split-access
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.1   - If I remove this line, no traffic is routed
access-list 10 permit 192.168.1.10  - set to this for testing?
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 192.168.2.0 0.0.0.255
access-list 30 permit 192.168.3.0 0.0.0.255
route-map split-access permit 10
 match ip address 10
 set ip next-hop 192.168.0.1
 set ip default next-hop 192.168.0.1
!
route-map split-access permit 20
 match ip address 20
 set ip next-hop 192.168.0.2
 set ip default next-hop 192.168.0.2
!
route-map split-access permit 30
 match ip address 30
 set ip next-hop 192.168.0.3
 set ip default next-hop 192.168.0.3
!

Open in new window


Would love to hear your thoughts.

Version of switch is Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE9, RELEASE SOFTWARE (fc1)
0
Comment
Question by:Steven Wells
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 40311377
Next hop address in your case should be IP address of next router interface (neighbor router IP address of interface connected to your router).  Your next hop addresses are in the same subnet, so point to multipoint network is the only logical explanation.

access-list 10 permit 192.168.1.10  - set to this for testing?
access-list 10 permit 192.168.1.0 0.0.0.255

the first permit is included in second - remove first

ip policy command you need to put on inbound interface

Router(config-if)# ip policy route-map map-tag

Router(config)# ip local policy route-map map-tag <- only work for router generated traffic

and I don't see any use of setting default next hop address same as next hop address :)

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/18ew/configuration/guide/config/pbroute.html
0
 
LVL 12

Author Comment

by:Steven Wells
ID: 40311415
Hi,
I have found the switch version I am using doesn't support the policy based routing module.
thanks anyway
0
 
LVL 12

Author Closing Comment

by:Steven Wells
ID: 40311416
Accepted, but not hardware doesn't support what I need
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now