Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 971
  • Last Modified:

Cisco Policy Based Routing on Switch 2960G

hi
I have managed to configure my Cisco 2960G with IP routing
I am trying to implement policy based routing. I have 3 VLANs and I want them to be able to all talk, but use three different internet connections.

I have been trying to use Access Lists and route-maps

I think i need to apply my policy map to the vlan interface but it work work. (incomplete command)
if I put a default route, all vlans get internet access so it looks like the PBR isn't working

interface Vlan1
 description Native Vlan
 ip address 192.168.0.5 255.255.255.0
!
interface Vlan10
 description "VLAN 10"
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 192.168.0.10
!
interface Vlan20
 description "VLAN 20"
 ip address 192.168.2.1 255.255.255.0
 ip helper-address 192.168.0.10
!
interface Vlan30
 ip address 192.168.3.1 255.255.255.0
 ip helper-address 192.168.0.10
!
ip local policy route-map split-access
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.1   - If I remove this line, no traffic is routed
access-list 10 permit 192.168.1.10  - set to this for testing?
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 192.168.2.0 0.0.0.255
access-list 30 permit 192.168.3.0 0.0.0.255
route-map split-access permit 10
 match ip address 10
 set ip next-hop 192.168.0.1
 set ip default next-hop 192.168.0.1
!
route-map split-access permit 20
 match ip address 20
 set ip next-hop 192.168.0.2
 set ip default next-hop 192.168.0.2
!
route-map split-access permit 30
 match ip address 30
 set ip next-hop 192.168.0.3
 set ip default next-hop 192.168.0.3
!

Open in new window


Would love to hear your thoughts.

Version of switch is Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE9, RELEASE SOFTWARE (fc1)
0
Steven Wells
Asked:
Steven Wells
  • 2
1 Solution
 
PredragNetwork EngineerCommented:
Next hop address in your case should be IP address of next router interface (neighbor router IP address of interface connected to your router).  Your next hop addresses are in the same subnet, so point to multipoint network is the only logical explanation.

access-list 10 permit 192.168.1.10  - set to this for testing?
access-list 10 permit 192.168.1.0 0.0.0.255

the first permit is included in second - remove first

ip policy command you need to put on inbound interface

Router(config-if)# ip policy route-map map-tag

Router(config)# ip local policy route-map map-tag <- only work for router generated traffic

and I don't see any use of setting default next hop address same as next hop address :)

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/18ew/configuration/guide/config/pbroute.html
0
 
Steven WellsSystems AdministratorAuthor Commented:
Hi,
I have found the switch version I am using doesn't support the policy based routing module.
thanks anyway
0
 
Steven WellsSystems AdministratorAuthor Commented:
Accepted, but not hardware doesn't support what I need
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now