CISCO Policy Based Routing
Hi,
I have a quick question on PBR. if I have multiple IPs that I want use PBR, do I need to create a policy for each unique IP or can I do the following. we want to do load balancing between ISPs and the following have NAT policies. Or do I need to create a policy for each IP and assign it to my vlan
access-list 10 deny ip host 192.16.1.1 10.2.0.4 255.255.255.255 (deny this gateway)
access-list 10 deny ip host 192.16.2.2 10.2.0.4 255.255.255.255 (deny this gateway)
access-list 10 deny ip host 192.16.3.3 10.2.0.4 255.255.255.255 (deny this gateway)
access-list 10 permit 192.168.1.1 any (added any so that it can get to other vlans)
access-list 10 permit 192.168.2.2 any (added any so that it can get to other vlans)
access-list 10 permit 192.168.3.3 any (added any so that it can get to other vlans)
Created policy:
route-map OldASA permit 10
match ip address 10
set ip next-hop 10.2.0.3 (orgonal gateway with NAT policies)
Assigned policy to vlan16
ip policy route-map OldASA
Thank you for your help in advance
I have a quick question on PBR. if I have multiple IPs that I want use PBR, do I need to create a policy for each unique IP or can I do the following. we want to do load balancing between ISPs and the following have NAT policies. Or do I need to create a policy for each IP and assign it to my vlan
access-list 10 deny ip host 192.16.1.1 10.2.0.4 255.255.255.255 (deny this gateway)
access-list 10 deny ip host 192.16.2.2 10.2.0.4 255.255.255.255 (deny this gateway)
access-list 10 deny ip host 192.16.3.3 10.2.0.4 255.255.255.255 (deny this gateway)
access-list 10 permit 192.168.1.1 any (added any so that it can get to other vlans)
access-list 10 permit 192.168.2.2 any (added any so that it can get to other vlans)
access-list 10 permit 192.168.3.3 any (added any so that it can get to other vlans)
Created policy:
route-map OldASA permit 10
match ip address 10
set ip next-hop 10.2.0.3 (orgonal gateway with NAT policies)
Assigned policy to vlan16
ip policy route-map OldASA
Thank you for your help in advance
ASKER
How could I configure the route map. Would it be the same as
route-map OldASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
and then apply it to the vlan
int policy route-map OldASA
Switch(config)# sdm prefer routing
Switch(config)# end
Switch# reload
route-map OldASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
and then apply it to the vlan
int policy route-map OldASA
Switch(config)# sdm prefer routing
Switch(config)# end
Switch# reload
ASKER
also would the those ip addresses still have access to all of the other vlans that are configured on the core l3 switch
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I do not see int policy route-map under the global confg. If I go to int vlan 16 then I see ip policy route-map
That is what I'm trying to tell you.
Applying route map to VLAN interface is applying route-map to VLAN.
you wrote
Vlan 16
int policy route-map OldASA
Probably just bad communication, and we talk about same thing. :)
Applying route map to VLAN interface is applying route-map to VLAN.
you wrote
Vlan 16
int policy route-map OldASA
Probably just bad communication, and we talk about same thing. :)
ASKER
sorry I misread your statement.
so I might want to use then access-list permit extended 192.168.1.1 any. just to make sure. I confused on this one I have to admit
so I might want to use then access-list permit extended 192.168.1.1 any. just to make sure. I confused on this one I have to admit
Yes, you can use ACL it that manner.
ASKER
Thank you for all of your help
If you use standard access list (access-list 10) you can't have any at the end of command
:)
access-list 10 permit 192.168.1.1
access-list 10 permit 192.168.2.2
access-list 10 permit 192.168.3.3
you apply ACL to interface
interface vlan 16
ip policy route-map OldASA
And you need also do next (on L3 switch) if you want PBR to work on VLAN
Switch(config)# sdm prefer routing
Switch(config)# end
Switch# reload