MoonLive
asked on
Cisco Router ACL rule for multiple IPs to use different gateway
Is there rule i can define multiple IP (hosts) to use different gateway?
ASKER
Ernie, is that require two interface? I have 0/0 and 0/1 interface. I can't add additional interface on this router.
Not necessary. Where is the second gateway, on the in- or outside?
ASKER
0/0 is WAN and 0/1 is LAN. second gateway is on 0/0 side.
No, problem. You set the next hop using an IP address and apply the policy to the incoming interface (LAN). So you can use this with any number of interfaces (also two).
ASKER
If I give you an specific interface..
Router 1
0/0 10.255.255.1 (to remote sites)
0/1 LAN and provide Internet
Router 2
0/0 10.255.255.3 (to main office)
0/1 10.16.0.1 (to lan)
0/0/0 10.19.1.2 (to Internet)
Router 3
0/0 10.255.255.2 (to main office)
0/1 10.13.0.0 (to lan)
Router 2 and Router 3 can ping each other by 0/0 interface.
How can I router 3 users to access Router 2 0/0/0 interface to access Internet while Router 3 user access Router 1 data?
Thanks
Router 1
0/0 10.255.255.1 (to remote sites)
0/1 LAN and provide Internet
Router 2
0/0 10.255.255.3 (to main office)
0/1 10.16.0.1 (to lan)
0/0/0 10.19.1.2 (to Internet)
Router 3
0/0 10.255.255.2 (to main office)
0/1 10.13.0.0 (to lan)
Router 2 and Router 3 can ping each other by 0/0 interface.
How can I router 3 users to access Router 2 0/0/0 interface to access Internet while Router 3 user access Router 1 data?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Predrag Jovic, Thanks again!!! Can i create rule just few host access Router 2 Internet?
You can do almost whatever you want with PBR. To select few hosts and forward that traffic is not problem, just give static IP addresses to those hosts and configure PBR correctly. You need also to deny local traffic first even with just few hosts.
But, anyway, you should start to learn implement QoS, you'll need it very soon.
To correct myself, you already need it.
:)
But, anyway, you should start to learn implement QoS, you'll need it very soon.
To correct myself, you already need it.
:)
ASKER
I tried Qos and I haven't get any luck with it. It seems always issue with internet traffic and file sharing. Especially, dropbox, streaming video, video chatting, and Office 365. More over, we are start use Skype for all our meeting. 20mb seems getting smaller and smaller. Do you have any idea?
For beginning Skype - bad idea. Did you hear about skype supernode?
At least you should disable that nasty bugger...
In fact - read this one - it can help you a lot.
Lync does not sound as a bad idea anymore, even if you need to pay for it.
For QoS to be implemented properly you need to know exactly what you want to prioritize and mark traffic end do end to end QoS in your case.
There is no fast solution for this one, each network is different.
At least you should disable that nasty bugger...
In fact - read this one - it can help you a lot.
Lync does not sound as a bad idea anymore, even if you need to pay for it.
For QoS to be implemented properly you need to know exactly what you want to prioritize and mark traffic end do end to end QoS in your case.
There is no fast solution for this one, each network is different.
If you have Active Domain in your network you should create policy to add registry that will disable Skype SuperNode on every device. Otherwise, Skype use you for some purposes (and eat your bandwidth), while you are using Skype.Or you can save this in .txt file and change extension to .reg and run it on every PC with Skype.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
"DisableSupernode"=dword:00000001
@Predrag: Interesting comments, good read mate!
ASKER
Predrag Jovic, Thanks for your input. I do aware of it I am going to verify with Microsoft about the Supernode. We are using Skype for Business 2016 and many Mac users. Lync for Mac is useless and we have to use Skype for Business web app which is works well. That makes me more concern about bandwidth. For question about QOS for skype, i may apply the policy incorrectly. Does the policy needs to apply every router facing inside (lan)?
ASKER
I confirmed with Microsoft that Skype for Business is not using supernode. Per Predra Jovic, i would stay out of complexity of the routing Internet traffic to other source. Thanks for all of you out there.
@Ernie:
Thanks :)
@MoonLive:
I did not know that Skype for Business since it was just mentioned Skype in the post. QoS should be implemented on every router and switch (every port) in your network (end to end QoS).
And, also, I did not want to discourage you, I was just pointing pitfalls that you are facing in your task.
Thanks :)
@MoonLive:
I did not know that Skype for Business since it was just mentioned Skype in the post. QoS should be implemented on every router and switch (every port) in your network (end to end QoS).
And, also, I did not want to discourage you, I was just pointing pitfalls that you are facing in your task.
ASKER
PredragJovic, you didn't discourage me. it is good information and i don't want to too complicated. One man job can't do so much. All switches need to have QoS applied on every port?
Yes, you don't want Skype call to have equal priority to data transfer. Voice traffic should have higher priority everywhere from port to the WAN (especially if you have MetroE) over other types of traffic. If is not just question of traffic type priority, queue size can also turn out to be problem. Big data chunk can be enter queue and there will be no place for voice traffic until those packets are sent even if voice have higher priority etc...
http://www.ciscozine.com/pbr-route-a-packet-based-on-source-ip-address/