asked on
no PBR recursive or PBR
From the pic below, I'd like to have PC1 DG as FW2 and PC2 DG as FW1. Now from my understanding, this can be done with PBR recursive configured on vlan40 at sw4 and on the transit vlans between the switches on the ring. But the problem is all of my switches are 3750s and according to Cisco TAC, the 3750s do not support next hop recursive or default next hop. Can this be accomplished without PBR or if I move PC1 subnet to another VLAN, how will I configure to have FW2 as the DG for the new VLAN? Thanks
![pic]()
CiscoNetwork Architecture* Policy Based RoutingSwitches / Hubs
Last Comment
leblanc
ASKER
Extend VLAN? Does it mean tunnel like L2TPv3 and such?
L2TPv3 - no
If i remember correctly VLAN 200 is already on SW5, just extend it to SW4 (and beyond if needed).
And you can configure PBR with firewall IP 10.100.200.1 as the next hop.
Add vlan 200 (10.100.200.0/24) to SW4 and VLAN trunk between SW4 and SW5, on SW4 create SVI for VLAN 200, assign IP address etc
Then you don't need recursive resolution of next hop, VLAN with that IP addrss range is directly connected.
If i remember correctly VLAN 200 is already on SW5, just extend it to SW4 (and beyond if needed).
And you can configure PBR with firewall IP 10.100.200.1 as the next hop.
Add vlan 200 (10.100.200.0/24) to SW4 and VLAN trunk between SW4 and SW5, on SW4 create SVI for VLAN 200, assign IP address etc
Then you don't need recursive resolution of next hop, VLAN with that IP addrss range is directly connected.
ASKER
Yes. But my links between the switches are routed links. So I don't think I can extend the VLANs.
If you created routed links than, no... you can't do it that way..
But, according to drawing in post link between SW4 and SW5 is done by VLAN 203 (10.10.200.8/30) that's why I thought it is possible to do it that way..
But, according to drawing in post link between SW4 and SW5 is done by VLAN 203 (10.10.200.8/30) that's why I thought it is possible to do it that way..
ASKER
That vlan203 /30 is the transit vlan that carries EIGRP.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for the suggestions. So it looks like I have 2 solutions here. Correct?
- Allow vlan200 (10.100.200.0/24 - FW2) on the trunks between the switches.
OR
- Use proxy-ARP which requires to manually set the DG on the PCs. Right now my PCs get DHCP IP addresses.
Predrag,
Can you explain your static route, ip route 10.10.40.0 0.0.0.127 <SVI_vlan200_on_SW4>? Are u configuring this on sw4?
- Allow vlan200 (10.100.200.0/24 - FW2) on the trunks between the switches.
OR
- Use proxy-ARP which requires to manually set the DG on the PCs. Right now my PCs get DHCP IP addresses.
Predrag,
Can you explain your static route, ip route 10.10.40.0 0.0.0.127 <SVI_vlan200_on_SW4>? Are u configuring this on sw4?
- use PBR without recursive resolution of next hop
- create separate VLAN for target hosts and extend VLAN through network directly to FW2 and make FW2 default gateway