route-map question (how to policy route for all destinations except few subnets?)|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by binand@gmail.com on August 13, 2005, 2:05 am
Please log in for more thread options
Hi All, I have a setup like this: 192.168.100.0/24 is a VLAN with internet connection via ISP1. 172.16.100.0/24 is a VLAN with internet connection via ISP2. Right now, I have these VLANs on separate (Catalyst 4506) switches. I am trying to combine them onto a single switch, with route-maps. Here is my configuration: access-list 160 permit ip 172.16.100.0 0.0.0.255 any route-map ISP2 permit 20 match ip address 160 set ip next-hop 172.16.100.254 int vlan 50 desc ISP2 ip address 172.16.100.1 255.255.255.0 ip policy route-map ISP2 int vlan 25 desc ISP1 ip address 192.168.100.1 255.255.255.0 This works fine. Now, I'd like to have IP connectivity between the two VLANs. How should I modify my ACL for that? I tried: access-list 160 deny ip 172.16.100.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 160 permit ip 172.16.100.0 0.0.0.255 any Which didn't work. I thought if the route-map encountered a deny ACL, default routing would take place, but that does not seem to be the case. The default routing table on the switch looks like: C 192.168.100.0/24 is directly connected, Vlan25 C 172.16.100.0/24 is directly connected, Vlan50 S* 0.0.0.0/0 [1/0] via 192.168.100.254 192.168.100.254 and 172.16.100.254 are my firewalls (two Netscreens). TIA, Binand | ||||||||||
|
Posted by Barry Margolin on August 13, 2005, 4:52 pm
Please log in for more thread options Change "set ip next-hop" to "set ip default next-hop". Then the policy route will only override the default route. Connected routes, static routes, and routes learned via a routing protocol will still be used between the VLANs. -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** | ||||||||||
| Similar Threads | Posted |
| route-map question (how to policy route for all destinations except few subnets?) | August 13, 2005, 2:05 am |
| policy route-map question | January 11, 2007, 10:54 am |
| HSRP and Policy Route | May 1, 2007, 3:53 pm |
| Question about subnets | January 14, 2007, 1:54 pm |
| Routing behind the PIX to multiple destinations | June 28, 2005, 11:21 am |
| ASA Policy NAT Question | September 14, 2006, 9:12 am |
| Question about NAT (maybe need to use policy NAT)? | June 30, 2008, 6:09 pm |
| Outbound Dial Peer for URI Destinations | September 19, 2006, 11:47 am |
| PIX question Policy NAT - quite urgent - | March 11, 2005, 11:35 am |
| question for static route -- default route | April 1, 2009, 12:03 am |
| question for static route -- default route | April 1, 2009, 12:04 am |
| Policy Based Routing Question | November 13, 2005, 7:38 pm |
| Policy Routing: Guaranteeing Bandwidth Question | March 27, 2007, 11:23 pm |
| policy based routing for multiple tracking options question | April 9, 2006, 8:42 pm |
| BGP Route Question | October 27, 2005, 9:06 am |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>
> I have a setup like this:
>
> 192.168.100.0/24 is a VLAN with internet connection via ISP1.
> 172.16.100.0/24 is a VLAN with internet connection via ISP2.
>
> Right now, I have these VLANs on separate (Catalyst 4506) switches. I
> am trying to combine them onto a single switch, with route-maps. Here
> is my configuration:
>
> access-list 160 permit ip 172.16.100.0 0.0.0.255 any
> route-map ISP2 permit 20
> match ip address 160
> set ip next-hop 172.16.100.254
> int vlan 50
> desc ISP2
> ip address 172.16.100.1 255.255.255.0
> ip policy route-map ISP2
> int vlan 25
> desc ISP1
> ip address 192.168.100.1 255.255.255.0
>
> This works fine. Now, I'd like to have IP connectivity between the two
> VLANs. How should I modify my ACL for that? I tried: