Hi,
I want to do routing based on destination ports. Let's say that we're using 1 router with 3 interfaces. 1 link where the LAN is connected, 2 uplinks to different ISP's. I want to route traffic from the LAN to the WAN and based on the destination TCP port it should either go via ISP 1 or via ISP 2.
the link
Can anybody help me with this?
Regards,
Remco Bressers
Hi, Ok so this is pretty much what you have to do here. Assume that your fa0/1 is LAN, fa0/2 ISP1 and fa0/3 is ISP2.
access-list 100 permit tcp any any eq 80 access-list 101 permit tcp any any eq 25
route-map isp1 match ip address 100 set interface fa0/2
route-map isp2 match ip address 101 set interface fa0/3
interface fa0/1 ip policy route-map isp1
inerface fa0/2 ip policy route-map isp2
The first thing you need is to create an access list to each ISP and filter it by port number. Access list 100 is ISP1 and access list 101 is ISP2. Then you create a route-map for isp1. The route-map will look for traffic (match ip address 100) that matches the access list 100, which in this case is port 80. Once the traffic is found you set the destination interface (set interface fa0/2). Do the same thing for the other ISP with the other access list.
When both of the route-maps are created you go into the interface for isp 1 in this case fa0/1 and apply the policy (ip policy route-map isp1). You do the same thing for interface fa0/2 and ip policy route-map isp2. With this configuration it will only forward traffic that matches port 80 and 25 and the rest would be dropped.
Let me know if this helps or if you have any more questions.
TK
This won't work without static ARP mapping (been there, done that). The reason is that on multiaccess LAN interface the router must know the L2 destination (MAC) address for encapsulating IP packet. The better idea is to use "set ip next-hop" statement here. HTH Cheers Alex
Small correction - I should have said "This won't work without static ARP mapping IF the box behind fa0/2|fa0/3 is NON-CISCO box (been there, done that). CISCO routers support proxy-ARP and You might get huge ARP tables but this is another problem :-) Cheers Alex
Err.. so what is the solution for this? Routers behind the Cisco are non-Cisco, so this could be a problem. Will proxy-arp on my box resolve this issue?
Regards,
Remco Bressers
Use "set ip next-hop" instead of "set interface" in policy-map. HTH Cheers Alex
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.