Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > route-map question (how to policy route for all destinations except few subnets?)

Reply
Thread Tools

route-map question (how to policy route for all destinations except few subnets?)

 
 
binand@gmail.com
Guest
Posts: n/a
 
      08-13-2005
Hi All,

I have a setup like this:

192.168.100.0/24 is a VLAN with internet connection via ISP1.
172.16.100.0/24 is a VLAN with internet connection via ISP2.

Right now, I have these VLANs on separate (Catalyst 4506) switches. I
am trying to combine them onto a single switch, with route-maps. Here
is my configuration:

access-list 160 permit ip 172.16.100.0 0.0.0.255 any
route-map ISP2 permit 20
match ip address 160
set ip next-hop 172.16.100.254
int vlan 50
desc ISP2
ip address 172.16.100.1 255.255.255.0
ip policy route-map ISP2
int vlan 25
desc ISP1
ip address 192.168.100.1 255.255.255.0

This works fine. Now, I'd like to have IP connectivity between the two
VLANs. How should I modify my ACL for that? I tried:

access-list 160 deny ip 172.16.100.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 160 permit ip 172.16.100.0 0.0.0.255 any

Which didn't work. I thought if the route-map encountered a deny ACL,
default routing would take place, but that does not seem to be the
case.

The default routing table on the switch looks like:

C 192.168.100.0/24 is directly connected, Vlan25
C 172.16.100.0/24 is directly connected, Vlan50
S* 0.0.0.0/0 [1/0] via 192.168.100.254

192.168.100.254 and 172.16.100.254 are my firewalls (two Netscreens).

TIA,

Binand

 
Reply With Quote
 
 
 
 
Barry Margolin
Guest
Posts: n/a
 
      08-13-2005
In article <(E-Mail Removed) .com>,
"(E-Mail Removed)" <(E-Mail Removed)> wrote:

> Hi All,
>
> I have a setup like this:
>
> 192.168.100.0/24 is a VLAN with internet connection via ISP1.
> 172.16.100.0/24 is a VLAN with internet connection via ISP2.
>
> Right now, I have these VLANs on separate (Catalyst 4506) switches. I
> am trying to combine them onto a single switch, with route-maps. Here
> is my configuration:
>
> access-list 160 permit ip 172.16.100.0 0.0.0.255 any
> route-map ISP2 permit 20
> match ip address 160
> set ip next-hop 172.16.100.254
> int vlan 50
> desc ISP2
> ip address 172.16.100.1 255.255.255.0
> ip policy route-map ISP2
> int vlan 25
> desc ISP1
> ip address 192.168.100.1 255.255.255.0
>
> This works fine. Now, I'd like to have IP connectivity between the two
> VLANs. How should I modify my ACL for that? I tried:


Change "set ip next-hop" to "set ip default next-hop". Then the policy
route will only override the default route. Connected routes, static
routes, and routes learned via a routing protocol will still be used
between the VLANs.

--
Barry Margolin, http://www.velocityreviews.com/forums/(E-Mail Removed)
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
try -> except -> else -> except? David House Python 2 07-06-2009 05:48 PM
PIX 515 - Open all ports except a few Corbin O'Reilly Cisco 6 08-16-2008 12:03 AM
What is the default precedence: local-route, static-route,OSPF-route? ilan.berco@gmail.com Cisco 9 08-07-2008 05:42 PM
who is simpler? try/except/else or try/except Fabio Z Tessitore Python 5 08-13-2007 12:52 AM
converting a nested try/except statement into try/except/else John Salerno Python 20 08-11-2006 02:48 PM



Advertisments