routing based on source ip, NOT dest ip....

Discussion in 'Cisco' started by Captain, May 8, 2004.

  1. Captain

    Captain Guest

    I have 2 gateways onto the internet:
    x.x.x.1 and y.y.y.1

    I have 2 different class Cs coming
    into a cisco3640 router:
    192.168.1.0 and 192.168.2.0


    I want to send all traffic from 192.168.1.0
    out the x.x.x.1 router and all traffic from
    192.168.2.0 out the y.y.y.1 router.

    How can this be done?

    FYI: The standard ip route command only
    routes according to dest ip not source ip.
    ie.: ip route 0.0.0.0 0.0.0.0 x.x.x.1
     
    Captain, May 8, 2004
    #1
    1. Advertising

  2. In article <>,
    Captain <> wrote:
    :I have 2 gateways onto the internet:
    :x.x.x.1 and y.y.y.1

    :I have 2 different class Cs coming
    :into a cisco3640 router:

    :I want to send all traffic from 192.168.1.0
    :eek:ut the x.x.x.1 router and all traffic from
    :192.168.2.0 out the y.y.y.1 router.

    :How can this be done?

    The technique is called "policy routing". You start by creating
    an acl, then a route-map that references that acl, and then you
    apply the route-map as part of routing policy.

    I don't know if it is supported on the 3640 (probably) or what
    release or feature set you would need. The Feature Navigator will
    tell you.
    --
    Whose posting was this .signature Google'd from?
     
    Walter Roberson, May 8, 2004
    #2
    1. Advertising

  3. Captain

    Captain Guest

    On 8 May 2004 22:25:57 GMT, -cnrc.gc.ca (Walter
    Roberson) wrote:

    >In article <>,
    >Captain <> wrote:
    >:I have 2 gateways onto the internet:
    >:x.x.x.1 and y.y.y.1
    >
    >:I have 2 different class Cs coming
    >:into a cisco3640 router:
    >
    >:I want to send all traffic from 192.168.1.0
    >:eek:ut the x.x.x.1 router and all traffic from
    >:192.168.2.0 out the y.y.y.1 router.
    >
    >:How can this be done?
    >
    >The technique is called "policy routing". You start by creating
    >an acl, then a route-map that references that acl, and then you
    >apply the route-map as part of routing policy.
    >
    >I don't know if it is supported on the 3640 (probably) or what
    >release or feature set you would need. The Feature Navigator will
    >tell you.

    /////////////////////////////////////////////

    Ok, I tried the following, but everything is still
    going out the x.x.x.1 pipe?



    !
    ip route 0.0.0.0 0.0.0.0 x.x.x.1
    !
    access-list 15 permit 192.168.1.0 0.0.0.255
    access-list 17 permit 192.168.2.0 0.0.0.255
    route-map 1 permit 5
    match ip address 17
    set ip next-hop y.y.y.1
    !
    route-map 1 permit 10
    match ip address 15
    set ip next-hop x.x.x.1
    !
    !
     
    Captain, May 9, 2004
    #3
  4. In article <>,
    Captain <> wrote:

    > On 8 May 2004 22:25:57 GMT, -cnrc.gc.ca (Walter
    > Roberson) wrote:
    >
    > >In article <>,
    > >Captain <> wrote:
    > >:I have 2 gateways onto the internet:
    > >:x.x.x.1 and y.y.y.1
    > >
    > >:I have 2 different class Cs coming
    > >:into a cisco3640 router:
    > >
    > >:I want to send all traffic from 192.168.1.0
    > >:eek:ut the x.x.x.1 router and all traffic from
    > >:192.168.2.0 out the y.y.y.1 router.
    > >
    > >:How can this be done?
    > >
    > >The technique is called "policy routing". You start by creating
    > >an acl, then a route-map that references that acl, and then you
    > >apply the route-map as part of routing policy.
    > >
    > >I don't know if it is supported on the 3640 (probably) or what
    > >release or feature set you would need. The Feature Navigator will
    > >tell you.

    > /////////////////////////////////////////////
    >
    > Ok, I tried the following, but everything is still
    > going out the x.x.x.1 pipe?


    Did you apply the route-map to the LAN interfaces?

    interface Ethernet0
    ip policy route-map 1

    BTW, route-maps are usually given mnemonic names, not meaningless
    numbers.

    >
    >
    >
    > !
    > ip route 0.0.0.0 0.0.0.0 x.x.x.1
    > !
    > access-list 15 permit 192.168.1.0 0.0.0.255
    > access-list 17 permit 192.168.2.0 0.0.0.255
    > route-map 1 permit 5
    > match ip address 17
    > set ip next-hop y.y.y.1
    > !
    > route-map 1 permit 10
    > match ip address 15
    > set ip next-hop x.x.x.1
    > !
    > !


    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, May 9, 2004
    #4
  5. Captain

    Captain Guest

    On Sat, 08 May 2004 22:49:14 -0400, Barry Margolin
    <> wrote:

    >In article <>,
    > Captain <> wrote:
    >
    >> On 8 May 2004 22:25:57 GMT, -cnrc.gc.ca (Walter
    >> Roberson) wrote:
    >>
    >> >In article <>,
    >> >Captain <> wrote:
    >> >:I have 2 gateways onto the internet:
    >> >:x.x.x.1 and y.y.y.1
    >> >
    >> >:I have 2 different class Cs coming
    >> >:into a cisco3640 router:
    >> >
    >> >:I want to send all traffic from 192.168.1.0
    >> >:eek:ut the x.x.x.1 router and all traffic from
    >> >:192.168.2.0 out the y.y.y.1 router.
    >> >
    >> >:How can this be done?
    >> >
    >> >The technique is called "policy routing". You start by creating
    >> >an acl, then a route-map that references that acl, and then you
    >> >apply the route-map as part of routing policy.
    >> >
    >> >I don't know if it is supported on the 3640 (probably) or what
    >> >release or feature set you would need. The Feature Navigator will
    >> >tell you.

    >> /////////////////////////////////////////////
    >>
    >> Ok, I tried the following, but everything is still
    >> going out the x.x.x.1 pipe?

    >
    >Did you apply the route-map to the LAN interfaces?
    >




    Yes I did, but its still not working right?!?!?!






    >interface Ethernet0
    > ip policy route-map 1
    >
    >BTW, route-maps are usually given mnemonic names, not meaningless
    >numbers.
    >
    >>
    >>
    >>
    >> !
    >> ip route 0.0.0.0 0.0.0.0 x.x.x.1
    >> !
    >> access-list 15 permit 192.168.1.0 0.0.0.255
    >> access-list 17 permit 192.168.2.0 0.0.0.255
    >> route-map 1 permit 5
    >> match ip address 17
    >> set ip next-hop y.y.y.1
    >> !
    >> route-map 1 permit 10
    >> match ip address 15
    >> set ip next-hop x.x.x.1
    >> !
    >> !
     
    Captain, May 9, 2004
    #5
  6. Barry Margolin wrote:
    > In article <>,
    > Captain <> wrote:
    >
    >
    >>On 8 May 2004 22:25:57 GMT, -cnrc.gc.ca (Walter
    >>Roberson) wrote:
    >>
    >>
    >>>In article <>,
    >>>Captain <> wrote:
    >>>:I have 2 gateways onto the internet:
    >>>:x.x.x.1 and y.y.y.1
    >>>
    >>>:I have 2 different class Cs coming
    >>>:into a cisco3640 router:
    >>>
    >>>:I want to send all traffic from 192.168.1.0
    >>>:eek:ut the x.x.x.1 router and all traffic from
    >>>:192.168.2.0 out the y.y.y.1 router.
    >>>
    >>>:How can this be done?
    >>>
    >>>The technique is called "policy routing". You start by creating
    >>>an acl, then a route-map that references that acl, and then you
    >>>apply the route-map as part of routing policy.
    >>>
    >>>I don't know if it is supported on the 3640 (probably) or what
    >>>release or feature set you would need. The Feature Navigator will
    >>>tell you.

    >>
    >>/////////////////////////////////////////////
    >>
    >>Ok, I tried the following, but everything is still
    >>going out the x.x.x.1 pipe?

    >
    >
    > Did you apply the route-map to the LAN interfaces?
    >
    > interface Ethernet0
    > ip policy route-map 1
    >
    > BTW, route-maps are usually given mnemonic names, not meaningless
    > numbers.
    >
    >
    >>
    >>
    >>!
    >>ip route 0.0.0.0 0.0.0.0 x.x.x.1
    >>!
    >>access-list 15 permit 192.168.1.0 0.0.0.255
    >>access-list 17 permit 192.168.2.0 0.0.0.255
    >>route-map 1 permit 5
    >> match ip address 17
    >> set ip next-hop y.y.y.1
    >>!
    >>route-map 1 permit 10
    >> match ip address 15
    >> set ip next-hop x.x.x.1
    >>!
    >>!

    >
    >


    Configuration looks good - what happens if you debug ip packet do you
    see the route-map being applied? Be carefull with this command as it
    could bring the router to a halt and would be good to do it during
    production hours.
     
    Scott Enwright, May 9, 2004
    #6
  7. Captain

    Captain Guest

    On Sun, 09 May 2004 14:56:20 GMT, Scott Enwright <>
    wrote:

    >Barry Margolin wrote:
    > > In article <>,
    > > Captain <> wrote:
    > >
    > >
    > >>On 8 May 2004 22:25:57 GMT, -cnrc.gc.ca (Walter
    > >>Roberson) wrote:
    > >>
    > >>
    > >>>In article <>,
    > >>>Captain <> wrote:
    > >>>:I have 2 gateways onto the internet:
    > >>>:x.x.x.1 and y.y.y.1
    > >>>
    > >>>:I have 2 different class Cs coming
    > >>>:into a cisco3640 router:
    > >>>
    > >>>:I want to send all traffic from 192.168.1.0
    > >>>:eek:ut the x.x.x.1 router and all traffic from
    > >>>:192.168.2.0 out the y.y.y.1 router.
    > >>>
    > >>>:How can this be done?
    > >>>
    > >>>The technique is called "policy routing". You start by creating
    > >>>an acl, then a route-map that references that acl, and then you
    > >>>apply the route-map as part of routing policy.
    > >>>
    > >>>I don't know if it is supported on the 3640 (probably) or what
    > >>>release or feature set you would need. The Feature Navigator will
    > >>>tell you.
    > >>
    > >>/////////////////////////////////////////////
    > >>
    > >>Ok, I tried the following, but everything is still
    > >>going out the x.x.x.1 pipe?

    > >
    > >
    > > Did you apply the route-map to the LAN interfaces?
    > >
    > > interface Ethernet0
    > > ip policy route-map 1
    > >
    > > BTW, route-maps are usually given mnemonic names, not meaningless
    > > numbers.
    > >
    > >
    > >>
    > >>
    > >>!
    > >>ip route 0.0.0.0 0.0.0.0 x.x.x.1
    > >>!
    > >>access-list 15 permit 192.168.1.0 0.0.0.255
    > >>access-list 17 permit 192.168.2.0 0.0.0.255
    > >>route-map 1 permit 5
    > >> match ip address 17
    > >> set ip next-hop y.y.y.1
    > >>!
    > >>route-map 1 permit 10
    > >> match ip address 15
    > >> set ip next-hop x.x.x.1
    > >>!
    > >>!

    > >
    > >

    >
    >Configuration looks good - what happens if you debug ip packet do you
    >see the route-map being applied? Be carefull with this command as it
    >could bring the router to a halt and would be good to do it during
    >production hours.



    It did bring the router to a halt!

    I won't be using that command again!!!!
     
    Captain, May 9, 2004
    #7
  8. Captain

    Kevin Widner Guest

    Try using an extended access-list where you are defining the source
    and destination traffic. By not doing so, you are only telling the
    router that you are interested in destination traffic.

    ex:
    access-list extended rmap1 permit ip 192.168.1.0 0.0.0.255 any

    Kevin



    Captain <> wrote in message news:<>...
    > On Sun, 09 May 2004 14:56:20 GMT, Scott Enwright <>
    > wrote:
    >
    > >Barry Margolin wrote:
    > > > In article <>,
    > > > Captain <> wrote:
    > > >
    > > >
    > > >>On 8 May 2004 22:25:57 GMT, -cnrc.gc.ca (Walter
    > > >>Roberson) wrote:
    > > >>
    > > >>
    > > >>>In article <>,
    > > >>>Captain <> wrote:
    > > >>>:I have 2 gateways onto the internet:
    > > >>>:x.x.x.1 and y.y.y.1

    >
    > > >>>:I have 2 different class Cs coming
    > > >>>:into a cisco3640 router:

    >
    > > >>>:I want to send all traffic from 192.168.1.0
    > > >>>:eek:ut the x.x.x.1 router and all traffic from
    > > >>>:192.168.2.0 out the y.y.y.1 router.

    >
    > > >>>:How can this be done?
    > > >>>
    > > >>>The technique is called "policy routing". You start by creating
    > > >>>an acl, then a route-map that references that acl, and then you
    > > >>>apply the route-map as part of routing policy.
    > > >>>
    > > >>>I don't know if it is supported on the 3640 (probably) or what
    > > >>>release or feature set you would need. The Feature Navigator will
    > > >>>tell you.
    > > >>
    > > >>/////////////////////////////////////////////
    > > >>
    > > >>Ok, I tried the following, but everything is still
    > > >>going out the x.x.x.1 pipe?
    > > >
    > > >
    > > > Did you apply the route-map to the LAN interfaces?
    > > >
    > > > interface Ethernet0
    > > > ip policy route-map 1
    > > >
    > > > BTW, route-maps are usually given mnemonic names, not meaningless
    > > > numbers.
    > > >
    > > >
    > > >>
    > > >>
    > > >>!
    > > >>ip route 0.0.0.0 0.0.0.0 x.x.x.1
    > > >>!
    > > >>access-list 15 permit 192.168.1.0 0.0.0.255
    > > >>access-list 17 permit 192.168.2.0 0.0.0.255
    > > >>route-map 1 permit 5
    > > >> match ip address 17
    > > >> set ip next-hop y.y.y.1
    > > >>!
    > > >>route-map 1 permit 10
    > > >> match ip address 15
    > > >> set ip next-hop x.x.x.1
    > > >>!
    > > >>!
    > > >
    > > >

    > >
    > >Configuration looks good - what happens if you debug ip packet do you
    > >see the route-map being applied? Be carefull with this command as it
    > >could bring the router to a halt and would be good to do it during
    > >production hours.

    >
    >
    > It did bring the router to a halt!
    >
    > I won't be using that command again!!!!
     
    Kevin Widner, May 10, 2004
    #8
  9. Captain <> wrote:

    > access-list 15 permit 192.168.1.0 0.0.0.255
    > access-list 17 permit 192.168.2.0 0.0.0.255
    > route-map 1 permit 5
    > match ip address 17
    > set ip next-hop y.y.y.1
    > !
    > route-map 1 permit 10
    > match ip address 15
    > set ip next-hop x.x.x.1


    When I've done this in the past, I found I had to do
    'set interface <output int>' as the action



    --
    Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation
     
    Eric Sorenson, May 10, 2004
    #9
  10. In article <>,
    Eric Sorenson <> wrote:

    > Captain <> wrote:
    >
    > > access-list 15 permit 192.168.1.0 0.0.0.255
    > > access-list 17 permit 192.168.2.0 0.0.0.255
    > > route-map 1 permit 5
    > > match ip address 17
    > > set ip next-hop y.y.y.1
    > > !
    > > route-map 1 permit 10
    > > match ip address 15
    > > set ip next-hop x.x.x.1

    >
    > When I've done this in the past, I found I had to do
    > 'set interface <output int>' as the action


    That shouldn't be necessary if the router knows which interface to use
    to get to y.y.y.1 and x.x.x.1.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, May 10, 2004
    #10
  11. Barry Margolin <> wrote:

    > That shouldn't be necessary if the router knows which interface to use
    > to get to y.y.y.1 and x.x.x.1.


    I think I was running IP unnumbered over one T1 and PPP over the other, so
    the next-hop didn't work quite right.

    --
    Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation
     
    Eric Sorenson, May 11, 2004
    #11
  12. In article <>,
    Eric Sorenson <> wrote:

    > Barry Margolin <> wrote:
    >
    > > That shouldn't be necessary if the router knows which interface to use
    > > to get to y.y.y.1 and x.x.x.1.

    >
    > I think I was running IP unnumbered over one T1 and PPP over the other, so
    > the next-hop didn't work quite right.


    Basically, the rule of thumb is that the "set ip next-hop" destination
    should be the same as if you were creating a static route. If you're
    routing to a point-to-point link you can use the interface, otherwise
    you would use the next hop's address.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, May 11, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. joeblow
    Replies:
    2
    Views:
    638
    AnyBody43
    Jun 10, 2004
  2. Sri
    Replies:
    0
    Views:
    679
  3. Sri
    Replies:
    0
    Views:
    548
  4. pawel
    Replies:
    2
    Views:
    485
    Walter Roberson
    Jan 7, 2005
  5. Scott
    Replies:
    3
    Views:
    816
    Trendkill
    May 10, 2007
Loading...

Share This Page