route-map question (how to policy route for all destinations except few subnets?)

Discussion in 'Cisco' started by binand, Aug 13, 2005.

  1. binand

    binand Guest

    Hi All,

    I have a setup like this: is a VLAN with internet connection via ISP1. is a VLAN with internet connection via ISP2.

    Right now, I have these VLANs on separate (Catalyst 4506) switches. I
    am trying to combine them onto a single switch, with route-maps. Here
    is my configuration:

    access-list 160 permit ip any
    route-map ISP2 permit 20
    match ip address 160
    set ip next-hop
    int vlan 50
    desc ISP2
    ip address
    ip policy route-map ISP2
    int vlan 25
    desc ISP1
    ip address

    This works fine. Now, I'd like to have IP connectivity between the two
    VLANs. How should I modify my ACL for that? I tried:

    access-list 160 deny ip
    access-list 160 permit ip any

    Which didn't work. I thought if the route-map encountered a deny ACL,
    default routing would take place, but that does not seem to be the

    The default routing table on the switch looks like:

    C is directly connected, Vlan25
    C is directly connected, Vlan50
    S* [1/0] via and are my firewalls (two Netscreens).


    binand, Aug 13, 2005
    1. Advertisements

  2. Change "set ip next-hop" to "set ip default next-hop". Then the policy
    route will only override the default route. Connected routes, static
    routes, and routes learned via a routing protocol will still be used
    between the VLANs.
    Barry Margolin, Aug 13, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.