routing based on source ip, NOT dest ip....

Discussion in 'Cisco' started by Captain, May 8, 2004.

  1. Captain

    Captain Guest

    I have 2 gateways onto the internet:
    x.x.x.1 and y.y.y.1

    I have 2 different class Cs coming
    into a cisco3640 router:
    192.168.1.0 and 192.168.2.0


    I want to send all traffic from 192.168.1.0
    out the x.x.x.1 router and all traffic from
    192.168.2.0 out the y.y.y.1 router.

    How can this be done?

    FYI: The standard ip route command only
    routes according to dest ip not source ip.
    ie.: ip route 0.0.0.0 0.0.0.0 x.x.x.1
     
    Captain, May 8, 2004
    #1
    1. Advertisements

  2. :x.x.x.1 and y.y.y.1

    :I have 2 different class Cs coming
    :into a cisco3640 router:

    :I want to send all traffic from 192.168.1.0
    :eek:ut the x.x.x.1 router and all traffic from
    :192.168.2.0 out the y.y.y.1 router.

    :How can this be done?

    The technique is called "policy routing". You start by creating
    an acl, then a route-map that references that acl, and then you
    apply the route-map as part of routing policy.

    I don't know if it is supported on the 3640 (probably) or what
    release or feature set you would need. The Feature Navigator will
    tell you.
     
    Walter Roberson, May 8, 2004
    #2
    1. Advertisements

  3. Captain

    Captain Guest

    /////////////////////////////////////////////

    Ok, I tried the following, but everything is still
    going out the x.x.x.1 pipe?



    !
    ip route 0.0.0.0 0.0.0.0 x.x.x.1
    !
    access-list 15 permit 192.168.1.0 0.0.0.255
    access-list 17 permit 192.168.2.0 0.0.0.255
    route-map 1 permit 5
    match ip address 17
    set ip next-hop y.y.y.1
    !
    route-map 1 permit 10
    match ip address 15
    set ip next-hop x.x.x.1
    !
    !
     
    Captain, May 9, 2004
    #3
  4. Did you apply the route-map to the LAN interfaces?

    interface Ethernet0
    ip policy route-map 1

    BTW, route-maps are usually given mnemonic names, not meaningless
    numbers.
     
    Barry Margolin, May 9, 2004
    #4
  5. Captain

    Captain Guest



    Yes I did, but its still not working right?!?!?!
     
    Captain, May 9, 2004
    #5
  6. Configuration looks good - what happens if you debug ip packet do you
    see the route-map being applied? Be carefull with this command as it
    could bring the router to a halt and would be good to do it during
    production hours.
     
    Scott Enwright, May 9, 2004
    #6
  7. Captain

    Captain Guest


    It did bring the router to a halt!

    I won't be using that command again!!!!
     
    Captain, May 9, 2004
    #7
  8. Captain

    Kevin Widner Guest

    Try using an extended access-list where you are defining the source
    and destination traffic. By not doing so, you are only telling the
    router that you are interested in destination traffic.

    ex:
    access-list extended rmap1 permit ip 192.168.1.0 0.0.0.255 any

    Kevin
     
    Kevin Widner, May 10, 2004
    #8
  9. When I've done this in the past, I found I had to do
    'set interface <output int>' as the action
     
    Eric Sorenson, May 10, 2004
    #9
  10. That shouldn't be necessary if the router knows which interface to use
    to get to y.y.y.1 and x.x.x.1.
     
    Barry Margolin, May 10, 2004
    #10
  11. I think I was running IP unnumbered over one T1 and PPP over the other, so
    the next-hop didn't work quite right.
     
    Eric Sorenson, May 11, 2004
    #11
  12. Basically, the rule of thumb is that the "set ip next-hop" destination
    should be the same as if you were creating a static route. If you're
    routing to a point-to-point link you can use the interface, otherwise
    you would use the next hop's address.
     
    Barry Margolin, May 11, 2004
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.