routing based on source ip, NOT dest ip....

Discussion in 'Cisco' started by Captain, May 8, 2004.

  1. Captain

    Captain Guest

    I have 2 gateways onto the internet:
    x.x.x.1 and y.y.y.1

    I have 2 different class Cs coming
    into a cisco3640 router: and

    I want to send all traffic from
    out the x.x.x.1 router and all traffic from out the y.y.y.1 router.

    How can this be done?

    FYI: The standard ip route command only
    routes according to dest ip not source ip.
    ie.: ip route x.x.x.1
    Captain, May 8, 2004
    1. Advertisements

  2. :x.x.x.1 and y.y.y.1

    :I have 2 different class Cs coming
    :into a cisco3640 router:

    :I want to send all traffic from
    :eek:ut the x.x.x.1 router and all traffic from
    : out the y.y.y.1 router.

    :How can this be done?

    The technique is called "policy routing". You start by creating
    an acl, then a route-map that references that acl, and then you
    apply the route-map as part of routing policy.

    I don't know if it is supported on the 3640 (probably) or what
    release or feature set you would need. The Feature Navigator will
    tell you.
    Walter Roberson, May 8, 2004
    1. Advertisements

  3. Captain

    Captain Guest


    Ok, I tried the following, but everything is still
    going out the x.x.x.1 pipe?

    ip route x.x.x.1
    access-list 15 permit
    access-list 17 permit
    route-map 1 permit 5
    match ip address 17
    set ip next-hop y.y.y.1
    route-map 1 permit 10
    match ip address 15
    set ip next-hop x.x.x.1
    Captain, May 9, 2004
  4. Did you apply the route-map to the LAN interfaces?

    interface Ethernet0
    ip policy route-map 1

    BTW, route-maps are usually given mnemonic names, not meaningless
    Barry Margolin, May 9, 2004
  5. Captain

    Captain Guest

    Yes I did, but its still not working right?!?!?!
    Captain, May 9, 2004
  6. Configuration looks good - what happens if you debug ip packet do you
    see the route-map being applied? Be carefull with this command as it
    could bring the router to a halt and would be good to do it during
    production hours.
    Scott Enwright, May 9, 2004
  7. Captain

    Captain Guest

    It did bring the router to a halt!

    I won't be using that command again!!!!
    Captain, May 9, 2004
  8. Captain

    Kevin Widner Guest

    Try using an extended access-list where you are defining the source
    and destination traffic. By not doing so, you are only telling the
    router that you are interested in destination traffic.

    access-list extended rmap1 permit ip any

    Kevin Widner, May 10, 2004
  9. When I've done this in the past, I found I had to do
    'set interface <output int>' as the action
    Eric Sorenson, May 10, 2004
  10. That shouldn't be necessary if the router knows which interface to use
    to get to y.y.y.1 and x.x.x.1.
    Barry Margolin, May 10, 2004
  11. I think I was running IP unnumbered over one T1 and PPP over the other, so
    the next-hop didn't work quite right.
    Eric Sorenson, May 11, 2004
  12. Basically, the rule of thumb is that the "set ip next-hop" destination
    should be the same as if you were creating a static route. If you're
    routing to a point-to-point link you can use the interface, otherwise
    you would use the next hop's address.
    Barry Margolin, May 11, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.