Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Different default routes based on source

Status
Not open for further replies.
jbrotschul

jbrotschul

Technical User
Jan 5, 2005
43
US
Hi,

I have a Cisco Catalyst 4506. Currently there is a default route configured pointing to my firewall for internet traffic...

ip route 0.0.0.0 0.0.0.0 192.168.100.7

I installed a new firewall - 192.168.4.7, and want to route traffic based on the source ip to this new firewall for only specific source ip addresses (that are in a particular vlan).

Here's my current configuration:

access-list 151 remark NEWPIX DEFAULT ROUTE
access-list 151 permit ip host 192.168.151.0 any

route-map NEWPIX_DEFAULT_ROUTE permit 10
match ip address 151
set ip default next-hop 192.168.4.7


interface Vlan50
ip address 192.168.151.4 255.255.255.0
no ip redirects
ip policy route-map NEWPIX_DEFAULT_ROUTE
standby 50 ip 192.168.151.254
standby 50 preempt


Server is 192.168.151.40 connected to this switch port:

interface FastEthernet6/45
switchport access vlan 50
switchport mode access
ip access-group 151 in


I see hit count incrementing on the ACL, and policy matches on the route-map, but internet traffic is still going out through the original firewall - 192.168.100.7.

What am I missing?

Thanks,
Jeff





 
Sort by date Sort by votes
This ACL is incorrect....

access-list 151 permit ip host 192.168.151.0 any


Perhaps it should be

access-list 151 permit ip 192.168.151.0 0.0.0.255


 
Upvote 0 Downvote
I am attempting something similiar to this on a 3750 with no luck. the problem I seem to have is applying the route-map to the vlan interface. Can someone tell me if this is supported on the Catalyst 3750 and what I might be doig wrong?
 
Upvote 0 Downvote
KayDubYa

You don't say what specific problem you have but I just posted a query about applying route-maps to vlan interfaces.

I've learned on 3750 (also on my 6513) that if I have any kind of verify-availability statement on the route-map, then when I apply it to interface vlan x, I don't get any errors but neither does it apply. A show run int vlan x will not reveal any policy applied at all.

If I remove the verify-avail command from route-map, then I can apply route-map to vlan interface just fine.

This of course is a problem because if the interface is not there, you surely don't want to force your traffic to try to use it! Not being able to verify seems a pretty extreme limitation to me.

With some time in my lab I've learned I can use the verify-avaiability option on the route-map AS LONG AS I confine it to CDP methods of checking (I can't track other means such as IP response etc). In fact, I've learned that with IOS 12.2(46)SE you can't even use CDP tracking. You can with 12.2(44) but..still CDP is all you get.

HTH
 
Upvote 0 Downvote
Thanks HTH,
I found what my problem was. It turns out that I need a software update to do what I need.

Ken
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
111
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
164
iggsterman
iggsterman
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
70
NavinNet
NavinNet
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
101
bfordz
bfordz
serge9
  • Locked
  • Question
Cisco GUI on cme stop working
Replies
2
Views
138
serge9
serge9

Part and Inventory Search

Sponsor

Back
Top