Loopback01 to route/use a differant gateway than Loopback02 3

[LisaKit]

Hi all,

I am trying to separate loopback interfaces and have some of them go out through a different gateway. All gateways are connected to Fa0/0 (same LAN switch). Currently all loopbacks use the same gateway, and for load balancing reasons we need to separate the loopback interfaces.

current sample config is as follows:

interface FastEthernet0/0
ip address 67.x1.x2.1 255.255.252.0
no ip unreachables
ip accounting output-packets
ip accounting precedence input
ip accounting precedence output
speed auto
full-duplex
arp timeout 240
!
!
interface Loopback01
description Customer 1
ip address 10.01.01.1 255.255.255.252
!
!
interface Loopback02
description Customer 2
ip address 10.02.02.1 255.255.255.252
!
!
interface ATM1/0.01 point-to-point
description Customer 1
ip unnumbered Loopback01
no ip route-cache
no ip mroute-cache
pvc 1/01
class-vc bridging
ubr 640
!
!
interface ATM1/0.02 point-to-point
description Customer 1
ip unnumbered Loopback02
no ip route-cache
no ip mroute-cache
pvc 1/02
class-vc bridging
ubr 640
!
!
ip default-gateway 67.x1.x2.2 #(gateway of last resort; this is the first gateway and is currantly used by all)
ip classless
ip route 0.0.0.0 0.0.0.0 67.x1.x2.1
ip route 0.0.0.0 0.0.0.0 67.x1.x3.1
!
!
ip route 67.01.03.0 255.255.255.248 ATM1/0.01 #(we want that one to stay going out gateway 67.x1.x2.1)
ip route 67.01.03.8 255.255.255.248 ATM1/0.02 #(we want that one to go out the new gateway 67.x1.x2.254)

Any ideas on how to get this acomplished?

Thanks,
Lisa

 

[LisaKit]

Sorry one correction:

interface ATM1/0.02 point-to-point
description Customer 2
ip unnumbered Loopback02
no ip route-cache
no ip mroute-cache
pvc 1/02
class-vc bridging
ubr 640

this is for customer 2 and not 1

Lisa

 

[North323]

i am confused...do you want different IP's going to different gateways? loopback is only used for management purposes.

have you tried policy based routing by acl list?

 

[LisaKit]

Possibly. I can change the IP numbers if I have to.

I am using the loopback as an always up interface and associating them with ATM1/0.01 Interfaces using the IP Unnumbered command.

Please keep in mind that the ip address 10.01.01.1 255.255.255.252 on the loopback ties to a DSL modem at the customer's end at 10.01.01.2. They are only acting as a bridge/end points. The true numbers that are being routed are the 67.01.02.1 and are mapped to the ATM via the route command below:

ip route 67.01.03.0 255.255.255.248 ATM1/0.01

At the DSL side/customer router the WAN IP on the DSL would be 10.01.01.2 subnet 255.255.255.252 and its gateway would be the other side of the bridge here at the CISCO which is 10.01.01.1.

The LAN side of the DSL/customer would be 67.01.03.1 255.255.255.248 and acts as the gateway to the rest of the IPs behind it attached to the DSL LAN numbers 67.01.03.2 through .5)

Again the Loopback is acting as a Bridge only and it does not play into the routing equation. I am simply trying to route the 67.01.03.2 on the second interface out through a gateway different than the route of last resort.

I am willing to change IP numbers/use another block if that would resolve the issue.

Thanks
Lisa

 

[North323]

what kind of device is this? normally you can not have two gateways of last resort. you may try policy based routing

 

[unclerico]

North is right, PBR baby!!!!

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[North323]

holy crap! im right? im taking a screen shot!

 

[LisaKit]

It is a Cisco 26xx router.

Can you please provide me with an example of a acl/policy that might work and how it would look. I tried a couple so far, I even changed the IP block on atm0/0.02 to a different series still no luck.

To answer your first question above correctly, yes I am trying to get 2 different IP's to go out 2 different gateways without changing my gateway of last resort.

To help explain how the loopback works with the IP unnumbered for purposes other than management purposes please see attached link.

Hope that helps,
Lisa

 

[North323]

http://www.cisco.com/en/US/docs/ios...TSD_Products_Configuration_Guide_Chapter.html

 

[LisaKit]

Thanks North!

I will review it and let you know.

Any hit from your end would be helpful.

Thanks

 

[LisaKit]

For everyone’s benefit, this is what I come up with. Could you please review and let me know if I made a mistake?

access-list 1 permit 67.01.03.1
access-list 2 permit 67.01.03.9
!
interface fa0/0
ip policy route-map CustomerX
!
route-map CustomerX permit 10
match ip address 1
set ip precedence priority
set ip next-hop 67.x1.x2.1
!
route-map CustomerX permit 20
match ip address 2
set ip precedence critical
set ip next-hop 67.x1.x2.254

This should route customer 1 through gateway 67.x1.x2.1 and customer 2 through 67.x1.x2.254.

I am applying the policy to fa0/0 as opposed to ATM0/0.x is this your understanding from the documentation?

Let me know as I will apply the policy to the router this evening and report in the morning on whether it worked or not.

Lisa.

 

[LisaKit]

North/unclerico

I got it to work with minor adjustment as I had to create an access list for each ATM port as per the example below:

access-list 1 permit 67.01.03.1
!
interface atm1/0.01
ip policy route-map Customer1
!
route-map Customer1 permit 10
match ip address 1
set ip precedence immediate
set ip next-hop 67.x1.x2.1
!
!
access-list 2 permit 67.01.03.9
!
interface atm1/0.02
ip policy route-map Customer2
!
route-map Customer2 permit 20
match ip address 2
set ip precedence immediate
set ip next-hop 67.x1.x2.254

Be sure to keep in mind that my subnet mask at the Fa0/0 is set to 255.255.252.0 and that allows me o span all of these blocks. In addition you can add, at the same time, usable IP numbers for all of the device behind the DSL gateway in the same manner:

access-list 2 permit 67.01.03.9
access-list 2 permit 67.01.03.10
access-list 2 permit 67.01.03.11
access-list 2 permit 67.01.03.14
access-list 2 permit 67.01.03.15

Or by simply putting the range of IP numbers.

Thanks all!

Lisa

 

[North323]

awesome great job!

 

[LisaKit]

North,

During one of the training classes I attended way back when, the instructor mentioned that only one Access-List can be applied to an interface at any given time. This means that all rules and permissions needed for the interface should be included in that singular access list for that interface.

Now I never bothered to ever follow-up on that statement before, so I am merely trying to verify if that is the case as some of my interfaces might now require more than one rule.

Let me know?

Thanks

Lisa

 

[burtsbees]

One acl per interface PER DIRECTION, and that goes for an acl applied directly TO an interface...don't forget that acl's can also point to route maps, policy maps, etc. and be used to match criteria based on NAT, interesting traffic for DoD or IPSEC tunnels, so on, so forth, so not JUST filtering traffic directly applied to an interface...

Also, IMHO, you should give at least North one of them there pink star thingies telling him that he helped..."Thank you, please drive through..."

Burt

 

[unclerico]

I just checked back in on this thread now. Yeah your config looks like will work fine (like you needed me to say that right ). Lisa, I'm giving you a star for sticking with it and posting your answer. Isn't PBR a phenomenal concept?? LOVE IT!!!

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[LisaKit]

I LOVE IT!

Thanks all for your help…… I am all for sharing the knowledge

Lisa