[c-nsp] PBR two default gateway

Satish Patel satish.txt at gmail.com
Thu Jun 23 14:24:15 EDT 2016


Why do i need ACL if i want to match all IPs behind same interface
like f0/1?  I want to route any traffic coming from interface f0/1.

On Thu, Jun 23, 2016 at 2:21 PM, Nick Cutting <ncutting at edgetg.com> wrote:
> You need to match the traffic of the source and destination, in an ACL in the route-map.
> Yours probably being :
>
> ACL-PBR-SUBNET-A
> Permit XX.xx.xx.xx 0.0.0.255 any
>
> route-map FOO permit 10
> match ip address ACL-PBR-SUBNET-A
>  set ip next-hop x.x.x.x
>
> then "debug ip policy" to watch it firing, or not firing (if this is not in production yet)
>
> You must test from behind the router - from a host on the subnet )  - as self-generated traffic requires another type of PBR (local policy)
>
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Satish Patel
> Sent: Thursday, June 23, 2016 1:46 PM
> To: Cisco Network Service Providers
> Subject: [c-nsp] PBR two default gateway
>
> I have router with two subnet A & B connected on related physical interface. and we have two ISP link so i want to send subnet A to ISP-A and subnet B to ISP-B.
>
> is it enough if i do this or do i need to use match interface F1/1?
> Because i want to do whatever coming from my source interface go to ISP-A and rest will use ip route 0.0.0.0 0.0.0.0 ISP-B
>
> !
> interface FastEthernet1/1
>  description subnet-A
>  ip address x.x.x.x 255.255.255.0
>  ip policy route-map FOO
> !
> !
> route-map FOO permit 10
>  set ip next-hop x.x.x.x
> !
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list