Difference between revisions of "Cisco backup - send traffic via 2 ISPs"

From Ever changing code
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Notes =
= Notes =
;THIS SETUP HAS NOT BEEN TESTED YET IN PRACTICE BOTH ON REAL EQUIPMENT NOR GNS3


This is a pure theoretical example at the moment and the most important PAT (overload) has not been implemented into the testing configuration. Please watch the notes section for the latest updates. Once completed - the section will be removed.
This is a pure theoretical example at the moment and the most important PAT (overload) has not been implemented into the testing configuration. Please watch the notes section for the latest updates. Once completed - the section will be removed.
Policy Based Routing (PBR) to manipulate packets routing based on source address it requires using extended ACLs due to the standard ACL can filter by destination only.


= Introduction =
= Introduction =
Line 21: Line 25:
[[File:Route-map.jpg|none|left|Route-Map]]
[[File:Route-map.jpg|none|left|Route-Map]]


  r1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 !Creates ACL 1, which will filter out addresses for our first route map.
  <span style="color: grey">r1(config)#</span>access-list 1 permit 192.168.1.0 0.0.0.255 !Creates ACL 1, which will filter out addresses for our first route map.
  r1(config)#access-list 2 permit 172.16.1.0 0.0.0.255  !Creates ACL 2, which will filter out addresses for our second route map.
  <span style="color: grey">r1(config)#</span>access-list 2 permit 172.16.1.0 0.0.0.255  !Creates ACL 2, which will filter out addresses for our second route map.
   
   
  r1(config)#access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.
  <span style="color: grey">r1(config)#</span>access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.
  r1(config)#access-list 102 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.
  <span style="color: grey">r1(config)#</span>access-list 102 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.
   
   
  r1(config)#route-map ISP1 permit 10            !Creates a route map called ISP1. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
  <span style="color: grey">r1(config)#</span>route-map ISP1 permit 10            !Creates a route map called ISP1. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
  r1(config-route-map)#match ip address 1        !Specifies the match criteria—match addresses filtered from ACL 1.
  <span style="color: grey">r1(config-route-map)#</span>match ip address 1        !Specifies the match criteria—match addresses filtered from ACL 1.
  r1(config-route-map)#set interface serial 0/0/0 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/0.
  <span style="color: grey">r1(config-route-map)#</span>set interface serial 0/0/0 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/0.
  r1(config-route-map)#exit
  <span style="color: grey">r1(config-route-map)#</span>exit
   
   
  r1(config)#route-map ISP2 permit 10            !Creates a route map called ISP2.
  <span style="color: grey">r1(config)#</span>route-map ISP2 permit 10            !Creates a route map called ISP2.
  r1(config-route-map)#match ip address 2        !Specifies the match criteria—match addresses filtered from ACL 2.
  <span style="color: grey">r1(config-route-map)#</span>match ip address 2        !Specifies the match criteria—match addresses filtered from ACL 2.
  r1(config-route-map)#set interface serial 0/0/1 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/1.
  <span style="color: grey">r1(config-route-map)#</span>set interface serial 0/0/1 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/1.
  r1(config-route-map)#exit
  <span style="color: grey">r1(config-route-map)#</span>exit
   
   
  r1(config)#route-map 192To172 permit 10            !Creates a route map named 192To172. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
  <span style="color: grey">r1(config)#</span>route-map 192To172 permit 10            !Creates a route map named 192To172. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
  r1(config-route-map)#match ip address 101          !Specifies the match criteria—match addresses filtered from ACL 101.
  <span style="color: grey">r1(config-route-map)#</span>match ip address 101          !Specifies the match criteria—match addresses filtered from ACL 101.
  r1(config-route-map)#set interface fastethernet 0/1 !Specifies the set actions—forward packets out interface FastEthernet 0/1.
  <span style="color: grey">r1(config-route-map)#</span>set interface fastethernet 0/1 !Specifies the set actions—forward packets out interface FastEthernet 0/1.
  r1(config-route-map)#exit
  <span style="color: grey">r1(config-route-map)#</span>exit
   
   
  r1(config)#route-map 172To192 permit 10            !Creates a route map named 172To192.
  <span style="color: grey">r1(config)#</span>route-map 172To192 permit 10            !Creates a route map named 172To192.
  r1(config-route-map)#match ip address 102          !Specifies the match criteria—match addresses filtered from ACL 102.
  <span style="color: grey">r1(config-route-map)#</span>match ip address 102          !Specifies the match criteria—match addresses filtered from ACL 102.
  r1(config-route-map)#set interface fastethernet 0/0 !Specifies the set actions—forward packets out interface FastEthernet 0/0.
  <span style="color: grey">r1(config-route-map)#</span>set interface fastethernet 0/0 !Specifies the set actions—forward packets out interface FastEthernet 0/0.
  r1(config-route-map)#exit
  <span style="color: grey">r1(config-route-map)#</span>exit
   
   
  r1(config)#interface serial 0/0/0 !Moves to interface configuration mode.
  <span style="color: grey">r1(config)#</span>interface serial 0/0/0 !Moves to interface configuration mode.
  r1(config-if)#description link to ISP1  
  <span style="color: grey">r1(config-if)#</span>description link to ISP1  
  r1(config-if)#ip address 198.133.219.1 255.255.255.252 !Assigns an IP address and netmask.
  <span style="color: grey">r1(config-if)#</span>ip address 198.133.219.1 255.255.255.252 !Assigns an IP address and netmask.
  r1(config-if)#no shutdown
  <span style="color: grey">r1(config-if)#</span>no shutdown
   
   
  r1(config)#interface serial 0/0/1
  <span style="color: grey">r1(config)#</span>interface serial 0/0/1
  r1(config-if)#description link to ISP2  
  <span style="color: grey">r1(config-if)#</span>description link to ISP2  
  r1(config-if)#ip address 192.31.7.1 255.255.255.252 !Assigns an IP address and netmask.
  <span style="color: grey">r1(config-if)#</span>ip address 192.31.7.1 255.255.255.252 !Assigns an IP address and netmask.
  r1(config-if)#no shutdown
  <span style="color: grey">r1(config-if)#</span>no shutdown
   
   
  r1(config)#interface fastethernet 0/0              !Moves to interface configuration mode to assign ROUTE-MAP POLICY
  <span style="color: grey">r1(config)#</span>interface fastethernet 0/0              !Moves to interface configuration mode to assign ROUTE-MAP POLICY
  r1(config-if)#ip address 192.168.1.1 255.255.255.0 !Configures an IP address and netmask.
  <span style="color: grey">r1(config-if)#</span>ip address 192.168.1.1 255.255.255.0 !Configures an IP address and netmask.
  r1(config-if)#ip policy route-map ISP1            !Applies the route map named ISP1 to this interface.
  <span style="color: grey">r1(config-if)#</span>ip policy route-map ISP1            !Applies the route map named ISP1 to this interface.
  r1(config-if)#ip policy route-map 192To172        !Applies the route map named 192To172 to this interface.
  <span style="color: grey">r1(config-if)#</span>ip policy route-map 192To172        !Applies the route map named 192To172 to this interface.
  r1(config-if)#no shutdown
  <span style="color: grey">r1(config-if)#</span>no shutdown
  r1(config-if)#exit
  <span style="color: grey">r1(config-if)#</span>exit
   
   
  r1(config)#interface fastethernet 0/1              !Moves to interface configuration mode.
  <span style="color: grey">r1(config)#</span>interface fastethernet 0/1              !Moves to interface configuration mode.
  r1(config-if)#ip address 172.16.1.1 255.255.255.0  !Configures an IP address and netmask.
  <span style="color: grey">r1(config-if)#</span>ip address 172.16.1.1 255.255.255.0  !Configures an IP address and netmask.
  r1(config-if)#ip policy route-map ISP2            !Applies the route map named ISP2 to this interface.
  <span style="color: grey">r1(config-if)#</span>ip policy route-map ISP2            !Applies the route map named ISP2 to this interface.
  r1(config-if)#ip policy route-map 172To192        !Applies the route map named 172To192 to this interface.
  <span style="color: grey">r1(config-if)#</span>ip policy route-map 172To192        !Applies the route map named 172To192 to this interface.
  r1(config-if)#no shutdown
  <span style="color: grey">r1(config-if)#</span>no shutdown
  r1(config-if)#exit
  <span style="color: grey">r1(config-if)#</span>exit
  r1(config-if)#end
  <span style="color: grey">r1(config-if)#</span>end


= References =
= References =
*[http://networklessons.com/network-services/nat-with-two-outside-interfaces/ NAT with two outside interfaces] Turorial step-by-step
*[http://networklessons.com/network-services/nat-with-two-outside-interfaces/ NAT with two outside interfaces] Turorial step-by-step

Latest revision as of 20:09, 24 August 2014

Notes

THIS SETUP HAS NOT BEEN TESTED YET IN PRACTICE BOTH ON REAL EQUIPMENT NOR GNS3

This is a pure theoretical example at the moment and the most important PAT (overload) has not been implemented into the testing configuration. Please watch the notes section for the latest updates. Once completed - the section will be removed.

Policy Based Routing (PBR) to manipulate packets routing based on source address it requires using extended ACLs due to the standard ACL can filter by destination only.

Introduction

This is an generic example how to send traffics via different routes ISP1 or ISP2 depend on the source.

Design

                                 ------> VLAN10 > -------- ISP1 -------------
                                |                                            |
                                |                                            |
LAN --(VLAN 10 & 20)----- WAN router                                      Internet
                                |                                            |
                                |                                            |
                                 ------> VLAN20 > -------- ISP2 -------------

Configuration

Route-Map
r1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 !Creates ACL 1, which will filter out addresses for our first route map.
r1(config)#access-list 2 permit 172.16.1.0 0.0.0.255  !Creates ACL 2, which will filter out addresses for our second route map.

r1(config)#access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.
r1(config)#access-list 102 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.

r1(config)#route-map ISP1 permit 10             !Creates a route map called ISP1. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
r1(config-route-map)#match ip address 1         !Specifies the match criteria—match addresses filtered from ACL 1.
r1(config-route-map)#set interface serial 0/0/0 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/0.
r1(config-route-map)#exit

r1(config)#route-map ISP2 permit 10             !Creates a route map called ISP2.
r1(config-route-map)#match ip address 2         !Specifies the match criteria—match addresses filtered from ACL 2.
r1(config-route-map)#set interface serial 0/0/1 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/1.
r1(config-route-map)#exit

r1(config)#route-map 192To172 permit 10             !Creates a route map named 192To172. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
r1(config-route-map)#match ip address 101           !Specifies the match criteria—match addresses filtered from ACL 101.
r1(config-route-map)#set interface fastethernet 0/1 !Specifies the set actions—forward packets out interface FastEthernet 0/1.
r1(config-route-map)#exit

r1(config)#route-map 172To192 permit 10             !Creates a route map named 172To192.
r1(config-route-map)#match ip address 102           !Specifies the match criteria—match addresses filtered from ACL 102.
r1(config-route-map)#set interface fastethernet 0/0 !Specifies the set actions—forward packets out interface FastEthernet 0/0.
r1(config-route-map)#exit

r1(config)#interface serial 0/0/0 !Moves to interface configuration mode.
r1(config-if)#description link to ISP1 
r1(config-if)#ip address 198.133.219.1 255.255.255.252 !Assigns an IP address and netmask.
r1(config-if)#no shutdown

r1(config)#interface serial 0/0/1
r1(config-if)#description link to ISP2 
r1(config-if)#ip address 192.31.7.1 255.255.255.252 !Assigns an IP address and netmask.
r1(config-if)#no shutdown

r1(config)#interface fastethernet 0/0              !Moves to interface configuration mode to assign ROUTE-MAP POLICY
r1(config-if)#ip address 192.168.1.1 255.255.255.0 !Configures an IP address and netmask.
r1(config-if)#ip policy route-map ISP1             !Applies the route map named ISP1 to this interface.
r1(config-if)#ip policy route-map 192To172         !Applies the route map named 192To172 to this interface.
r1(config-if)#no shutdown
r1(config-if)#exit

r1(config)#interface fastethernet 0/1              !Moves to interface configuration mode.
r1(config-if)#ip address 172.16.1.1 255.255.255.0  !Configures an IP address and netmask.
r1(config-if)#ip policy route-map ISP2             !Applies the route map named ISP2 to this interface.
r1(config-if)#ip policy route-map 172To192         !Applies the route map named 172To192 to this interface.
r1(config-if)#no shutdown
r1(config-if)#exit
r1(config-if)#end

References

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Cisco_backup_-_send_traffic_via_2_ISPs&oldid=1315