Cisco backup - send traffic via 2 ISPs

From Ever changing code
Revision as of 19:09, 24 August 2014 by Pio2pio (talk | contribs) (→‎Notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notes

THIS SETUP HAS NOT BEEN TESTED YET IN PRACTICE BOTH ON REAL EQUIPMENT NOR GNS3

This is a pure theoretical example at the moment and the most important PAT (overload) has not been implemented into the testing configuration. Please watch the notes section for the latest updates. Once completed - the section will be removed.

Policy Based Routing (PBR) to manipulate packets routing based on source address it requires using extended ACLs due to the standard ACL can filter by destination only.

Introduction

This is an generic example how to send traffics via different routes ISP1 or ISP2 depend on the source.

Design

                                 ------> VLAN10 > -------- ISP1 -------------
                                |                                            |
                                |                                            |
LAN --(VLAN 10 & 20)----- WAN router                                      Internet
                                |                                            |
                                |                                            |
                                 ------> VLAN20 > -------- ISP2 -------------

Configuration

Route-Map
r1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 !Creates ACL 1, which will filter out addresses for our first route map.
r1(config)#access-list 2 permit 172.16.1.0 0.0.0.255  !Creates ACL 2, which will filter out addresses for our second route map.

r1(config)#access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.
r1(config)#access-list 102 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 !Creates an extended ACL, resulting in a filter based on both source and destination IP address.

r1(config)#route-map ISP1 permit 10             !Creates a route map called ISP1. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
r1(config-route-map)#match ip address 1         !Specifies the match criteria—match addresses filtered from ACL 1.
r1(config-route-map)#set interface serial 0/0/0 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/0.
r1(config-route-map)#exit

r1(config)#route-map ISP2 permit 10             !Creates a route map called ISP2.
r1(config-route-map)#match ip address 2         !Specifies the match criteria—match addresses filtered from ACL 2.
r1(config-route-map)#set interface serial 0/0/1 !Specifies the set actions (what action is to be performed if the match criteria is met); in this case, forward packets out interface s0/1.
r1(config-route-map)#exit

r1(config)#route-map 192To172 permit 10             !Creates a route map named 192To172. This route map will permit traffic based on subsequent criteria. A sequence number of 10 is assigned.
r1(config-route-map)#match ip address 101           !Specifies the match criteria—match addresses filtered from ACL 101.
r1(config-route-map)#set interface fastethernet 0/1 !Specifies the set actions—forward packets out interface FastEthernet 0/1.
r1(config-route-map)#exit

r1(config)#route-map 172To192 permit 10             !Creates a route map named 172To192.
r1(config-route-map)#match ip address 102           !Specifies the match criteria—match addresses filtered from ACL 102.
r1(config-route-map)#set interface fastethernet 0/0 !Specifies the set actions—forward packets out interface FastEthernet 0/0.
r1(config-route-map)#exit

r1(config)#interface serial 0/0/0 !Moves to interface configuration mode.
r1(config-if)#description link to ISP1 
r1(config-if)#ip address 198.133.219.1 255.255.255.252 !Assigns an IP address and netmask.
r1(config-if)#no shutdown

r1(config)#interface serial 0/0/1
r1(config-if)#description link to ISP2 
r1(config-if)#ip address 192.31.7.1 255.255.255.252 !Assigns an IP address and netmask.
r1(config-if)#no shutdown

r1(config)#interface fastethernet 0/0              !Moves to interface configuration mode to assign ROUTE-MAP POLICY
r1(config-if)#ip address 192.168.1.1 255.255.255.0 !Configures an IP address and netmask.
r1(config-if)#ip policy route-map ISP1             !Applies the route map named ISP1 to this interface.
r1(config-if)#ip policy route-map 192To172         !Applies the route map named 192To172 to this interface.
r1(config-if)#no shutdown
r1(config-if)#exit

r1(config)#interface fastethernet 0/1              !Moves to interface configuration mode.
r1(config-if)#ip address 172.16.1.1 255.255.255.0  !Configures an IP address and netmask.
r1(config-if)#ip policy route-map ISP2             !Applies the route map named ISP2 to this interface.
r1(config-if)#ip policy route-map 172To192         !Applies the route map named 172To192 to this interface.
r1(config-if)#no shutdown
r1(config-if)#exit
r1(config-if)#end

References