This document discusses using policy-based routing on a Cisco router to direct different types of traffic from two PCs to specific internet service providers (ISPs). PC1 traffic should always route through the slower ISP2 connection. PC2's Telnet and HTTPS traffic should use the more reliable ISP1, while other PC2 traffic uses ISP2. Access control lists are created to classify traffic, then a route map is used to implement the routing policies on the router's interface connected to the internal network.
3. Introduction:-
Is a most powerful feature you have available to you to direct
traffic moving to your cisco router
Process applied to ingress interface of a router which override’s
the normal routing process
Objectives:-
PC1 surfs the internet all day doing nothing productive. All
traffic from this PC should route out ISP, which is a slower
internet connection. If ISP2 is down, PC1 should not be able to
access the internet
PC2 handles sophisticated transactions. Both Telnet and HTTPS
traffic should route towards ISP1, which is the more reliable
connections. All other traffic from PC2 should router out ISP2
Traffic from other clients (not shown in this diagram) should
route out ISP2.
4. Testing:-
Telnet from PC1 to ISP2 (200.200.200.5). This session should be
connect to the ISP Router
Verify the traffic by using “show route-map” command on the R1.
Performing the telnet session to ISP1(200.200.200.1) should fail
(Simply because ISP1 and ISP2 have no knowledge of each other)
Telnet from PC2 to ISP1 (200.200.200.1} .Both session should
connect
5. Router1 interfaces Configuration
interface FastEthernet0/0
description CONNECTED WITH SW1
ip address 192.168.2.1 255.255.255.0
no shut
interface Serial1/0
description CONNECTED WITH ISP1
ip address 200.200.200.2 255.255.255.252
no shut
interface Serial1/1
description CONNECTED WITH ISP2
ip address 200.200.200.6 255.255.255.252
no shut
6. ISP1 (actually a routers} interfaces configuration
interface Serial1/0
description CONNECTED WITH R1
ip address 200.200.200.1 255.255.255.252
clock rate 64000
no shut
ip route 192.168.2.0 255.255.255.0 200.200.200.2
{for connecting R1 internal network}
7. ISP2 (actually a routers} interfaces configuration
interface Serial1/1
description CONNECTED WITH R1
ip address 200.200.200.5 255.255.255.252
clock rate 64000
no shut
ip route 192.168.2.0 255.255.255.0 200.200.200.6
{for connecting R1 internal network}
First all the Devices ping each other But ISP1 and ISP2 do not ping
each other
8. On ISP2
Create an access-list for permit PC1 and PC2 traffic
access-list 10 permit 192.168.2.50
{Permit PC1}
access-list 120 permit tcp host 192.168.2.100 any eq 443
{Permit PC2 https}
ccess-list 120 permit tcp host 192.168.2.100 any eq telnet
{Permit PC2 telnet}
9. On ISP2
Now Implement the ACL into Route-map
route-map POLICY-DEMO permit 10
{POLICY-DEMO:- route-map name}
match ip address 10
{Match PC1 ACL 10}
set ip next-hop 200.200.200.5
{Set ISP2}
route-map POLICY-DEMO permit 20
match ip address 120 {Match PC2 ACL 120}
set ip next-hop 200.200.200.1 {Set ISP2 for Telnet & https}
route-map POLICY-DEMO permit 30
set ip next-hop 200.200.200.5
{Permit PC2 and All Traffic to ISP2}
10. On ISP2
Apply Route-map into R1 Fastethernet interface
interface FastEthernet0/0
description CONNECTED WITH SW1
ip policy route-map POLICY-DEMO
{filter the incoming traffic from internal networks}
Troubleshooting & Verification Commands
Show ip route
Show ip interface brief
Show access-list
Show route-map
Debug ip policy