Home > Others

Cisco L3 switch Policy Routing for network access and Traffic Distribution

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Cisco L3 switch Policy Routing for network access and Traffic Distribution
I. Description of the solution environment 1. There are two groups of Group1 and Group2 in the environment, respectively, to access the Internet from two different network outlets. 2. The core network is a Cisco 3560G layer-3 Switch with four VLANs. VLAN10/VLAN20 belongs to Group1 and VLAN30/VLAN40 belongs to group2. 3. the LAN IPs of the two access routers are 10.10.10.254 (used by Group1), 10.10.255.254 (used by Group2), and 3-layer switch 1. divide the VALN and enable ip routing. For example, VLAN10 ip adderss 172.16.10.1/24VLAN20 ip address 172.16.20.1/24VLAN30 ip address 172.16.30.1/24VLAN40 ip address 172.16.40.1/242. configure layer-3 interface 3560 # conf t3560 (config) # int g0/13560 (config-if) # no switchport/is defined as layer-3 Port 3560 (config-if) # ip address 10.10.10.1 255.255.255.0/define the layer-3 Port IP address and subnet 3560 (config-if) # int g0/23560 (config- If) # no switchport3560 (config-if) # ip address 10.10.20.1 255.20.03. define ACL3560 (config) # ip access-list extended vlan10acl2map/define the ACL name 3560 (config-ext-nacl) # deny ip 172.16.10.0 0.0.0.255 172.16.0.0 0.0.255.2553560 (config-ext-nacl) # deny ip 172.16.10.0 0.0.0.255 10.10.0.0 0.0.255.2553560 (config-ext-nacl) # permit ip 172.16.10.0 0.0.0.255 any3560 (config) # ip access-list extended vlan20acl2map3560 (config- Ext-nacl) # deny ip 172.16.20.0 0.0.0.255 172.16.0.0 0.0.255.2553560 (config-ext-nacl) # deny ip 172.16.20.0 0.0.0.255 10.10.0.0 0.0.255.2553560 (config-ext-nacl) # permit ip 172.16.20.0 0.0.255 any3560 (config) # ip access-list extended partition (config-ext-nacl) # deny ip 172.16.30.0 0.0.0.255 172.16.0.0 0.0.255.2553560 (config-ext-nacl) # deny ip 172.16.30.0 0.0.0.255 10.10.0.0 0.0.255.2553560 (config -Ext-nacl) # permit ip 172.16.30.0 0.0.255 any3560 (config) # ip access-list extended vlan40acl2map3560 (config-ext-nacl) # deny ip 172.16.40.0 0.0.255 172.16.0.0 restart (config-ext-nacl) # deny ip 172.16.40.0 0.0.255 10.10.0.0 restart (config-ext-nacl) # permit ip 172.16.40.0 0.0.0.255 any note: the deny part is the network segment that requires exceptions. 172.16.0.0/16 can contain 172.16.10.0/24-172.16.40.0-24. I am too lazy to write too many articles. 10.10.0.0/16 is two three-layer ports. considering which of the two lines is disconnected, we can take the other line out. We will discuss this method for mutual backup next time. 4. define policy route 3560 (config) # route-map vlan10map/define route-map Name 3560 (config-route-map) # match ip address vlan10acl2map/match ACL3560 (config-route-map) # set ip next-hop 10.10.10.254/define next hop route 3560 (config) # route-map vlan20map3560 (config-route-map) # match ip address vlan20acl2map3560 (config-route-map) # set ip next-hop 10.10.10.254/is in the same group as VLAN10, connect to Internet 3560 (config) # route-map vlan30map3560 (config-route-map) # match ip address vlan30acl2map3560 (config-route-map) from the same interface) # set ip next-hop 10.10.20.2543560 (config) # route-map vlan40map3560 (config-route-map) # match ip address vlan40acl2map3560 (config-route-map) # set ip next-hop 10.10.20.2545. call policy route 3560 (config) # int vlan 103560 (config-if) # ip policy route-map vlan10map3560 (config) # int vlan 203560 (config) # ip policy route-map vlan20map3560 (config) # int vlan 303560 (config) # ip policy route-map vlan30map3560 (config) # int vlan 403560 (config) # ip policy route-map vlan40map

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cisco 2960 l3 switch cisco l3 switch models cisco fiber distribution switch cisco policy based routing next hop cisco routing and switching essentials cisco routing and switching book catalyst 4500 l3 switch

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More