Configure Policy Based Routing on Cisco Router with IP SLA

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello there my name is maher haddad today i'm going to show you how to configure policy routing and the ips la for this lab what we see in front of us so let's go to the lab scenario you work as network engineer in a company and your gateway router which is this router is connected to two isps isp1 and isp2 all ip addresses are already configured so you don't need to configure or i will not configure it myself so the tasks are one configure the gateway router in a way that http traffic from pc1 from this pc one over here should go to isp2 so http to isp2 all other traffics from pc1 should go to isp1 so all other traffics has to go to isp1 only http to isp2 and then we have to configure the gateway router in a way that https and telnet originated from pc2 https antenna from pc2 should go to isp1 and all other traffic from pc2 should go to isp2 and then we have to verify uh that we have configured the two point correctly by doing some tests okay so let's take first one we have to configure the gateway that pc1 the http traffic from pc1 should go to isp2 and the other should go to isp1 okay so let's do it yeah pc1 and pc2 are two routers as you can see here but the routers are acting as a pc so uh [Music] just uh for your information and now on i go to the gateway first of all i have to create a an access list i'll make a named access list extended and i will name it pc1 tcp from host 192.168.0.1 this is the ip of pc1 to go to any okay so uh this is uh ops i didn't finish yet so i have to put equal to any equal to port 80 which is http okay so we need to take http to go to isp2 and the rest should go to isp 1 then i have to create another access list ip access list extended i will name it pc one any and then permit ip from host 192.168.0.1 to any so now if i do show access list okay uh i think i made a mistake when i'm deleted so what i would do now is delete this one again and we created the access list again so let's first be sure that we don't have yeah we have extended ip access as pc1 and pc1 any so let's go first to ip access list tissue extended pc1 then usa permit tcp from host 192.168 to go to any place equal port 80 then i will go again to ip access list extended pcu1 any permit ip from host 192.168.0.1 to go to any place so let's do now maybe you can hear the voice of my daughter crying okay so now we have two access this the pc1 and pc1ne this one is for port 80 or www and this one for anything and then yeah i have to create a route map now route map i will name it traffic and then permit them and i will say match ip address pc1 so for the port 80 and then i will say set ipnexthop to be so ictp has to go to isp2 so it's the next hop should be 90.00.2 which is ipo of the serial interface on isp2 and now i will say route map traffic permit 20 match ip address and what was it pc one any and then set ip next hope so all other traffic should go to isp1 which is 80.00 80.00.1 okay so now if i do show route map okay so this is shout map traffic the sequence 10 it matched accesses pc1 and it set next hop to this one and then sequence 20 it match pcne and 80.1 so for now is good but of course route map will not be effective without we apply it but before applied we have to do the step number two we have to configure the gateway router in a way that https and telnet originated from pc2 should go to isp1 to here and then all other traffic to isp2 so then https and tennant so now on gateway so i have to create this also for that i have to create access this and i'll apply it to route map and finally we apply everything to the fast internet zero zero router uh gateway router uh to make to have effects so here i'll say ip access list extended and i will name it pc2 then we have to permit tcp from host 192.168 to any and that's for https um ah yeah we have to put equal equal and that's https and then also we have to permit tcp from host one itunes has zero two to any equal 23 which is for 10 net and then i will create another access list ip access list extended pc2 any permit ip from host 192.168.0.2 to any and that's it so now if i do show access list so which we look at these two then we created pc2 to for https antenna and pc to any for anything then here i have to go to route map again and it was traffic i think yeah then i would say permit 30 which is sequence 30 now i'll say match ip address pc2 yeah and then set next hop set ip next hop and for http and https should go to isp1 then it should be 80.00.1 exit now route map again and down 40 sequence number 40. match ip address pc2ne and set ipnexhop so for for all the others they should go to uh isp2 am i correct yeah and the other traffic should go to isp2 so now it's uh the ips90 the zero the zero.2 all right so let's have a look on our route map now okay so uh sequence 10 and 20 we already checked that now sequence 30 here match ip address pc2 and le it has to go to this router that's correct this is isp and then sequence 40 match ip address to a pc to any and then it has to go to 90 to zero to the other two that's also correct so now everything is good so let's apply this route map i have to go to the interface fast ethernet 0 0 and here i have to say ip policy route map and traffic and that's it okay now let's do some tests so pc1 we said he is able to do http to isp2 so let's try i go to pc1 now and i will do 10net 90.000.2 port 80. so it's open as you can see here so [Music] yeah it's working and if i go back to the gateway and i do show route map you can see here this one you can see here 15 packets and 900 bytes because we made it http to isp2 so uh there's 15 package which has been sent from pc1 to pc2 now if i do for example let's do from pc1 ping hoping to isp one uh 80 000. one and i have reply so now we have to check and we should see here some increase on on packets for this route map here so let's check again and the yes we can see here the sequence number 20 has been increased by five packets which is of course one two three four five pink which has been sent okay um so let's try now to make http to isp1 so i'll make 10.net80.0.0.01 worth 80. so it's not possible uh yeah because it's unreachable but uh but on isp2 it's working all right now if i do ping to isp2 it should not give me an answer let's check because we are only allowed to go to http so you can see it's unreachable okay so that's on pc1 let's try now pc2 and on pc2 we said that https and telnet is allowed on to isp1 so let's try telnet 80.00.1 yes we can telnet but if i do 10n to 8 to 90 to 0 to 0.2 is not possible now if i do https to 80.00.1 yeah it's working open you can see here but if i do 10 net 290.0002 it's not working and of course if we check on the gateway so you can see here there's oops there's no there's uh no package here yet but if i do it now show route map again you can see that the packet has been increased here and of course if i do ping now let's let's do ping from pc2 to isp2 for example 902.2 is successful and now if i go to the gateway it should be it should we should see some packets over here and yeah we see five packets which is the pink but if i do to 80.00.1 it's unreachable all right okay so what's happening now i tried to ping from here to isp 1 but it goes to rsp2 because ping has to go all other traffic has to go to isp2 so you can see here it has been increased by four packets so this is how to do the polish routing uh it's very good if you have someone in your company who really use a lot of traffic which is not for for the work like a torrent or a peer-to-peer or whatever or playing games for example if you know the port of the game then if you have two isp one which is fast connection and one is slow connection then you can put this pc or this uh client or this customer or this uh user you have in the company you can put him on the isp which has the lowest bandwidth and this way [Music] he will not be able to do the huge download that he or to play games as as it should be but of course you can do much more if you do quality of service on the router but that's the out of the topic for the moment so this is the first part of uh of the lab so we did one two three verify we verified that now on traffic on number four we are asking us that the traffic originated from the gateway router from this router should always choose the isp isp once it should go to ihp one always in case isp1 is down then the traffic originated from the gateway router again should should switch to isp2 so in case uh so router gateway should always prefer isp1 maybe because it has a better bandwidth over here a bigger bandwidth than isp2 but in case isp1 is down then directly the gateways automatically should switch to isp2 in order to do this configuration we have to create we have to configure the ips la so this has to be done from the gateway so let's go to the gateway and uh here i have to create ips la first uh before we do that let's do ping 80.0.1 that's okay and ping 90.00.2 is fine so ipsla monitor and i would choose number one and here i have to put the type as echo so we are going to use echo to ping 80.000.1 which is isp1 to be sure that this one is available and here you can put the source ip address or source interface i would i would not put anything so this is ipsla configuration then i have to start it start the process to do that i have to write ips array monitor and here i have to say schedule entry of schedule 1 for example and then the start time i want it to be now and the lifetime i want it to be forever so i want this thing from route to gateway to isp should be should start now as we click the enter here and should stay forever all right so now ipsla is configured uh we have to apply this one to a track so we say track number for example one or any number you want and this has to be linked to the ips la the old name of sla was rtr so rtr and then the entry number is 1 because you can see here that the sla we have created was one okay so rtr1 and i will say rich reachability and enter and and then what i have to do i have to create a route map on the route map i have to say for example sla permit then i will match anything so i will not put match and then i will say set might be next hop verify availability and 80.000.1 and this route map has this one the set it has a sequence of 10 and it's linked to the track number one which is in turn linked to the sla monitor so what i'm saying now that the gateway uh should always take the isp1 in case there is reachability and there is the reachability is verified uh by the track which is linked by the sla now the second option in case isp one is down then i have to say set ip next hop to be 90 to the to so in case isp is down then it has to go to isp 2. now if i do show route map sla you can see now that it is up it tells me it tells me that now it is up so the link here is up uh now this has not been applied yet so i have to apply it and this has to be done globally so i have to say iplocal policy and route map and the route map we created is sla and enter now everything is good now so i would do again show route map sla and uh yeah everything is fine so let's ping now i would do a pink 80.00 and i have reachability so if you look now to the route map you can see that it was one package here and it has increased to six packets because it sent five five pinks to hp1 so now let's try to ping 90.0002 which is isp2 what do you think do we have we will get a reply or not and my logic it will not because we said that all traffic going from the gateway and ping is ic mp traffic it should go to isp1 so if we have a reply from isp2 we sh we have to recheck our configuration and yeah we can see that there's no reply this means that our configuration is correct uh but this doesn't mean that the interfaces are down between gateway and the isp2 and if i show you i do show ip interface brief you can see that here is serial one over one is up so there is up up there is uh connectivity between uh between the two routers but because the traffic on the gateway is not uh the catwalk is not allowing any traffic to go to rsp2 unless isp1 is down so now i don't have a reply so what we have to do i will go to isp1 and shut down the interface then in this case it should switch directly to sp2 so i'll go to isp1 and i will say shutdown that's interface zero zero over zero so uh i shut down the interface it's down now let's go to the gateway again and show ip interface brief serial one overview is still showing to me up let's wait a little bit okay now it's done so now if i do show route map again sla it's shown to me still up but in a moment it will be down here so now it it was pinging to the isp and now finally it didn't receive a reply then it put it down directly now uh in this case now as it is down so this means this this one is not the set close is not met anymore then it switch it should switch directly to 90 to 02 which is isp2 so let's try to ping now 90.00.2 and we have reply if you see here before i did not have a reply so this is how to do the configuration uh by using the ips la and the track and route map and then you apply it globally to the router a very nice lab especially for those who works in company that have connectivity due to isp in order to perform this backup in case one isp is down so it will switch directly to the second isp

Info

Channel: MAICT Consult

Views: 294

Rating: undefined out of 5

Keywords: cisco policy based routing, cisco policy based routing example, cisco policy based routing source and destination, cisco router policy based routing, cisco 3850 policy based routing, policy based routing cisco switch, cisco policy based routing dual wan, cisco policy based routing next hop, cisco 3750 policy based routing, cisco policy based routing failover, cisco policy based routing match destination, Maher Haddad, My Network Training

Id: j3dA240C0bE

Channel Id: undefined

Length: 25min 7sec (1507 seconds)

Published: Fri Jun 04 2021