Hi all,
http://ift.tt/2BcGarS for network diagram.
I had been trying to configure my switch for PBR. Was wondering if my configuration is correct? is the two default route 0.0.0.0 0.0.0.0 192.168.x.253 needed?
Below is my configuration. omitted the unneeded information.
class ipv4 "User"
20 match ip 192.168.54.0 255.255.254.0 0.0.0.0 255.255.255.255
exit
class ipv4 "Server"
10 match ip 192.168.52.0 255.255.254.0 0.0.0.0 255.255.255.255
exit
class ipv4 "CorpWIFI"
10 match ip 192.168.56.0 255.255.255.0 0.0.0.0 255.255.255.255
exit
policy pbr "CorpWIFIPBR"
10 class ipv4 "CorpWIFI" action ip next-hop 192.168.54.253 exit
exit
policy pbr "ServerPBR"
10 class ipv4 "Server" action ip next-hop 192.168.52.253 exit
exit
policy pbr "UserPBR"
10 class ipv4 "User" action ip next-hop 192.168.54.253 exit
exit
ip route 0.0.0.0 0.0.0.0 192.168.52.253
ip route 0.0.0.0 0.0.0.0 192.168.54.253
ip routing
vlan 1
name "Server VLAN"
no untagged 1/12,1/37-1/44,2/4-2/5,2/26,2/37-2/38,2/40-2/44
untagged 1/2-1/11,1/13-1/25,1/34-1/36,1/49-1/51,2/1-2/3,2/6-2/25,2/27,2/36,2/39,2/49-2/51,Trk1-Trk7
tagged 1/1
ip address 192.168.53.1 255.255.254.0
service-policy "ServerPBR" in
exit
vlan 51
name "MGT VLAN"
untagged 2/5
ip access-group "ACL-BLOCK" in
no ip address
exit
vlan 54
name "Users VLAN"
untagged 1/37-1/38,1/43-1/44,2/4,2/37-2/38,2/40-2/44
tagged Trk1-Trk5
ip address 192.168.54.1 255.255.254.0
ip helper-address 192.168.52.8
ip helper-address 192.168.52.9
service-policy "UserPBR" in
exit
vlan 56
name "CorpWIFI VLAN"
tagged Trk1-Trk3
ip address 192.168.56.1 255.255.255.0
ip helper-address 192.168.52.8
ip helper-address 192.168.52.9
service-policy "CorpWIFIPBR" in
exit
vlan 58
name "Guest VLAN"
untagged 1/39-1/42,2/26
tagged Trk1-Trk3
no ip address
exit
vlan 59
name "CCTV VLAN"
untagged 1/1,1/12
tagged Trk1-Trk7
no ip address
exit
Pls let me know if you have any questions regarding the network setup.
Will appreciate any advice!
Thanks!
No comments:
Post a Comment