We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

312 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Alfredo,

    The interfaces on a router are "routed ports", each interface requires an IP address in a unique subnet. 172.16.254.3/30 is in the same subnet as your first interface and it's also a broadcast address. You'll have to use a larger subnet, /30 only offers you two IP addresses. A /29 would work.

    Somehow you need to add the interfaces of the two firewalls and the router in a single broadcast domain. You can't turn the routed ports into switchports so a switch module is not a bad idea...or create a VLAN on a switch and connect the firewall + router interfaces to it.

    Technically you might be able to bridge the two router interfaces and use a BVI interface but that's not something I would recommend:

    bridge irb
    brige 1 protocol ieee
    int gi0/1
    bridge-group 1
    
    int gi0/2
    bridge-group 1
    
    interface bvi 1
    ip address 172.16.254.1 255.255.255.248

    This bridges the two gigabit interfaces together, the BVI interface is the "routed" port.

    Hope this helps...

    Rene

  2. Hello Brian.

    You are essentially correct. Access lists when used in conjunction with Policy Based Routing are used for matching specific criteria. If you add permit ip any any at the end, then you would essentially be saying “match everything”.

    I hope this has been helpful!

    Laz

  3. Thanks for confirming and also thinks for that added bit at the end about would match everything.

    I was almost thinking just to conform with best practice it would be good to add the permit everything just to conform with best practices but did not think from that perspective that it would then include that as well. You might have saved me from a possible booboo!

  4. Hi Laz ,

    So how we can reliable the next HOP without using IP-SLA ??

    and what will happend when we used three (3) next hop like …

    set ip next-hop 11.10.10.1 15.10.10.1 20.10.10.1

    It procees the Next HOP one by one ?? Need more clarification .Thx

    br//zaman

  5. Hi Laz,

    Thanks for your answering and clearing this up for me. Yes, it makes perfect sense and provides clarity to my doubts in logic. I thought this was the case. However, a second opinion from the experts is always a great way of confirmation. I will go and have a play with this again and see if I can produce the right results in my lab. Very many thanks for the clarification.

    Floyd

24 more replies! Ask a question or join the discussion by visiting our Community Forum