Policy route Management traffic

December 31, 2010

The other day I ran into the issue of a firewall being in the way of management traffic for a switch. In this particular network design, there was a secondary path that bypassed the firewall. This secondary link is used by a route-map on ingress to route traffic requiring ultra low latency and jitter.

As a result, I ended up pushing management traffic for the switch on the other side of the firewall through this secondary link as well. Since management traffic is sourced from the switch itself, a normal policy-map to an interface would not work. Hence, the following solution was found.

interface LoopBack0

ip address 1.1.1.1 255.255.255.0

!

ip access-list extended MANAGEMENT_TRAFFIC

permit ip any host 1.1.1.1

permit ip host 1.1.1.1 any

!

route-map MANAGEMENT_POLICY 10

match ip address MANAGEMENT_TRAFFIC

set ip next-hop 2.2.2.2

Like this:

Be the first to like this post.

Posted in Cisco |

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Geniesis’s Weblog