Yingst, Christopher | 22 Oct 01:45 2014

RE: Multicast config

The only place you do NOT need igmp-query is point to point routed interfaces in the path that the multicast
will take.  Or any interface where there will be no users doing igmp joins/leaves.

Regards,

Chris

Chris Yingst
Consultant
Jacobs Technology ACS
207.619.4472
chris.yingst <at> jacobs.com
www.jacobstechnology.com
________________________________________
From: JSanders <at> westernmutual.com [JSanders <at> westernmutual.com]
Sent: Tuesday, October 21, 2014 5:47 PM
To: Enterasys Customer Mailing List
Subject: Fw: [enterasys] Multicast config

Nevermind, answered my own question. No need to limit the multicast traffic on that vlan.....flood away!!!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group

----- Forwarded by Joshua Sanders/Western Mutual on 10/21/2014 02:46 PM -----

From:        Joshua Sanders/Western Mutual
To:        enterasys <at> listserv.unc.edu
Date:        10/21/2014 02:41 PM
(Continue reading)

JSanders | 21 Oct 23:47 2014

Fw: Multicast config

Nevermind, answered my own question. No need to limit the multicast traffic on that vlan.....flood away!!!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group

----- Forwarded by Joshua Sanders/Western Mutual on 10/21/2014 02:46 PM -----

From:        Joshua Sanders/Western Mutual
To:        enterasys <at> listserv.unc.edu
Date:        10/21/2014 02:41 PM
Subject:        Re: [enterasys] Multicast config


Dennis & Christopher,
    Thanks for the replies. Would I want igmp query-enable on the vlan with my phones as well?

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group




From:        "Yingst, Christopher" <Christopher.Yingst <at> jacobs.com>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        10/21/2014 06:16 AM
Subject:        Re: [enterasys] Multicast config



Joshua,

You need IGMP as Dennis stated.

Set igmp enable <VID>  <—All VLANs that will have clients/servers/or in path
Set igmp query-enable <VID> <— Only VLANs with Client/servers

I think you need to fix your “group mask” as well:

ip pim rp-candidate 10.205.1.1 224.0.0.0 255.0.0.0

Do you actually need that many multicast groups?

Regards,

Chris


From: "JSanders <at> westernmutual.com" <JSanders <at> westernmutual.com>
Reply-To: "enterasys <at> listserv.unc.edu" <enterasys <at> listserv.unc.edu>
Date: Monday, October 20, 2014 at 7:22 PM
To: Enterasys Customer Mailing List <enterasys <at> listserv.unc.edu>
Subject: [enterasys] Multicast config

I'm trying to configure PIM-SM on a Enterasys N7 so Multicast traffic can route from a server hanging off the N7 to a Vlan Trunk going to a Cisco 3750 where some phones are located.
I was just wondering if I could have another pair of eyes look at my config because it's not currently working. This is what I have, please tell me if I'm missing anything.


interface vlan 5 *** this is the vlan our computers sit on. It's here because it's in the trunk going to the 3750
ip address 10.205.1.1 255.255.248.0
ip pim sparse-mode
interface vlan 10 *** this is the vlan our phones are on
ip address 10.210.1.1 255.255.248.0
ip pim sparse-mode
interface vlan 20 *** this is where the server is hanging off
ip address 10.220.1.1 255.255.248.0
ip pim sparse-mode

ip pim bsr-candidate vlan 5
ip pim rp-candidate 10.205.1.1 224.0.0.0 224.0.0.0

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
jsanders <at> westernmutual.com


NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.
  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
JSanders | 21 Oct 23:41 2014

Re: Multicast config

Dennis & Christopher,
    Thanks for the replies. Would I want igmp query-enable on the vlan with my phones as well?

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group




From:        "Yingst, Christopher" <Christopher.Yingst <at> jacobs.com>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        10/21/2014 06:16 AM
Subject:        Re: [enterasys] Multicast config



Joshua,

You need IGMP as Dennis stated.

Set igmp enable <VID>  <—All VLANs that will have clients/servers/or in path
Set igmp query-enable <VID> <— Only VLANs with Client/servers

I think you need to fix your “group mask” as well:

ip pim rp-candidate 10.205.1.1 224.0.0.0 255.0.0.0

Do you actually need that many multicast groups?

Regards,

Chris


From: "JSanders <at> westernmutual.com" <JSanders <at> westernmutual.com>
Reply-To: "enterasys <at> listserv.unc.edu" <enterasys <at> listserv.unc.edu>
Date: Monday, October 20, 2014 at 7:22 PM
To: Enterasys Customer Mailing List <enterasys <at> listserv.unc.edu>
Subject: [enterasys] Multicast config

I'm trying to configure PIM-SM on a Enterasys N7 so Multicast traffic can route from a server hanging off the N7 to a Vlan Trunk going to a Cisco 3750 where some phones are located.
I was just wondering if I could have another pair of eyes look at my config because it's not currently working. This is what I have, please tell me if I'm missing anything.


interface vlan 5 *** this is the vlan our computers sit on. It's here because it's in the trunk going to the 3750
ip address 10.205.1.1 255.255.248.0
ip pim sparse-mode
interface vlan 10 *** this is the vlan our phones are on
ip address 10.210.1.1 255.255.248.0
ip pim sparse-mode
interface vlan 20 *** this is where the server is hanging off
ip address 10.220.1.1 255.255.248.0
ip pim sparse-mode

ip pim bsr-candidate vlan 5
ip pim rp-candidate 10.205.1.1 224.0.0.0 224.0.0.0

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
jsanders <at> westernmutual.com


NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.
  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Yingst, Christopher | 21 Oct 15:10 2014

Re: Multicast config

Joshua,

You need IGMP as Dennis stated.

Set igmp enable <VID>  <—All VLANs that will have clients/servers/or in path
Set igmp query-enable <VID> <— Only VLANs with Client/servers

I think you need to fix your “group mask” as well:

ip pim rp-candidate 10.205.1.1 224.0.0.0 255.0.0.0

Do you actually need that many multicast groups?

Regards,

Chris



From: "JSanders <at> westernmutual.com" <JSanders <at> westernmutual.com>
Reply-To: "enterasys <at> listserv.unc.edu" <enterasys <at> listserv.unc.edu>
Date: Monday, October 20, 2014 at 7:22 PM
To: Enterasys Customer Mailing List <enterasys <at> listserv.unc.edu>
Subject: [enterasys] Multicast config

I'm trying to configure PIM-SM on a Enterasys N7 so Multicast traffic can route from a server hanging off the N7 to a Vlan Trunk going to a Cisco 3750 where some phones are located.
I was just wondering if I could have another pair of eyes look at my config because it's not currently working. This is what I have, please tell me if I'm missing anything.


interface vlan 5 *** this is the vlan our computers sit on. It's here because it's in the trunk going to the 3750
 ip address 10.205.1.1 255.255.248.0
 ip pim sparse-mode
interface vlan 10 *** this is the vlan our phones are on
 ip address 10.210.1.1 255.255.248.0
 ip pim sparse-mode
interface vlan 20 *** this is where the server is hanging off
 ip address 10.220.1.1 255.255.248.0
 ip pim sparse-mode

ip pim bsr-candidate vlan 5
ip pim rp-candidate 10.205.1.1 224.0.0.0 224.0.0.0

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
jsanders <at> westernmutual.com


NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Flemmig Dennis | 21 Oct 07:26 2014
Picon

AW: Multicast config

Hi Joshua,

 

I think you are missing this config :

 

N Chassis(su)->set igmp enable 5

N Chassis(su)->set igmp enable 10

N Chassis(su)->set igmp enable 20

N Chassis(su)->set igmp query-enable 10

N Chassis(su)->set igmp query-enable 5  (If the computers should be able to receive the stream as well)

 

 

This enables IGMP on the VLANs and IGMP queries on 10 & 5  in switch mode.

 

If it is still not working you may need to have a look at the IGMP snooping configuration on the 3750.

 

In the N-Series Config Guide, there is a pretty good example of a Multicast configuration.

 

Kind Regards

Dennis

 

 

Mit freundlichen Grüßen / Best regards

 

Dennis Flemmig (Dipl.-Ing.)

Senior System Engineer

 

 

 

CANCOM DIDAS GmbH

Elisabeth-Selbert-Str. 4a

40764 Langenfeld

Deutschland

 

Phone  +49 2173 5966-470

Fax      +49 2173 5966-610

Mobile  +49 172 5219729

dennis.flemmig <at> cancom.de

www.cancom-didas.de

 

 

 

CANCOM DIDAS GmbH
Sitz der Gesellschaft: Langenfeld
AG Düsseldorf HRB 63231, USt-Id Nr.: DE811548338
Geschäftsführer: Dirk Kiefer, Thorsten Eska

 

Diese E-Mail und alle mitgesendeten Dateien sind vertraulich und ausschließlich für den Gebrauch durch den Empfänger bestimmt!
This e-mail and any files transmitted with it are confidential intended solely for the use of the addressee!

 

 

 

 

 

Von: JSanders <at> westernmutual.com [mailto:JSanders <at> westernmutual.com]
Gesendet: Dienstag, 21. Oktober 2014 01:22
An: Enterasys Customer Mailing List
Betreff: [enterasys] Multicast config

 

I'm trying to configure PIM-SM on a Enterasys N7 so Multicast traffic can route from a server hanging off the N7 to a Vlan Trunk going to a Cisco 3750 where some phones are located.
I was just wondering if I could have another pair of eyes look at my config because it's not currently working. This is what I have, please tell me if I'm missing anything.


interface vlan 5 *** this is the vlan our computers sit on. It's here because it's in the trunk going to the 3750
 ip address 10.205.1.1 255.255.248.0
 ip pim sparse-mode
interface vlan 10 *** this is the vlan our phones are on
 ip address 10.210.1.1 255.255.248.0
 ip pim sparse-mode
interface vlan 20 *** this is where the server is hanging off
 ip address 10.220.1.1 255.255.248.0
 ip pim sparse-mode

ip pim bsr-candidate vlan 5
ip pim rp-candidate 10.205.1.1 224.0.0.0 224.0.0.0

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
jsanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
JSanders | 21 Oct 01:22 2014

Multicast config

I'm trying to configure PIM-SM on a Enterasys N7 so Multicast traffic can route from a server hanging off the N7 to a Vlan Trunk going to a Cisco 3750 where some phones are located.
I was just wondering if I could have another pair of eyes look at my config because it's not currently working. This is what I have, please tell me if I'm missing anything.


interface vlan 5 *** this is the vlan our computers sit on. It's here because it's in the trunk going to the 3750
 ip address 10.205.1.1 255.255.248.0
 ip pim sparse-mode
interface vlan 10 *** this is the vlan our phones are on
 ip address 10.210.1.1 255.255.248.0
 ip pim sparse-mode
interface vlan 20 *** this is where the server is hanging off
 ip address 10.220.1.1 255.255.248.0
 ip pim sparse-mode

ip pim bsr-candidate vlan 5
ip pim rp-candidate 10.205.1.1 224.0.0.0 224.0.0.0

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
jsanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Summers, William | 25 Sep 23:55 2014

RE: Policy Based Routing

​sweet.



William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838
________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 5:50 PM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Policy Based Routing

Thanks for the hint. Turned out that I had a mis-config on the SRX. The data is flowing.

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Cc:        "JSanders <at> westernmutual.com" <JSanders <at> westernmutual.com>
Date:        09/25/2014 02:30 PM
Subject:        RE: [enterasys] Policy Based Routing
________________________________



?Looking at this a little closer Joshua, I think you really want the policy route on the SRX, attached to
192.168.1.1 interface. If what you want is to send all traffic from 192.168.1.17 to 10.5.1.5.


Nice text diagram by the way....that must have taken some time.





William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838
________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 5:11 PM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Policy Based Routing

Thanks William. Apparently my older firmware doesn't have the default-next-hop. The only thing
available when I go into the route-map config is next-hop. I'm going to apply the config and see if I bring my
network to it's knees. :) Wish me luck!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        09/25/2014 01:50 PM
Subject:        RE: [enterasys] Policy Based Routing
________________________________



Hi Joshua,


The usual way to do this is to match only the client you want to apply the policy route to, and let the default do
the work for all the rest.  So you can drop access list 20 and that policy.


I think you also want default-next-hop (which will honor the route table for connected/local subnets)
instead of next-hop, which will send all traffic out to the cisco or srx, depending on the match.


SO, you only need:



route-map 100 permit 10
match ip address 10
set default-next-hop 10.5.1.5
!

interface vlan 100
ip policy route-map 100 ?


I'm using an S-Series, so check your command paths.


William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838

________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 4:27 PM
To: Enterasys Customer Mailing List
Subject: [enterasys] Policy Based Routing

I'm trying to configure a policy based route to override the default route that is currently in place on my N7
running 6.12.03.0003. Currently there is a default route on the N7 that is routing traffic out to the
Internet via 192.168.37.1. I'm trying to redirect packets from 192.168.1.17 to 10.5.1.5. When I apply
the following config I shut down everything from 192.168.37.1 and up. Does anyone see what I'm doing?

!
access-list 10  permit      host 192.168.1.17
access-list 20  permit      any
!
route-map 100 permit 10
match ip address 10
set next-hop 10.5.1.5
!
route-map 100 permit 20
match ip address 20
set next-hop 192.168.37.1
!
interface vlan 100
ip policy route-map 100

+---------------------+
|Scary Internet   |
|    Cloud              |
+----------+---------+
             |
             |
             |
             |1.1.1.1
+--------+----------+                                 +--+
|                          |                                  |   |
|                          |                           +------+ Server
| SRX240           +------------------------+------+ 192.168.1.17
|                          |192.168.1.1
+--------+----------+
             |192.168.37.1
      |
      |
      |
      |Vlan 100
      |192.168.37.2
+--------+----------+
|                         |
|Enterasys        |                                         +----------------------+
|N7                       |10.5.1.1                   10.5.1.5|                          |
|                         +----------------------------------+  Cisco 3845      |
|                         |Vlan 5                           |                          |
+--------------------+                                         +----------------------+

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com

*   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com


 *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com


  *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
JSanders | 25 Sep 23:50 2014

RE: Policy Based Routing

Thanks for the hint. Turned out that I had a mis-config on the SRX. The data is flowing.

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Cc:        "JSanders <at> westernmutual.com" <JSanders <at> westernmutual.com>
Date:        09/25/2014 02:30 PM
Subject:        RE: [enterasys] Policy Based Routing



?Looking at this a little closer Joshua, I think you really want the policy route on the SRX, attached to 192.168.1.1 interface. If what you want is to send all traffic from 192.168.1.17 to 10.5.1.5.


Nice text diagram by the way....that must have taken some time.





William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838
________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 5:11 PM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Policy Based Routing

Thanks William. Apparently my older firmware doesn't have the default-next-hop. The only thing available when I go into the route-map config is next-hop. I'm going to apply the config and see if I bring my network to it's knees. :) Wish me luck!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        09/25/2014 01:50 PM
Subject:        RE: [enterasys] Policy Based Routing
________________________________



Hi Joshua,


The usual way to do this is to match only the client you want to apply the policy route to, and let the default do the work for all the rest.  So you can drop access list 20 and that policy.


I think you also want default-next-hop (which will honor the route table for connected/local subnets) instead of next-hop, which will send all traffic out to the cisco or srx, depending on the match.


SO, you only need:



route-map 100 permit 10
match ip address 10
set default-next-hop 10.5.1.5
!

interface vlan 100
ip policy route-map 100 ?


I'm using an S-Series, so check your command paths.


William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838

________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 4:27 PM
To: Enterasys Customer Mailing List
Subject: [enterasys] Policy Based Routing

I'm trying to configure a policy based route to override the default route that is currently in place on my N7 running 6.12.03.0003. Currently there is a default route on the N7 that is routing traffic out to the Internet via 192.168.37.1. I'm trying to redirect packets from 192.168.1.17 to 10.5.1.5. When I apply the following config I shut down everything from 192.168.37.1 and up. Does anyone see what I'm doing?

!
access-list 10  permit      host 192.168.1.17
access-list 20  permit      any
!
route-map 100 permit 10
match ip address 10
set next-hop 10.5.1.5
!
route-map 100 permit 20
match ip address 20
set next-hop 192.168.37.1
!
interface vlan 100
ip policy route-map 100

+---------------------+
|Scary Internet   |
|    Cloud              |
+----------+---------+
             |
             |
             |
             |1.1.1.1
+--------+----------+                                 +--+
|                          |                                  |   |
|                          |                           +------+ Server
| SRX240           +------------------------+------+ 192.168.1.17
|                          |192.168.1.1
+--------+----------+
             |192.168.37.1
      |
      |
      |
      |Vlan 100
      |192.168.37.2
+--------+----------+
|                         |
|Enterasys        |                                         +----------------------+
|N7                       |10.5.1.1                   10.5.1.5|                          |
|                         +----------------------------------+  Cisco 3845      |
|                         |Vlan 5                           |                          |
+--------------------+                                         +----------------------+

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com

*   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com


 *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
JSanders | 25 Sep 23:33 2014

RE: Policy Based Routing

heh, thanks. I'd love to take credit but it was actually done through asciiflow.com. I've already configured PBR on the SRX to forward traffic coming from 192.168.1.17 to 192.168.37.2. I'm able to ping 37.2 but not 10.5.1.1 on the other side.

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Cc:        "JSanders <at> westernmutual.com" <JSanders <at> westernmutual.com>
Date:        09/25/2014 02:30 PM
Subject:        RE: [enterasys] Policy Based Routing



?Looking at this a little closer Joshua, I think you really want the policy route on the SRX, attached to 192.168.1.1 interface. If what you want is to send all traffic from 192.168.1.17 to 10.5.1.5.


Nice text diagram by the way....that must have taken some time.





William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838
________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 5:11 PM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Policy Based Routing

Thanks William. Apparently my older firmware doesn't have the default-next-hop. The only thing available when I go into the route-map config is next-hop. I'm going to apply the config and see if I bring my network to it's knees. :) Wish me luck!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        09/25/2014 01:50 PM
Subject:        RE: [enterasys] Policy Based Routing
________________________________



Hi Joshua,


The usual way to do this is to match only the client you want to apply the policy route to, and let the default do the work for all the rest.  So you can drop access list 20 and that policy.


I think you also want default-next-hop (which will honor the route table for connected/local subnets) instead of next-hop, which will send all traffic out to the cisco or srx, depending on the match.


SO, you only need:



route-map 100 permit 10
match ip address 10
set default-next-hop 10.5.1.5
!

interface vlan 100
ip policy route-map 100 ?


I'm using an S-Series, so check your command paths.


William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838

________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 4:27 PM
To: Enterasys Customer Mailing List
Subject: [enterasys] Policy Based Routing

I'm trying to configure a policy based route to override the default route that is currently in place on my N7 running 6.12.03.0003. Currently there is a default route on the N7 that is routing traffic out to the Internet via 192.168.37.1. I'm trying to redirect packets from 192.168.1.17 to 10.5.1.5. When I apply the following config I shut down everything from 192.168.37.1 and up. Does anyone see what I'm doing?

!
access-list 10  permit      host 192.168.1.17
access-list 20  permit      any
!
route-map 100 permit 10
match ip address 10
set next-hop 10.5.1.5
!
route-map 100 permit 20
match ip address 20
set next-hop 192.168.37.1
!
interface vlan 100
ip policy route-map 100

+---------------------+
|Scary Internet   |
|    Cloud              |
+----------+---------+
             |
             |
             |
             |1.1.1.1
+--------+----------+                                 +--+
|                          |                                  |   |
|                          |                           +------+ Server
| SRX240           +------------------------+------+ 192.168.1.17
|                          |192.168.1.1
+--------+----------+
             |192.168.37.1
      |
      |
      |
      |Vlan 100
      |192.168.37.2
+--------+----------+
|                         |
|Enterasys        |                                         +----------------------+
|N7                       |10.5.1.1                   10.5.1.5|                          |
|                         +----------------------------------+  Cisco 3845      |
|                         |Vlan 5                           |                          |
+--------------------+                                         +----------------------+

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com

*   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com


 *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Summers, William | 25 Sep 23:28 2014

RE: Policy Based Routing

?Looking at this a little closer Joshua, I think you really want the policy route on the SRX, attached to
192.168.1.1 interface. If what you want is to send all traffic from 192.168.1.17 to 10.5.1.5.

Nice text diagram by the way....that must have taken some time.

William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838
________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 5:11 PM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Policy Based Routing

Thanks William. Apparently my older firmware doesn't have the default-next-hop. The only thing
available when I go into the route-map config is next-hop. I'm going to apply the config and see if I bring my
network to it's knees. :) Wish me luck!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com

From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        09/25/2014 01:50 PM
Subject:        RE: [enterasys] Policy Based Routing
________________________________

Hi Joshua,

The usual way to do this is to match only the client you want to apply the policy route to, and let the default do
the work for all the rest.  So you can drop access list 20 and that policy.

I think you also want default-next-hop (which will honor the route table for connected/local subnets)
instead of next-hop, which will send all traffic out to the cisco or srx, depending on the match.

SO, you only need:

route-map 100 permit 10
match ip address 10
set default-next-hop 10.5.1.5
!

interface vlan 100
ip policy route-map 100 ?

I'm using an S-Series, so check your command paths.

William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838

________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 4:27 PM
To: Enterasys Customer Mailing List
Subject: [enterasys] Policy Based Routing

I'm trying to configure a policy based route to override the default route that is currently in place on my N7
running 6.12.03.0003. Currently there is a default route on the N7 that is routing traffic out to the
Internet via 192.168.37.1. I'm trying to redirect packets from 192.168.1.17 to 10.5.1.5. When I apply
the following config I shut down everything from 192.168.37.1 and up. Does anyone see what I'm doing?

!
access-list 10  permit      host 192.168.1.17
access-list 20  permit      any
!
route-map 100 permit 10
match ip address 10
set next-hop 10.5.1.5
!
route-map 100 permit 20
match ip address 20
set next-hop 192.168.37.1
!
interface vlan 100
ip policy route-map 100

+---------------------+
|Scary Internet   |
|    Cloud              |
+----------+---------+
              |
              |
              |
              |1.1.1.1
 +--------+----------+                                 +--+
 |                          |                                  |   |
 |                          |                           +------+ Server
 | SRX240           +------------------------+------+ 192.168.1.17
 |                          |192.168.1.1
 +--------+----------+
              |192.168.37.1
       |
       |
       |
       |Vlan 100
       |192.168.37.2
 +--------+----------+
 |                         |
 |Enterasys        |                                         +----------------------+
 |N7                       |10.5.1.1                   10.5.1.5|                          |
 |                         +----------------------------------+  Cisco 3845      |
 |                         |Vlan 5                           |                          |
 +--------------------+                                         +----------------------+

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com

 *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com

  *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org

JSanders | 25 Sep 23:11 2014

RE: Policy Based Routing

Thanks William. Apparently my older firmware doesn't have the default-next-hop. The only thing available when I go into the route-map config is next-hop. I'm going to apply the config and see if I bring my network to it's knees. :) Wish me luck!

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com




From:        "Summers, William" <wsummers <at> deerfield.edu>
To:        "Enterasys Customer Mailing List" <enterasys <at> listserv.unc.edu>
Date:        09/25/2014 01:50 PM
Subject:        RE: [enterasys] Policy Based Routing



Hi Joshua,


The usual way to do this is to match only the client you want to apply the policy route to, and let the default do the work for all the rest.  So you can drop access list 20 and that policy.


I think you also want default-next-hop (which will honor the route table for connected/local subnets) instead of next-hop, which will send all traffic out to the cisco or srx, depending on the match.


SO, you only need:



route-map 100 permit 10
match ip address 10
set default-next-hop 10.5.1.5
!

interface vlan 100
ip policy route-map 100 ?


I'm using an S-Series, so check your command paths.


William Summers
Network Administrator
Deerfield Academy
Tel. 413.774.1838

________________________________
From: JSanders <at> westernmutual.com <JSanders <at> westernmutual.com>
Sent: Thursday, September 25, 2014 4:27 PM
To: Enterasys Customer Mailing List
Subject: [enterasys] Policy Based Routing

I'm trying to configure a policy based route to override the default route that is currently in place on my N7 running 6.12.03.0003. Currently there is a default route on the N7 that is routing traffic out to the Internet via 192.168.37.1. I'm trying to redirect packets from 192.168.1.17 to 10.5.1.5. When I apply the following config I shut down everything from 192.168.37.1 and up. Does anyone see what I'm doing?

!
access-list 10  permit      host 192.168.1.17
access-list 20  permit      any
!
route-map 100 permit 10
match ip address 10
set next-hop 10.5.1.5
!
route-map 100 permit 20
match ip address 20
set next-hop 192.168.37.1
!
interface vlan 100
ip policy route-map 100

+---------------------+
|Scary Internet   |
|    Cloud              |
+----------+---------+
              |
              |
              |
              |1.1.1.1
 +--------+----------+                                 +--+
 |                          |                                  |   |
 |                          |                           +------+ Server
 | SRX240           +------------------------+------+ 192.168.1.17
 |                          |192.168.1.1
 +--------+----------+
              |192.168.37.1
       |
       |
       |
       |Vlan 100
       |192.168.37.2
 +--------+----------+
 |                         |
 |Enterasys        |                                         +----------------------+
 |N7                       |10.5.1.1                   10.5.1.5|                          |
 |                         +----------------------------------+  Cisco 3845      |
 |                         |Vlan 5                           |                          |
 +--------------------+                                         +----------------------+

Joshua Sanders
Asst. Vice President - Systems Operations
Western Mutual Insurance Group
26775 Malibu Hills Road Suite 100
Calabasas, CA 91301
Main Line: 800-927-2142
jsanders <at> westernmutual.com

 *   --To unsubscribe from enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the body: unsubscribe enterasys wsummers <at> deerfield.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys JSanders <at> westernmutual.com

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org

Gmane