12 Replies Latest reply on Jul 13, 2015 3:36 PM by levi

    How do I create DHCP-destined routes?

    btarratt New Member

      I have a TA908E G3 running R10.9.4, and I'd like to point a route to the gateway I've learned from dhcp.  On a cisco, I can do, for example,

      ip route 192.0.2.0 255.255.255.0 dhcp
      

      I need traffic to one subnet to only ever exit by way of the interface learning it's address via DHCP, and I do not know the address of the gateway the DHCP client will learn.  Is there a way to do this in AOS?

        • Re: How do I create DHCP-destined routes?
          cj! Beta_User

          Hi btarratt:

           

          The default gateway learned via DHCP will be the only available route unless you add a static route.  All routed traffic will forward to that gateway so there should be nothing more you need to do.  Are you observing a different behavior in your AOS unit?

           

          Best,

          Chris

            • Re: How do I create DHCP-destined routes?
              btarratt New Member

              I've increased the administrative distance of the route learned from DHCP to 10, because I want to use a different route for default.

              int eth 0/1
                ip address dhcp 10
              ip route 0.0.0.0 0.0.0.0 10.10.10.1
              
              

              I wish to add a specific route to this one destination (in my example, 192.0.2.0/24) by way of the gateway I learned from DHCP (which I don't know ahead of time).

                • Re: How do I create DHCP-destined routes?
                  cj! Beta_User

                  Got it--thanks for clarifying.  I'm unable to think of a concise way to handle that scenario.  Perhaps the use of Multi-VRF (see Configuring Multi-VRF in AOS for more info) could open up more flexibility, but I'm not certain.  VRF is not something with which I'm proficient.

                   

                  Another approach could be Policy-Based Routing (PBR).  See Configuring Policy Based Routing in AOS for complete info.  I think you could leave DHCP at administrative distance zero in this approach and remove the static default route.  Build an ACL to match all traffic except 192.0.2.0/24.  Create a route-map to use 10.10.10.1 as the next hop for traffic to that subnet.  Maybe like this:

                  !

                  ip local policy route-map PreferredGateway

                  !

                  !

                  interface eth 0/1

                    description LAN

                    ip address dhcp

                    ip policy route-map PreferredGateway

                    no shutdown

                  !

                  !

                  route-map PreferredGateway permit 10

                    match ip address GeneralTraffic

                    set ip next-hop 10.10.10.1

                  !

                  !

                  ip access-list extended GeneralTraffic

                    remark General Traffic

                    deny ip any  192.0.2.0 0.0.0.255

                    permit ip any any

                  !

                  What do you think?

                   

                  Chris

                   

                  Edited to correct syntax mistake in ACL (deny not discard).

                  Edit 2 to correct syntax mistake in ACL (permit not match).  Duh!

                  1 of 1 people found this helpful
                    • Re: How do I create DHCP-destined routes?
                      btarratt New Member

                      I do not believe PBR will work, as I have my other default route tracking a probe, like so:

                      ip route 0.0.0.0 0.0.0.0 10.10.10.1 track cable-track
                      
                      

                      Should have mentioned that in my previous example.  Sorry.  I don't think you can make PBR track probes, can you?

                       

                      I'm not sure how you'd do it with VRFs - VRFs are just virtual routing tables, they let you break a router into multiple virtual routers in the same way VLANs allow you to break a switch into multiple virtual switches (to put it simply).

                        • Re: How do I create DHCP-destined routes?
                          cj! Beta_User

                          In that case you'd want to make the ACL used in the route-map track-dependent, like this:

                          !

                          ip access-list extended GeneralTraffic

                            remark General Traffic

                            deny ip any  192.0.2.0 0.0.0.255

                            permit ip any  any  track cable-track

                          !

                          When the track fails, the match statement will cease matching general traffic, and so the route-map will have no valid traffic on which to act.  Packets will be forwarded according to the route table in that case (which will contain the learned default gateway from DHCP) until the track flips back to the pass state.

                           

                          Note that it is important to avoid ending up with an empty ACL.  In AOS, empty ACLs are considered an implicit 'match any' and this would cause PBR to always be in effect, since it would match all traffic.  I believe the deny statement should be enough to keep the ACL from matching any.  But I have encountered a case where this did not function properly.  I modified my ACL something like this and it functioned properly:

                          !

                          ip access-list extended GeneralTraffic

                            remark General Traffic

                            deny ip any  192.0.2.0 0.0.0.255

                            permit ip any  any  track cable-track

                            permit ip host 1.1.1.1  host 1.1.1.2

                          !

                          Thanks for the clarification about VRF.  I have some learning to do in that area.  Let us know what you think about this approach with PBR.  Anyone have a more elegant solution?

                           

                          Chris

                           

                          Edited to correct syntax mistake in ACL (permit not match).

                            • Re: How do I create DHCP-destined routes?
                              btarratt New Member

                              I don't see a "match" command under acl config.

                               

                              router(config-ext-nacl)# ?
                              deny                   - Specify criteria for packets that should not match 
                                                       this ACL
                              do                     - Execute a root command
                              exit                   - Exit from configure mode
                              no                     - Negate a command or set its defaults
                              permit                 - Specify criteria for packets that should match this ACL
                              remark                 - Access-list entry comment
                              
                              
                    • Re: How do I create DHCP-destined routes?
                      levi Employee

                      btarratt:

                       

                      Thank you for asking this question in the support community forum.  There are ways to accomplish this, but cj! is right, this is typically done with a route-map.  Within the route-map, you would use the set interface command to use the interface where the DHCP route/gateway is received.  From the Configuring Policy Based Routing in AOS guide cj! referenced, on the top of page 16:

                       

                      The set interface ethernet command and the set interface vlan  command can be used only when DHCP is utilized so the router will forward traffic to the default gateway learned on that particular interface.

                       

                      The example configuration would be similar to the following:

                       

                      ip access-list extended DHCP-PBR-ACL

                      permit ip any 192.0.2.0 0.0.0.255

                      !

                      route-map DHCP-PBR permit 10

                      match ip address DHCP-PBR-ACL

                      set interface ethernet 0/1

                       

                      I hope that makes sense, but please do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

                       

                      Levi

                      • Re: How do I create DHCP-destined routes?
                        levi Employee

                        btarratt:

                         

                        I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                         

                        Thanks,

                         

                        Levi