policy based gateway(dual) for host ip - possible ?.

I don't know if this can be achieved on L3, here is the scenario.

I'm having a L3 switch with connections to internet thru a firewall, point-point link(same as lan), local application servers and a small local lan.

I need some 20 users to use firewall lan ip as the default gateway and occasionally L3 switch ip as the gateway for accessing point-point link and local servers.(don't ask why

)

Now if i use route-map (PBR) and use firewall ip as default gateway, i cannot access local lan. Also i don't want to add any routes in the PCs.

Is there a way of achieving this on the L3 itself ?. like two gateways for one or a set of hosts in some kind of policy group ?.

Many thanks,

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

networker050184

Why not just make the gateway the switch and have it have routes to the internet through the firewall and to the local servers? Let the router route.

macwhizard

Not sure why they want to create next hop just for some users.

As of now the 20 user have the gateway set to firewall in their PC and other users have switch ip as the gateway. Here if i want to make any nw changes, i need to change the gw in PC.

I was wondering if there is some sort of mechanism in L3 switch to have multiple gateways to a group, it will provide more flexibility.

eg.
subnet mask is either 23 or 24
for local lan, take gateway X
for gateway of last resort, take gateway Y

networker050184

What you are talking about is routing and you don't need multiple gateways for that.