sencha
asked on
Cisco 1841 - 3 ISPs and HWIC-4ESW VLAN Routing
We have a Cisco 1841 with an HWIC-4ESW running IOS 12.3(8)T5. We have a T1 connected via Ethernet to an ISP router on FE0/0, a DSL connected via Ethernet to an ISP router on FE0/1 and our internal LAN connected to VLAN1/FE0/0/0 on an HWIC-4ESW. We want to add a third ISP connection (cable via Ethernet to the ISPs router) using the HWIC-4ESW. I have set up a new VLAN4 on FE0/0/3 to handle this and while I can ping the the ISP's interface from the router and the corresponding VLAN4 HWIC interface on the 1841 from the internal LAN I cannot get traffic from our LAN to route to the VLAN4/cable ISP interface using the same route map approach that works with the T1/DSL connections.
Here are the relevant parts of the config. Note that we're not doing anything fancy as far as load balancing/sharing/aggregat ion. Route maps are used to direct traffic from given machines/subnets out a specified interface. I understand from Cisco docs that I need to create an SVI and VLAN, but believe I have done so unless I need to create a third VLAN that acts as a common "backbone" for routing among VLAN1, VLAN4 and the FE interfaces.
!
interface FastEthernet0/0
description T1
ip address 69.214.111.30 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description DSL
ip address 69.220.125.209 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/0/0
no ip address
no cdp enable
!
interface FastEthernet0/0/1
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/0/2
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/0/3
switchport access vlan 4
no ip address
no cdp enable
spanning-tree portfast
!
interface Vlan1
description 4700 Inside Local
ip address 192.168.210.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip policy route-map rmT1Overload
!
interface Vlan4
description Cable
ip address 70.91.102.81 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.220.125.214
ip route 192.168.24.0 255.255.255.0 192.168.210.6
ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 192.168.210.10 9996
ip http server
ip http authentication local
ip nat pool npDslOverload 69.220.125.211 69.220.125.211 netmask 255.255.255.248
ip nat pool npT1Overload 69.214.111.28 69.214.111.28 netmask 255.255.255.248
ip nat pool npCblOverload 70.91.102.83 70.91.102.83 netmask 255.255.255.248
ip nat inside source list alCblOverload4700 pool npCblOverload overload
ip nat inside source list alDslOverload4700 pool npDslOverload overload
ip nat inside source list alT1Overload4700 pool npT1Overload overload
ip nat inside source static tcp 192.168.210.11 25 69.214.111.26 25 extendable
!
ip access-list standard alCblOverload4700
permit 192.168.210.10
deny any
ip access-list standard alDslOverload4700
deny 192.168.210.11
deny 192.168.210.10
permit 192.168.210.0 0.0.0.255
deny any
ip access-list standard alT1Overload4700
permit 192.168.210.11
deny any
!
!
route-map rmT1Overload permit 10
match ip address alT1Overload4700
set ip next-hop 69.214.111.25
!
route-map rmDslOverload permit 10
match ip address alDslOverload4700
set ip next-hop 69.220.125.214
!
route-map rmCblOverload permit 10
match ip address alCblOverload4700
set ip next-hop 70.91.102.86
!
!
Here are the relevant parts of the config. Note that we're not doing anything fancy as far as load balancing/sharing/aggregat
!
interface FastEthernet0/0
description T1
ip address 69.214.111.30 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description DSL
ip address 69.220.125.209 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/0/0
no ip address
no cdp enable
!
interface FastEthernet0/0/1
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/0/2
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/0/3
switchport access vlan 4
no ip address
no cdp enable
spanning-tree portfast
!
interface Vlan1
description 4700 Inside Local
ip address 192.168.210.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip policy route-map rmT1Overload
!
interface Vlan4
description Cable
ip address 70.91.102.81 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.220.125.214
ip route 192.168.24.0 255.255.255.0 192.168.210.6
ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 192.168.210.10 9996
ip http server
ip http authentication local
ip nat pool npDslOverload 69.220.125.211 69.220.125.211 netmask 255.255.255.248
ip nat pool npT1Overload 69.214.111.28 69.214.111.28 netmask 255.255.255.248
ip nat pool npCblOverload 70.91.102.83 70.91.102.83 netmask 255.255.255.248
ip nat inside source list alCblOverload4700 pool npCblOverload overload
ip nat inside source list alDslOverload4700 pool npDslOverload overload
ip nat inside source list alT1Overload4700 pool npT1Overload overload
ip nat inside source static tcp 192.168.210.11 25 69.214.111.26 25 extendable
!
ip access-list standard alCblOverload4700
permit 192.168.210.10
deny any
ip access-list standard alDslOverload4700
deny 192.168.210.11
deny 192.168.210.10
permit 192.168.210.0 0.0.0.255
deny any
ip access-list standard alT1Overload4700
permit 192.168.210.11
deny any
!
!
route-map rmT1Overload permit 10
match ip address alT1Overload4700
set ip next-hop 69.214.111.25
!
route-map rmDslOverload permit 10
match ip address alDslOverload4700
set ip next-hop 69.220.125.214
!
route-map rmCblOverload permit 10
match ip address alCblOverload4700
set ip next-hop 70.91.102.86
!
!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you both for the prompt responses, but I am awarding mikebernhardt the full points as the existing config - while not pretty - does actually route via the DSL as the default and mikebernhardt's answer provided the full explanation I needed to understand what I had forgotten / didn't know. Whoever said ignorance is bliss didn't work with Cisco products!
Thanks
Scott