Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sharing two network connections with a Cisco 2611XM router

Posted on 2008-06-17
13
Medium Priority
?
427 Views
Last Modified: 2008-09-08
I have a T-1 line coming into the office and now have a cable modem/router in the same office.  The current configuration is the T-1 goes into a Cisco 2524 router, the ethernet connection goes to a Netgear to do DHCP for the office.

Is there a way to use a 2611 router and use both the T-1 line and the cable line.  My goal is to be able to use both connections, especially if one connection goes down.  I'm not concerned with load balancing or anything else fancy like that, but do have servers inside the office that need to be reachable via the ip address of the T-1 only.

Thank you in advance for your comments.

-Scott
0
Comment
Question by:targetx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21805118
Is the cable modem a static IP Address?
0
 

Author Comment

by:targetx
ID: 21805227
No, it is a dynamic IP, but we can get a static ip if we need to.
0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21805321

I think it would work better with a static IP than a dynamic.  I'm not sure if it would work at all with the dynamic, but i've never tried.

I did something similar to this years ago, and it worked OK, but not great.  

I had 2 cisco 2600 routers that each had a T1 to the internet, an a point-to-point between them.  If the internet T1 on either failed, it would route traffic out through the point-to-point and out the other router.

I used static routing with higher metrics for the 'backup' route.  I also had to apply an ACL / NAT to traffic that went through the backup route.  
The problem I ran into was that sometimes a T1 line would go down or have problems, but the router would not put the interface down, and not know to route out through the backup interface.  (we had a routing problem with our carrier, so traffic would go 1 hop and drop)


I'm not still at the place I had this working, so I don't have access to the actual config files, but could help figure it out with what i've got.  

basic config
route 0.0.0.0 0.0.0.0 T1IP 1
route 0.0.0.0 0.0.0.0 cableIP 10
ip nat source list {acl} interface {eth cable} overload

int ethernet (cable)
ip nat outside

int ethernet(inside)
ip nat inside

If you need more help let me know, and i'll dig up a couple routers and see what I can figure out.

0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:targetx
ID: 21805633
So, you basically took an ethernet cable from the cable modem and used another card for the T-1 and then used a weight on the two connections?

0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21805662
In my situation i used 2 serial (t1) connections and 1 ethernet.  

For your situation i would use 2 Ethenet and 1 serial interface.

example:
use ser0/0 for  t1 interface
use eth0/0 for cable interface
use eth0/1 for internal network

0
 

Author Comment

by:targetx
ID: 21805832
I can use the serial connection for the T-1, then take the ethernet line from the cable modem/router and set it up that way.

What if I have certain servers on my network that I only want to be accessed via the T-1?
0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21805905
do you have a firewall behind the router, or is the router the only device?

if you don't have a firewall:

if you're using Internal addressing (192.168.x.x, 172.16-31.x.x, or 10.x.x.x) you can create a one-to-one (static) nat for the T1 to allow access to the servers from the internet via the T1, then create a hide (pool / overload) nat on the cable interface




0
 

Author Comment

by:targetx
ID: 21805966
Can you also shape traffic?  Say I want all outbound FTP requests to go on the cable line, is that possible?

Do you have an example ACL?
0
 
LVL 7

Expert Comment

by:mabutterfield
ID: 21806231
I believe you can send different traffic out different connections using policy based routing, but that is beyond my knowledge.  

I'll come up with some sample acls and post shortly
0
 
LVL 7

Accepted Solution

by:
mabutterfield earned 1000 total points
ID: 21806350
This will get you started.  I think the commands are correct, but i've been working on Pix alot more than IOS recently, so I had to try to remember some of the syntax.  This should get you pretty close, the rest should be just routing.  Let me know how it works.  If you need more help i'll dust off a couple routers and see what I can do.

ser0
description T1
ip address 1.0.0.1 255.255.255.0
access-group 100 in
ip nat outside

eth0
description cable
ip address 2.0.0.1 255.255.255.0
access-group 101 in
ip nat outside

eth1
description internal lan
ip address 3.0.0.1 255.255.255.0
ip nat inside


ip nat inside source static 3.0.0.2 1.0.0.2 extendable
ip nat inside source list 1 int ser0 overload
ip nat inside source list 1 int eth0 overload


access-list 1 permit 1.0.0.0 0.0.0.255



ip access-list extended 100
remark inbound acl for T1
remark drop traffic for internal IP addresses (shouldn't be routed on internet)
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.15.255
deny ip any 169.254.0.0 0.0.255.255
deny ip 192.168.0.0 0.0.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.0.15.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip 240.0.0.0 15.255.255.255 any
remark drop unwanted traffic
deny   udp any any eq netbios-ns                                
deny   udp any any eq netbios-ss                                
deny   udp any any eq netbios-dgm    
remark drop traffic from local address (to prevent spoofing)
deny ip any 1.0.0.0 0.0.0.255
remark permit services to servers
permit tcp any host 1.0.0.2 eq 80
permit tcp any host 1.0.0.2 eq 25
remark allow return traffic
permit ip any 1.0.0.0 0.0.0.255 established
remark cleanup
deny ip any any

ip access-list extended 101
remark inbound acl for cable
remark drop traffic for internal IP addresses (shouldn't be routed on internet)
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.15.255
deny ip any 169.254.0.0 0.0.255.255
deny ip 192.168.0.0 0.0.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.0.15.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip 240.0.0.0 15.255.255.255 any
remark drop unwanted traffic
deny   udp any any eq netbios-ns                                
deny   udp any any eq netbios-ss                                
deny   udp any any eq netbios-dgm    
remark drop traffic from local address (to prevent spoofing)
deny ip any 2.0.0.0 0.0.0.255
remark allow return traffic
permit ip any 2.0.0.0 0.0.0.255 established
remark cleanup
deny ip any any


0
 

Author Comment

by:targetx
ID: 21807286
This is a great starting point - THANK YOU.  I'm working on the config now and will update the thread.  Thanks again for your time today.  I'll leave this question open while I work on the project.

0
 

Assisted Solution

by:worsnoptr
worsnoptr earned 600 total points
ID: 21807674
Here is an example of policy based routing for your FTP traffic this will send all of your FTP traffic out through your cable modem.

Int e0/1
description internal lan
ip policy route-map ftp

access-list ftp permit tcp any any eq ftp
access-list ftp permit tcp any any eq ftp-data
route-map ftp_policy permit 10
 match ip address ftp
 set ip next-hop x.x.x.x (IP of Cable modem)
0
 
LVL 15

Assisted Solution

by:wingatesl
wingatesl earned 400 total points
ID: 21819008
You should builld the nat overloads with route maps as well. I have an example here.
http://www.inacom-sby.net/Shawn/post/2007/11/Getting-Dual-ISPs-running-on-Cisco-1811-and-above-routers(Part-1).aspx
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question