?
Solved

Utilizing 802.1q for two internet connections and two VLANs

Posted on 2008-11-14
7
Medium Priority
?
840 Views
Last Modified: 2012-06-27
I am trying to successfully utilize two internet connections for two separate VLAN's on my Cisco 2811 router and 2950 switch.

Physical Configuration:
Cable Modem > fa0/0 on Router > fa0/1.1 on Router > fa0/1 on Switch
T1 > Se0/0/0 on Router > fa0/1.2 on Router > fa0/1 on Switch

Switch is setup with fa0/1 as trunk, then the rest of the ports 2-16 on VLAN 2, and 17-24 on VLAN 1.

Whenever I bring up both fa0/0 and se0/0/0 on the router, the internet comes to a halt for both connections. I am still able to obtain a DHCP IP address from both connections, even ping google.com, but when browsing the web nothing happens.

Is there something wrong with my config? Can a non-gigabit uplink between the switch and router not handle this much data flow?

Below is my current router config.
Beeman#sh run
Building configuration...
 
Current configuration : 3419 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Beeman
!
boot-start-marker
boot system flash:c2800nm-entbasek9-mz.124-23.bin
boot-end-marker
!
!
no aaa new-model
!
ip nbar pdlm flash:bittorrent.pdlm
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool Beeman
   network 12.4.0.0 255.255.255.0
   default-router 12.4.0.2
   dns-server 66.75.160.15 4.2.2.2
!
ip dhcp pool Server3
   host 12.4.0.1 255.255.255.0
   client-identifier 0100.1837.01c6.61
   default-router 12.4.0.2
   dns-server 66.xx.xx.xx 4.2.2.2
!
ip dhcp pool gaming
   network 172.25.1.0 255.255.255.0
   default-router 172.25.1.2
   dns-server 72.xx.xx.xx
!
!
ip name-server 66.xx.xx.xx
ip name-server 205.xx.xx.xx
ip name-server 72.xx.xx.xx
ip name-server 72.xx.xx.xx
!
!
!
!
!
!
class-map match-any p2p
 match protocol fasttrack
 match protocol gnutella
 match protocol kazaa2
 match protocol bittorrent
 match protocol edonkey
 match protocol winmx
class-map match-all ipclass2
 match access-group 102
class-map match-all ipclass1
 match access-group 101
!
!
policy-map outbound
 class ipclass2
   police cir 768000 bc 31250
     conform-action transmit
     exceed-action drop
 class p2p
   police cir 8000 bc 1000
     conform-action transmit
     exceed-action drop
policy-map inbound
 class ipclass1
   police cir 7500000 bc 62500
     conform-action transmit
     exceed-action drop
 class p2p
   police cir 8000 bc 1000
     conform-action transmit
     exceed-action drop
policy-map block-p2p
 class p2p
   police cir 8000 bc 1000
     conform-action transmit
     exceed-action drop
!
!
!
interface FastEthernet0/0
 ip address 66.xx.xx.xx 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
 fair-queue
 service-policy input inbound
 service-policy output outbound
!
interface FastEthernet0/1
 no ip address
 duplex full
 speed 100
!
interface FastEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 172.25.1.2 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1.2
 encapsulation dot1Q 2
 ip address 12.4.0.2 255.255.255.0
 ip nat inside
 service-policy input inbound
!
interface Serial0/0/0
 ip address 72.xx.xx.xx 255.255.255.248
 ip nat outside
 encapsulation ppp
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip http server
no ip http secure-server
ip nat inside source list 103 interface FastEthernet0/0 overload
ip nat inside source list 104 interface Serial0/0/0 overload
!
access-list 101 permit ip any host 66.xx.xx.xx
access-list 102 permit ip host 66.xx.xx.xx any
access-list 103 permit ip 12.4.0.0 0.0.0.255 any
access-list 104 permit ip 172.25.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
!
end
 
Beeman#

Open in new window

0
Comment
Question by:thorpez
  • 3
  • 3
7 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22964219
This isn't a problem with capability of the trunk. Your cable internet connection and T1 line combined is most likely significantly less than the 100mbps of the trunk.

Does it work with just the cable internet connection? Does it work with just the T1?
0
 
LVL 15

Accepted Solution

by:
bkepford earned 2000 total points
ID: 22964310
The problem is that you need to change your default routes. You need to use policy based routing.
Here is a link and a sample config
http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703 
 
no ip route 0.0.0.0 0.0.0.0 66.xx.xx.xx
no ip route 0.0.0.0 0.0.0.0 Serial0/0/0

interface FastEthernet0/1.2
 ip policy route-map NEXTHOP1
interface FastEthernet0/1.1
ip policy route-map NEXTHOP2
access-list 105 12.4.0.0 0.0.0.255 any
access-list 104 permit ip 172.25.1.0 0.0.0.255 any

route-map NEXTHOP1
match IP address 105
set ip next-hop 66.xx.xx.xx

route-map NEXTHOP2
match IP address 106
set default interface Serial0/0/0
0
 
LVL 15

Expert Comment

by:bkepford
ID: 22964323
Well actually to be more accurate the problem is the NAT mixed in with the default routes. With your setup a packet can get NATed to the Serial interfaces IP address and then sent out the  Fast Ethernet.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:thorpez
ID: 22964733
Thanks for the responses guys.

Yes it works when just one of the services are up. Either just cable or just T1.

As for the config I'll give that a go on Monday (i'm already out of work for the weekend :)). Do I need to make any changes to the NAT inside/outside i currently have configured? or just add to it?

Thanks again,
Zach

0
 
LVL 15

Expert Comment

by:bkepford
ID: 22964787
No the config I did kept that in mind. NAT should be ok
0
 

Author Comment

by:thorpez
ID: 22979328
Awesome. That did it. Both internet connections are up and functional. Thanks! Only issue I'm having now is for the T1 side, I cannot get XBox Live to pass the Internet Connection test. It fails on DNS. When I plug a computer into this VLAN it is correctly assigned IP/DNS/Gateway addresses, and surfs the internet just fine.

Trying to determine if this is a port issue or something else.

Anyone have any ideas?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question