Utilizing 802.1q for two internet connections and two VLANs

I am trying to successfully utilize two internet connections for two separate VLAN's on my Cisco 2811 router and 2950 switch.

Physical Configuration:
Cable Modem > fa0/0 on Router > fa0/1.1 on Router > fa0/1 on Switch
T1 > Se0/0/0 on Router > fa0/1.2 on Router > fa0/1 on Switch

Switch is setup with fa0/1 as trunk, then the rest of the ports 2-16 on VLAN 2, and 17-24 on VLAN 1.

Whenever I bring up both fa0/0 and se0/0/0 on the router, the internet comes to a halt for both connections. I am still able to obtain a DHCP IP address from both connections, even ping google.com, but when browsing the web nothing happens.

Is there something wrong with my config? Can a non-gigabit uplink between the switch and router not handle this much data flow?

Below is my current router config.
Beeman#sh run
Building configuration...
 
Current configuration : 3419 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Beeman
!
boot-start-marker
boot system flash:c2800nm-entbasek9-mz.124-23.bin
boot-end-marker
!
!
no aaa new-model
!
ip nbar pdlm flash:bittorrent.pdlm
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool Beeman
   network 12.4.0.0 255.255.255.0
   default-router 12.4.0.2
   dns-server 66.75.160.15 4.2.2.2
!
ip dhcp pool Server3
   host 12.4.0.1 255.255.255.0
   client-identifier 0100.1837.01c6.61
   default-router 12.4.0.2
   dns-server 66.xx.xx.xx 4.2.2.2
!
ip dhcp pool gaming
   network 172.25.1.0 255.255.255.0
   default-router 172.25.1.2
   dns-server 72.xx.xx.xx
!
!
ip name-server 66.xx.xx.xx
ip name-server 205.xx.xx.xx
ip name-server 72.xx.xx.xx
ip name-server 72.xx.xx.xx
!
!
!
!
!
!
class-map match-any p2p
 match protocol fasttrack
 match protocol gnutella
 match protocol kazaa2
 match protocol bittorrent
 match protocol edonkey
 match protocol winmx
class-map match-all ipclass2
 match access-group 102
class-map match-all ipclass1
 match access-group 101
!
!
policy-map outbound
 class ipclass2
   police cir 768000 bc 31250
     conform-action transmit
     exceed-action drop
 class p2p
   police cir 8000 bc 1000
     conform-action transmit
     exceed-action drop
policy-map inbound
 class ipclass1
   police cir 7500000 bc 62500
     conform-action transmit
     exceed-action drop
 class p2p
   police cir 8000 bc 1000
     conform-action transmit
     exceed-action drop
policy-map block-p2p
 class p2p
   police cir 8000 bc 1000
     conform-action transmit
     exceed-action drop
!
!
!
interface FastEthernet0/0
 ip address 66.xx.xx.xx 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
 fair-queue
 service-policy input inbound
 service-policy output outbound
!
interface FastEthernet0/1
 no ip address
 duplex full
 speed 100
!
interface FastEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 172.25.1.2 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1.2
 encapsulation dot1Q 2
 ip address 12.4.0.2 255.255.255.0
 ip nat inside
 service-policy input inbound
!
interface Serial0/0/0
 ip address 72.xx.xx.xx 255.255.255.248
 ip nat outside
 encapsulation ppp
 shutdown
 no fair-queue
 service-module t1 timeslots 1-24
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip http server
no ip http secure-server
ip nat inside source list 103 interface FastEthernet0/0 overload
ip nat inside source list 104 interface Serial0/0/0 overload
!
access-list 101 permit ip any host 66.xx.xx.xx
access-list 102 permit ip host 66.xx.xx.xx any
access-list 103 permit ip 12.4.0.0 0.0.0.255 any
access-list 104 permit ip 172.25.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
!
end
 
Beeman#

Open in new window

thorpezAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
This isn't a problem with capability of the trunk. Your cable internet connection and T1 line combined is most likely significantly less than the 100mbps of the trunk.

Does it work with just the cable internet connection? Does it work with just the T1?
0
bkepfordCommented:
The problem is that you need to change your default routes. You need to use policy based routing.
Here is a link and a sample config
http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703 
 
no ip route 0.0.0.0 0.0.0.0 66.xx.xx.xx
no ip route 0.0.0.0 0.0.0.0 Serial0/0/0

interface FastEthernet0/1.2
 ip policy route-map NEXTHOP1
interface FastEthernet0/1.1
ip policy route-map NEXTHOP2
access-list 105 12.4.0.0 0.0.0.255 any
access-list 104 permit ip 172.25.1.0 0.0.0.255 any

route-map NEXTHOP1
match IP address 105
set ip next-hop 66.xx.xx.xx

route-map NEXTHOP2
match IP address 106
set default interface Serial0/0/0
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bkepfordCommented:
Well actually to be more accurate the problem is the NAT mixed in with the default routes. With your setup a packet can get NATed to the Serial interfaces IP address and then sent out the  Fast Ethernet.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

thorpezAuthor Commented:
Thanks for the responses guys.

Yes it works when just one of the services are up. Either just cable or just T1.

As for the config I'll give that a go on Monday (i'm already out of work for the weekend :)). Do I need to make any changes to the NAT inside/outside i currently have configured? or just add to it?

Thanks again,
Zach

0
bkepfordCommented:
No the config I did kept that in mind. NAT should be ok
0
thorpezAuthor Commented:
Awesome. That did it. Both internet connections are up and functional. Thanks! Only issue I'm having now is for the T1 side, I cannot get XBox Live to pass the Internet Connection test. It fails on DNS. When I plug a computer into this VLAN it is correctly assigned IP/DNS/Gateway addresses, and surfs the internet just fine.

Trying to determine if this is a port issue or something else.

Anyone have any ideas?
0
thorpezAuthor Commented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.