[Last Call] Learn how to a build a cloud-first strategyRegister Now


How to set up multiple VLANs and multiple ISP's on Cisco 2811 - not for redundancy

Posted on 2011-05-02
Medium Priority
Last Modified: 2012-05-11
I have a cisco 2811 with 4 VLAN's on it
VLAN 1 = data vlan
VLAN 10 = Voice VLAN
Vlan 250 = partner company
VLAN 254 = guest

Currently this all works beautifully with one ISP, everyone goes out same interface (FE 0/0), VLAN 254 is rate limited, VLAN 250 is restricted to only certain parts of network, like one server for File/print sharing.

The partner company on VLAN 250 is complaining about our websense so they wanted their own connection.  I ordered a completely separate circuit (on FE 0/1) with 5 static IPs and want to now route VLAN 250 and VLAN 254 over this connnection.  With VLAN 250 being still able to connect to certain resources on VLAN 1.

My boss says this is not possible unless I put in complicated policy routing statements and I should just use a linksys router for this new connection.  He says that I cannot have two default routes but I thought I could use route-maps.  I think he's wrong but I'd like ammo to back it up before I go to bat.  Wouldn't I just set up a route-map like

access-list 100 permit ip host any
route-map VLAN-250 permit 10
match ip address 100
set ip default next-hop <new static IP>

Obvioulsy I would also set up an ACL on FE 0/0 to deny to any resources (via ports) except the ones they need, like file/print sharing and I would think an ACL on FE 0/1 to deny VLAN 1 and VLAN 10 from accessing but my boss says that these get applied after the route is set up.

Please experts - HELP!

Would there be an issue with
Question by:atrevido

Expert Comment

ID: 35510141
Route maps is a good method for the above.

Another solution is to use Virtual Routing and Forwarding (VRF) were you run multiple routing tables in the router.


Accepted Solution

alexjfisher earned 2000 total points
ID: 35512241

I do something similar with a cisco router to route my PBX through one ISP and all other hosts through another.

I use:
ip access-list extended MATCH_PBX_ACL
  permit ip host any

route-map PBX_ROUTE-MAP permit 10
  match ip address MATCH_PBX_ACL
  set interface Dialer2

I've got a default route out of Dialer1, so it's just the IP address listed above that gets routed differently.
One thing you might not have thought about is NAT. Since I'm only routing a single IP address out of the second ISP connection it's a simple case of static NAT for me.  You will probably need to define a second NAT pool and make sure it gets used on your second connection.

There's a good example of using route-maps with NAT here:
LVL 12

Author Comment

ID: 35517957
Would there be an issue with the default route?  Can you show me more of your config so I can see what you mean by you have a separate default route for your Dialer1
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.


Expert Comment

ID: 35689951
as you see from previous comments, it's certainly possible w/ the route-map.
however, there's something to be said of u'r boss's suggestion of another small dedicated
router for this new line.  as long as you don't expect to have multiple additional routers springing up, the simplicity of 1 additional router may justify it.

Expert Comment

ID: 35690051

Would there be an issue with the default route?  Can you show me more of your config so I can see what you mean by you have a separate default route for your Dialer1

Not much to show really.
The default route is via Dialer1.  This is a normal, as simple as you can get static default route.
ip route Dialer1

Open in new window

Obviously, you also have to make sure you apply your route map to the appropriate inside interface.  In my case, this is connected directly to a separate PIX firewall.
interface FastEthernet0/1
 ip address
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 ip policy route-map PBX_ROUTE-MAP
 speed 100

Open in new window

So traffic entering the router on fa0/1 is subject to policy routing.  If the traffic matches my MATCH_PBX_ACL access-list it is routed differently, otherwise nothing special happens and the default route is used instead.

Hope this helps,

LVL 12

Author Closing Comment

ID: 35707253
Thanks so much for your help!

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question