Cisco Switch Routing

I have a cisco 6509 switch and 4 valns:
vlan 10- server network- 10.110.110.0/24
vlan 20- user network- 10.110.111.0/24
vlan 30- wireless network- 10.110.112.0/24
vlan 40- Guest network- 10.110.113.0/24

I have 2 routes each with a separate ISP.
Router1- 10.110.110.1
Router2- 10.110.110.3

I want to route the server and user network our router 1 and the guest and wireless network out router 2.
My DHCP comes from my server at 10.110.110.24

Here is what my switch looks like:
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan10
 description server network
 ip address 10.110.110.6 255.255.255.0
 ip helper-address 10.110.110.24
!
interface Vlan20
 description OW Clients
 ip address 10.110.111.1 255.255.255.0
 ip helper-address 10.110.110.24
!
interface Vlan30
 description OW Wireless
 ip address 10.110.112.1 255.255.255.0
 ip helper-address 10.110.110.24
!
interface Vlan40
 description Guest Wireless
 ip address 10.110.113.1 255.255.255.0
 ip helper-address 10.110.110.24
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.110.110.1
no ip http server

I tried adding:
 ip route 10.110.112.0 255.255.255.0 10.110.110.3
but that didn't work what am I missing?
LVL 1
Scott_Smith24Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rgormanCommented:
You won't be able to have separate routes for the networks on the same vrf.  You might be able to policy based routing on that unit so you could policy the subnets to route a specific way.

The command you entered for adding the route was a telling the system to find the subnet 10.110.112.0 through the 10.110.110.3 gateway which is not what you want.  Your 0.0.0.0 route is your default route which is how the system determines to forward the traffic upstream to the ISP router.

Another option that could work would be if you have a proper firewall product upstream is you could use it to conditionally forward certain source traffic out a specific interface and other traffic out another one, with each one being on a separate ISP connection.
0
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
Probably the easiest way to do this is use a technology meant for MPLS, however it works in a pinch here as a "Lite" version (It is actually called VRF-Lite).  This will segregate your networks in to two separate routing tables.  You would also need to move your second router onto another VLAN.

What you would want to do is the following:

ip vrf <VRF>  ("Unsecured" works well for this probably)

int Vlan 30
  ip vrf forwarding <VRF>
  ip address 10.110.112.1 255.255.255.0
  ip helper-address 10.110.110.24


interface Vlan40
  ip vrf forwarding <VRF>
  ip address 10.110.113.1 255.255.255.0
  ip helper-address 10.110.110.24


ip route vrf <VRF> 0.0.0.0 0.0.0.0 <newrouter2ip>

Open in new window


There are ways around moving the second router, however they are more "messy" then just moving the router to a different VLAN.

This way, your office network and wireless/guest network are segregated.  Keep in mind, you will not have access to the resources on the office from either of these networks.



The reason why your IP route command didn't work, the first 4 octets and second 4 octets are the destination network, not your source network.  If you want to filter on your source network, you would need to use a route-map.  This is possible as well, however it is not as clean as the VRF option.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott_Smith24Author Commented:
So when moving the router to another vlan do you mean moving it to vlan 40 or creating an whole new vlan and moving it there?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
You can move it to VLAN40, or create a separate VLAN or use a interface as a point-to-point interface.  The point is, whatever VRF the IP network is connected to, must be attached to the separate VRF ("Unsecured" in my example).

I honestly prefer keeping my routers out of the same subnet as my hosts that are using that router, but that is just me.
0
Scott_Smith24Author Commented:
So from my research the 6509 switch does not support VRF. I thought it would be something easy I will most likely create a separate network with a different switch.
Thanks
0
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
What Codebase are you using for your switch?

Just checked the Cisco Feature Naviagor, it looks like it is supported in a SUP32, SUP720 and SUP2T.  Probably a few others as well.  It may just be a matter of upgrading the IOS.
0
ffleismaSenior Network EngineerCommented:
I'll suggest another alternative for your requirement, this uses Policy-Based Routing.
PBR network diagram
for VLANs 10 and 20, it takes the normal default static route "ip route 0.0.0.0 0.0.0.0 10.110.110.1" to R1.
at interface VLAN 30 and 40, there is a policy route-map (VL30_VL40_to_R2) applied which sets the next-hop to 10.110.110.2 instead. So traffic from VLAN 30 and 40 are redirected to R2.

I've done a simulation on GNS3 and below are the results. I've used routers to simulate hosts
VLAN20_HOST#show ip int br | inc FastEthernet0/0
FastEthernet0/0            10.110.111.10   YES manual up                    up
VLAN20_HOST#
VLAN20_HOST#show run | inc ip route
ip route 0.0.0.0 0.0.0.0 10.110.111.1
VLAN20_HOST#
VLAN20_HOST#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 10.110.111.1 76 msec 72 msec 68 msec
  2 10.110.110.1 128 msec 92 msec 96 msec
  3 13.1.1.3 152 msec 152 msec 160 msec
VLAN20_HOST#

Open in new window

On line 13, you'll notice that it takes the normal path to 10.110.110.1 (R1)
VLAN30_HOST#show ip int br | inc 0/0
FastEthernet0/0            10.110.112.10   YES manual up                    up
VLAN30_HOST#
VLAN30_HOST#show run | inc ip route
ip route 0.0.0.0 0.0.0.0 10.110.112.1
VLAN30_HOST#
VLAN30_HOST#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 10.110.112.1 96 msec 64 msec 60 msec
  2 10.110.110.2 132 msec 96 msec 156 msec
  3 23.1.1.3 152 msec 128 msec 156 msec
VLAN30_HOST#

Open in new window

On line 13, next-hop was changed to 10.110.110.2 (R2) and traffic was forwarded to R2

Hope this helps, and let me know if you have further questions and I'll be glad to help you out!

Also, 6509 can handle VRF. You might want to check you IOS version.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.