Cisco Switch Routing

I have a cisco 6509 switch and 4 valns:
vlan 10- server network- 10.110.110.0/24
vlan 20- user network- 10.110.111.0/24
vlan 30- wireless network- 10.110.112.0/24
vlan 40- Guest network- 10.110.113.0/24

I have 2 routes each with a separate ISP.
Router1- 10.110.110.1
Router2- 10.110.110.3

I want to route the server and user network our router 1 and the guest and wireless network out router 2.
My DHCP comes from my server at 10.110.110.24

Here is what my switch looks like:
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan10
 description server network
 ip address 10.110.110.6 255.255.255.0
 ip helper-address 10.110.110.24
!
interface Vlan20
 description OW Clients
 ip address 10.110.111.1 255.255.255.0
 ip helper-address 10.110.110.24
!
interface Vlan30
 description OW Wireless
 ip address 10.110.112.1 255.255.255.0
 ip helper-address 10.110.110.24
!
interface Vlan40
 description Guest Wireless
 ip address 10.110.113.1 255.255.255.0
 ip helper-address 10.110.110.24
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.110.110.1
no ip http server

I tried adding:
 ip route 10.110.112.0 255.255.255.0 10.110.110.3
but that didn't work what am I missing?
LVL 1
Scott_Smith24Asked:
Who is Participating?
 
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
Probably the easiest way to do this is use a technology meant for MPLS, however it works in a pinch here as a "Lite" version (It is actually called VRF-Lite).  This will segregate your networks in to two separate routing tables.  You would also need to move your second router onto another VLAN.

What you would want to do is the following:

ip vrf <VRF>  ("Unsecured" works well for this probably)

int Vlan 30
  ip vrf forwarding <VRF>
  ip address 10.110.112.1 255.255.255.0
  ip helper-address 10.110.110.24


interface Vlan40
  ip vrf forwarding <VRF>
  ip address 10.110.113.1 255.255.255.0
  ip helper-address 10.110.110.24


ip route vrf <VRF> 0.0.0.0 0.0.0.0 <newrouter2ip>

Open in new window


There are ways around moving the second router, however they are more "messy" then just moving the router to a different VLAN.

This way, your office network and wireless/guest network are segregated.  Keep in mind, you will not have access to the resources on the office from either of these networks.



The reason why your IP route command didn't work, the first 4 octets and second 4 octets are the destination network, not your source network.  If you want to filter on your source network, you would need to use a route-map.  This is possible as well, however it is not as clean as the VRF option.
0
 
rgormanCommented:
You won't be able to have separate routes for the networks on the same vrf.  You might be able to policy based routing on that unit so you could policy the subnets to route a specific way.

The command you entered for adding the route was a telling the system to find the subnet 10.110.112.0 through the 10.110.110.3 gateway which is not what you want.  Your 0.0.0.0 route is your default route which is how the system determines to forward the traffic upstream to the ISP router.

Another option that could work would be if you have a proper firewall product upstream is you could use it to conditionally forward certain source traffic out a specific interface and other traffic out another one, with each one being on a separate ISP connection.
0
 
Scott_Smith24Author Commented:
So when moving the router to another vlan do you mean moving it to vlan 40 or creating an whole new vlan and moving it there?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
You can move it to VLAN40, or create a separate VLAN or use a interface as a point-to-point interface.  The point is, whatever VRF the IP network is connected to, must be attached to the separate VRF ("Unsecured" in my example).

I honestly prefer keeping my routers out of the same subnet as my hosts that are using that router, but that is just me.
0
 
Scott_Smith24Author Commented:
So from my research the 6509 switch does not support VRF. I thought it would be something easy I will most likely create a separate network with a different switch.
Thanks
0
 
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
What Codebase are you using for your switch?

Just checked the Cisco Feature Naviagor, it looks like it is supported in a SUP32, SUP720 and SUP2T.  Probably a few others as well.  It may just be a matter of upgrading the IOS.
0
 
ffleismaSenior Network EngineerCommented:
I'll suggest another alternative for your requirement, this uses Policy-Based Routing.
PBR network diagram
for VLANs 10 and 20, it takes the normal default static route "ip route 0.0.0.0 0.0.0.0 10.110.110.1" to R1.
at interface VLAN 30 and 40, there is a policy route-map (VL30_VL40_to_R2) applied which sets the next-hop to 10.110.110.2 instead. So traffic from VLAN 30 and 40 are redirected to R2.

I've done a simulation on GNS3 and below are the results. I've used routers to simulate hosts
VLAN20_HOST#show ip int br | inc FastEthernet0/0
FastEthernet0/0            10.110.111.10   YES manual up                    up
VLAN20_HOST#
VLAN20_HOST#show run | inc ip route
ip route 0.0.0.0 0.0.0.0 10.110.111.1
VLAN20_HOST#
VLAN20_HOST#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 10.110.111.1 76 msec 72 msec 68 msec
  2 10.110.110.1 128 msec 92 msec 96 msec
  3 13.1.1.3 152 msec 152 msec 160 msec
VLAN20_HOST#

Open in new window

On line 13, you'll notice that it takes the normal path to 10.110.110.1 (R1)
VLAN30_HOST#show ip int br | inc 0/0
FastEthernet0/0            10.110.112.10   YES manual up                    up
VLAN30_HOST#
VLAN30_HOST#show run | inc ip route
ip route 0.0.0.0 0.0.0.0 10.110.112.1
VLAN30_HOST#
VLAN30_HOST#traceroute 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 10.110.112.1 96 msec 64 msec 60 msec
  2 10.110.110.2 132 msec 96 msec 156 msec
  3 23.1.1.3 152 msec 128 msec 156 msec
VLAN30_HOST#

Open in new window

On line 13, next-hop was changed to 10.110.110.2 (R2) and traffic was forwarded to R2

Hope this helps, and let me know if you have further questions and I'll be glad to help you out!

Also, 6509 can handle VRF. You might want to check you IOS version.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.