We help IT Professionals succeed at work.

Cisco ISR 4300 Dual Internet Connections

BSModlin
BSModlin asked
on
300 Views
Last Modified: 2017-05-31
I have 2 internet connections from the same ISP.  I am created 2 VLANs.... 10.55.20.0 and 10.55.30.0.  I would like VLAN 20 to route out Inetrnet Connection 1 and VLAN 30 route out Internet connection 2.

What is the best way to accomplish this with 1 router.

My router has an additional switchport card in it so I will be creating the VLANs and DHCP scopes directly on the router, along with terminating both internet connections.
Comment
Watch Question

Garry GlendownConsulting and Network/Security Specialist
CERTIFIED EXPERT

Commented:
Simplest way would be to set up an additional VRF you put one of the VLANs and one of the Internet connections into ... that way, you have two separate routing tables and can easily keep the two apart ... using additional features like fallback routes, a bit of NAT etc. you could even add redundancy for outgoing access ...

Let me know if you need additional support or infos on setting it up ...
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
I think using policy based routing might be better. It can route traffic based upon the more than just the destination address. I usually use PBR to route based upon the source IP. This way VLAN 20 and 30 can still talk internally, and you can send different traffic out different interfaces based upon source IP, protocol,  port, etc. PBR also has the flexibility to route traffic out one ISP interface or another depending upon IP SLA status. I use this to conditionally route traffic out the local cable connection only if I know it's good. PBR can be easily modified via single access list.

Author

Commented:
Thank you.  Can you please give me an example of what the PBR would look like?
Harold BowlinOwner/Network Architect
CERTIFIED EXPERT

Commented:
Are these DIA through a provider? Are they letting you run BGP with them? Even if not, did they give you a single public IP space or 2 blocks? If they gave you 2 blocks and you want to run both VLANs as autonomous networks independent of one another, you can definitely do what was suggested earlier by using VRFs to keep the traffic separate. One thing I would do is not utilize the global table at all. This will allow you to properly label both routing tables. Example below.

vrf definition VLAN20
address-family ipv4
!
vrf definition VLAN30
address-family ipv4

Not sure how you are going to get the traffic to the router but it could look something like either of these below configurations.

int po1.20
vrf forwarding VLAN20
ip address 10.55.20.1 255.255.255.0
!
int ran g0/0/0-1
channel-group 1
!
int po1.30
vrf forwarding VLAN30
ip address 10.55.30.1 255.255.255.0
!

If you are using an L3 switch you can do routing via EIGRP or OSPF......

router eigrp VLAN20
address-family ipv4 unicast vrf VLAN20 as xx
network 10.55.20.1 0.0.0.0
!
router eigrp VLAN30
address-family ipv4 unicast vrf VLAN30 as xx
network 10.55.30.1 0.0.0.0
!
router ospf xx vrf VLAN20
router-id x.x.x.x
network 10.55.20.1 0.0.0.0 area 0
!
router ospf xx vrf VLAN30
router-id x.x.x.x
network 10.55.30.1 0.0.0.0 area 0
!
So that is the LAN side, the WAN side will be determined on how the provider is handling your traffic and your public IP space available for your use.

Another question I may have in this scenario since you didn't mention any public IP space.....are they providing a managed router and doing NAT for you? If that is the case, then it makes this much easier on your side for configuration but you also want to ensure you are communicating with the provider regarding the networks that will be allowed in their NAT policy.
Network Engineer
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
Ok great.  What does the "IP flow ingress" command do?
kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
that's leftover command from my router. It allows net flow statistics to be collected. From the router I can see the top 200 conversations by size.

Author

Commented:
Thank you..... last question....  How can I configure failover, just in case one of these circuits goes down?