Avatar of BSModlin
BSModlin
Flag for United States of America asked on

Cisco ISR 4300 Dual Internet Connections

I have 2 internet connections from the same ISP.  I am created 2 VLANs.... 10.55.20.0 and 10.55.30.0.  I would like VLAN 20 to route out Inetrnet Connection 1 and VLAN 30 route out Internet connection 2.

What is the best way to accomplish this with 1 router.

My router has an additional switchport card in it so I will be creating the VLANs and DHCP scopes directly on the router, along with terminating both internet connections.
* VLANCisco* ISRRouters

Avatar of undefined
Last Comment
BSModlin

8/22/2022 - Mon
Garry Glendown

Simplest way would be to set up an additional VRF you put one of the VLANs and one of the Internet connections into ... that way, you have two separate routing tables and can easily keep the two apart ... using additional features like fallback routes, a bit of NAT etc. you could even add redundancy for outgoing access ...

Let me know if you need additional support or infos on setting it up ...
kevinhsieh

I think using policy based routing might be better. It can route traffic based upon the more than just the destination address. I usually use PBR to route based upon the source IP. This way VLAN 20 and 30 can still talk internally, and you can send different traffic out different interfaces based upon source IP, protocol,  port, etc. PBR also has the flexibility to route traffic out one ISP interface or another depending upon IP SLA status. I use this to conditionally route traffic out the local cable connection only if I know it's good. PBR can be easily modified via single access list.
BSModlin

ASKER
Thank you.  Can you please give me an example of what the PBR would look like?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Harold Bowlin

Are these DIA through a provider? Are they letting you run BGP with them? Even if not, did they give you a single public IP space or 2 blocks? If they gave you 2 blocks and you want to run both VLANs as autonomous networks independent of one another, you can definitely do what was suggested earlier by using VRFs to keep the traffic separate. One thing I would do is not utilize the global table at all. This will allow you to properly label both routing tables. Example below.

vrf definition VLAN20
address-family ipv4
!
vrf definition VLAN30
address-family ipv4

Not sure how you are going to get the traffic to the router but it could look something like either of these below configurations.

int po1.20
vrf forwarding VLAN20
ip address 10.55.20.1 255.255.255.0
!
int ran g0/0/0-1
channel-group 1
!
int po1.30
vrf forwarding VLAN30
ip address 10.55.30.1 255.255.255.0
!

If you are using an L3 switch you can do routing via EIGRP or OSPF......

router eigrp VLAN20
address-family ipv4 unicast vrf VLAN20 as xx
network 10.55.20.1 0.0.0.0
!
router eigrp VLAN30
address-family ipv4 unicast vrf VLAN30 as xx
network 10.55.30.1 0.0.0.0
!
router ospf xx vrf VLAN20
router-id x.x.x.x
network 10.55.20.1 0.0.0.0 area 0
!
router ospf xx vrf VLAN30
router-id x.x.x.x
network 10.55.30.1 0.0.0.0 area 0
!
So that is the LAN side, the WAN side will be determined on how the provider is handling your traffic and your public IP space available for your use.

Another question I may have in this scenario since you didn't mention any public IP space.....are they providing a managed router and doing NAT for you? If that is the case, then it makes this much easier on your side for configuration but you also want to ensure you are communicating with the provider regarding the networks that will be allowed in their NAT policy.
ASKER CERTIFIED SOLUTION
kevinhsieh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
BSModlin

ASKER
Ok great.  What does the "IP flow ingress" command do?
kevinhsieh

that's leftover command from my router. It allows net flow statistics to be collected. From the router I can see the top 200 conversations by size.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
BSModlin

ASKER
Thank you..... last question....  How can I configure failover, just in case one of these circuits goes down?