Link to home
Start Free TrialLog in
Avatar of BSModlin
BSModlinFlag for United States of America

asked on

Cisco ISR 4300 Dual Internet Connections

I have 2 internet connections from the same ISP.  I am created 2 VLANs.... 10.55.20.0 and 10.55.30.0.  I would like VLAN 20 to route out Inetrnet Connection 1 and VLAN 30 route out Internet connection 2.

What is the best way to accomplish this with 1 router.

My router has an additional switchport card in it so I will be creating the VLANs and DHCP scopes directly on the router, along with terminating both internet connections.
Avatar of Garry Glendown
Garry Glendown
Flag of Germany image

Simplest way would be to set up an additional VRF you put one of the VLANs and one of the Internet connections into ... that way, you have two separate routing tables and can easily keep the two apart ... using additional features like fallback routes, a bit of NAT etc. you could even add redundancy for outgoing access ...

Let me know if you need additional support or infos on setting it up ...
I think using policy based routing might be better. It can route traffic based upon the more than just the destination address. I usually use PBR to route based upon the source IP. This way VLAN 20 and 30 can still talk internally, and you can send different traffic out different interfaces based upon source IP, protocol,  port, etc. PBR also has the flexibility to route traffic out one ISP interface or another depending upon IP SLA status. I use this to conditionally route traffic out the local cable connection only if I know it's good. PBR can be easily modified via single access list.
Avatar of BSModlin

ASKER

Thank you.  Can you please give me an example of what the PBR would look like?
Are these DIA through a provider? Are they letting you run BGP with them? Even if not, did they give you a single public IP space or 2 blocks? If they gave you 2 blocks and you want to run both VLANs as autonomous networks independent of one another, you can definitely do what was suggested earlier by using VRFs to keep the traffic separate. One thing I would do is not utilize the global table at all. This will allow you to properly label both routing tables. Example below.

vrf definition VLAN20
address-family ipv4
!
vrf definition VLAN30
address-family ipv4

Not sure how you are going to get the traffic to the router but it could look something like either of these below configurations.

int po1.20
vrf forwarding VLAN20
ip address 10.55.20.1 255.255.255.0
!
int ran g0/0/0-1
channel-group 1
!
int po1.30
vrf forwarding VLAN30
ip address 10.55.30.1 255.255.255.0
!

If you are using an L3 switch you can do routing via EIGRP or OSPF......

router eigrp VLAN20
address-family ipv4 unicast vrf VLAN20 as xx
network 10.55.20.1 0.0.0.0
!
router eigrp VLAN30
address-family ipv4 unicast vrf VLAN30 as xx
network 10.55.30.1 0.0.0.0
!
router ospf xx vrf VLAN20
router-id x.x.x.x
network 10.55.20.1 0.0.0.0 area 0
!
router ospf xx vrf VLAN30
router-id x.x.x.x
network 10.55.30.1 0.0.0.0 area 0
!
So that is the LAN side, the WAN side will be determined on how the provider is handling your traffic and your public IP space available for your use.

Another question I may have in this scenario since you didn't mention any public IP space.....are they providing a managed router and doing NAT for you? If that is the case, then it makes this much easier on your side for configuration but you also want to ensure you are communicating with the provider regarding the networks that will be allowed in their NAT policy.
ASKER CERTIFIED SOLUTION
Avatar of kevinhsieh
kevinhsieh
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok great.  What does the "IP flow ingress" command do?
that's leftover command from my router. It allows net flow statistics to be collected. From the router I can see the top 200 conversations by size.
Thank you..... last question....  How can I configure failover, just in case one of these circuits goes down?