Cisco ISR 4300 Dual Internet Connections

I have 2 internet connections from the same ISP.  I am created 2 VLANs.... 10.55.20.0 and 10.55.30.0.  I would like VLAN 20 to route out Inetrnet Connection 1 and VLAN 30 route out Internet connection 2.

What is the best way to accomplish this with 1 router.

My router has an additional switchport card in it so I will be creating the VLANs and DHCP scopes directly on the router, along with terminating both internet connections.
BSModlinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Garry GlendownConsulting and Network/Security SpecialistCommented:
This expert suggested creating a Gigs project.
Simplest way would be to set up an additional VRF you put one of the VLANs and one of the Internet connections into ... that way, you have two separate routing tables and can easily keep the two apart ... using additional features like fallback routes, a bit of NAT etc. you could even add redundancy for outgoing access ...

Let me know if you need additional support or infos on setting it up ...
0
kevinhsiehCommented:
I think using policy based routing might be better. It can route traffic based upon the more than just the destination address. I usually use PBR to route based upon the source IP. This way VLAN 20 and 30 can still talk internally, and you can send different traffic out different interfaces based upon source IP, protocol,  port, etc. PBR also has the flexibility to route traffic out one ISP interface or another depending upon IP SLA status. I use this to conditionally route traffic out the local cable connection only if I know it's good. PBR can be easily modified via single access list.
0
BSModlinAuthor Commented:
Thank you.  Can you please give me an example of what the PBR would look like?
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Harold BowlinCCIE #52521, Principal Consulting EngineerCommented:
Are these DIA through a provider? Are they letting you run BGP with them? Even if not, did they give you a single public IP space or 2 blocks? If they gave you 2 blocks and you want to run both VLANs as autonomous networks independent of one another, you can definitely do what was suggested earlier by using VRFs to keep the traffic separate. One thing I would do is not utilize the global table at all. This will allow you to properly label both routing tables. Example below.

vrf definition VLAN20
address-family ipv4
!
vrf definition VLAN30
address-family ipv4

Not sure how you are going to get the traffic to the router but it could look something like either of these below configurations.

int po1.20
vrf forwarding VLAN20
ip address 10.55.20.1 255.255.255.0
!
int ran g0/0/0-1
channel-group 1
!
int po1.30
vrf forwarding VLAN30
ip address 10.55.30.1 255.255.255.0
!

If you are using an L3 switch you can do routing via EIGRP or OSPF......

router eigrp VLAN20
address-family ipv4 unicast vrf VLAN20 as xx
network 10.55.20.1 0.0.0.0
!
router eigrp VLAN30
address-family ipv4 unicast vrf VLAN30 as xx
network 10.55.30.1 0.0.0.0
!
router ospf xx vrf VLAN20
router-id x.x.x.x
network 10.55.20.1 0.0.0.0 area 0
!
router ospf xx vrf VLAN30
router-id x.x.x.x
network 10.55.30.1 0.0.0.0 area 0
!
So that is the LAN side, the WAN side will be determined on how the provider is handling your traffic and your public IP space available for your use.

Another question I may have in this scenario since you didn't mention any public IP space.....are they providing a managed router and doing NAT for you? If that is the case, then it makes this much easier on your side for configuration but you also want to ensure you are communicating with the provider regarding the networks that will be allowed in their NAT policy.
0
kevinhsiehCommented:
Here's basic PBR code for you.

interface vlan 30
 ip address 10.22.30.1 255.255.255.0
 ip flow ingress
 ip policy route-map INTERNET-PBR

route-map INTERNET-PBR permit 1
 description Routes some traffic out to ISP 2
 match ip address ISP2-PBR-ACL
 set ip next-hop aaa.bbb.ccc.ddd 

ip access-list extended ISP2-PBR-ACL
 remark Controls which traffic goes out ISP2
remark anything that doesn't match will take the normal route 
permit 10.22.30.0 0.0.0.255
 

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BSModlinAuthor Commented:
Ok great.  What does the "IP flow ingress" command do?
0
kevinhsiehCommented:
that's leftover command from my router. It allows net flow statistics to be collected. From the router I can see the top 200 conversations by size.
0
BSModlinAuthor Commented:
Thank you..... last question....  How can I configure failover, just in case one of these circuits goes down?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VLAN

From novice to tech pro — start learning today.