Switch Router ISP Mess!

Unanswered Question
Jun 13th, 2010

Howdy!


I am a recent graduate of the CCNA Exploration classes and am taking my CCNA exam in the fall.  I am currently doing odd craigslist type jobs for experience and recently think I might have bit off a bit more than I can chew!  Any pushes in the right direction would be extremely helpful!


Briefly, I'll describe whats going on, then what's intended, and finally i'll post the running config for you to exam (with certain specifics deleted for security of course).


Whats going on:

Currently, there is a Cisco 2821 connected to an ISP (call it ISP1) on Fa0/0/3.  Don't ask, I didn't set it up!  There are 2 gigabit switches (non cisco) connected to each of the route-able Gigabit portso n the router.  GE0/0 is used for private networking PCs, Servers, and IP Phones (cisco).  GE0/1 is used for public servers.  Currently ISP1 is providing bonded T1 to the network.


Where we wanna go:

So, recently they have added 2 cable ISP lines (call them ISP2a & ISP2b) each at about 50Mbps.  They have were given a block of 5 static IP addresses.  However, they were given 2 different gateways (one in the correct subnet; one not).  I'm assuming this can be easily fixed by calling the ISP?  but thats not my most pressing issue.  The general idea is to load balance the traffic between the ISP2 connections and use the bonded T1 for redundancy / fail over.


The problem:

Initially, I thought this would be an easy fix:  Assign an ip address to each of the Fa interfaces that connect to the cable modems, no shutdown, and put 2 static default routes in with the same AD.  Then change the AD of the current default route (ISP1 bonded T1) to a high AD.  Wala!  Well, to my huge dismay - the Fa interfaces on the router are not router interfaces - they are switches!  So here is where I am stuck!


Any ideas?  Thanks in advance


The running-config:


Current configuration : 3896 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxx

!
boot-start-marker
boot-end-marker
!
logging count
logging buffered 52000 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxx

!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool sonos
   host 192.168.1.182 255.255.255.0
   client-identifier 0100.0e58.1089.ec
   dns-server 192.168.1.5
   default-router 192.168.1.1
!
ip dhcp pool sonos2
   host 192.168.1.181 255.255.255.0
   client-identifier 0100.0e58.001a.91
   dns-server 192.168.1.5
   default-router 192.168.1.1
   client-name sonosRemote
!
ip dhcp pool sonos3
   host 192.168.1.180 255.255.255.0
   client-identifier 0100.0e58.1081.f8
   dns-server 192.168.1.5
   default-router 192.168.1.1
   client-name sonosDanOffice
!
ip dhcp pool danlaptop
   host 192.168.1.210 255.255.255.0
   client-identifier 0108.001f.b101.a6
   dns-server 192.168.1.5
   default-router 192.168.1.1
!
ip dhcp pool tomLaptop
   host 192.168.1.211 255.255.255.0
   client-identifier 0100.11f5.6474.51
   dns-server 192.168.1.5
   default-router 192.168.1.1
!
ip dhcp pool joelaptop
   host 192.168.1.212 255.255.255.0
   client-identifier 0100.15c5.1f8a.53
   default-router 192.168.1.1
   dns-server 192.168.1.5
   client-name joelaptop1
!
ip dhcp pool macbookDan
   host 192.168.1.184 255.255.255.0
   client-identifier 0100.16cb.cc4b.42
   dns-server 192.168.1.5
   default-router 192.168.1.1
   client-name MacBook
!
ip dhcp pool bruce
   host 192.168.1.213 255.255.255.0
   client-identifier 0100.904b.a884.06
   dns-server 192.168.1.5
   default-router 192.168.1.1
   client-name BruceLaptop
!
ip dhcp pool burce
   client-identifier 0100.c09f.77e0.d9
!
ip dhcp pool jerry
   host 192.168.1.214 255.255.255.0
   client-identifier 0100.1641.e2a6.c7
   dns-server 192.168.1.5
   default-router 192.168.1.1
   client-name Jerry
!
!
ip domain name moonvalley.com
!
username xxxxxxxxxxx privilege 15 view root secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-LAN$
ip address 222.222.222.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Private Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0/0
  shutdown
duplex full
speed 100
!
interface FastEthernet0/0/1
shutdown
duplex full
speed 100
!
interface FastEthernet0/0/2
shutdown
duplex full
speed 100
!
interface FastEthernet0/0/3
description Internet Port - TimeWarner
switchport access vlan 20
load-interval 60
duplex full
speed 100
!
interface Vlan1
no ip address
!!
interface Vlan20
description Internet
ip address 168.168.168.195 255.255.255.0
ip access-group 101 in
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 168.168.168.1 permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 10 interface Vlan20 overload
!
logging 222.222.222.1
access-list 10 permit 192.168.0.0 0.0.1.255
access-list 100 remark let the private net out
access-list 100 remark SDM_ACL Category=3
access-list 100 permit ip any any
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------

xxxxxxxx . com
-----------------------------------------------------------------------

^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
TODD RIEMENSCHNEIDER Sun, 06/13/2010 - 19:30

Hey Matt,



I've personally not messed with the etherswitch modules. Maybe this link will help you out.

http://www.cisco.com/en/US/products/hw/modules/ps2797/products_configuration_example09186a0080810449.shtml


Seems like you might be able to accomplish what you were hoping to by creating a couple of vlans (SVI's) and then assigning the appropriate switchport to those vlans.


Good luck.


-Todd

Ganesh Hariharan Mon, 06/14/2010 - 00:15

Howdy!


I am a recent graduate of the CCNA Exploration classes and am taking my CCNA exam in the fall.  I am currently doing odd craigslist type jobs for experience and recently think I might have bit off a bit more than I can chew!  Any pushes in the right direction would be extremely helpful!


Briefly, I'll describe whats going on, then what's intended, and finally i'll post the running config for you to exam (with certain specifics deleted for security of course).


Whats going on:

Currently, there is a Cisco 2821 connected to an ISP (call it ISP1) on Fa0/0/3. Don't ask, I didn't set it up!  There are 2 gigabit switches (non cisco) connected to each of the route-able Gigabit portso n the router.  GE0/0 is used for private networking PCs, Servers, and IP Phones (cisco).  GE0/1 is used for public servers.  Currently ISP1 is providing bonded T1 to the network.


Where we wanna go:

So, recently they have added 2 cable ISP lines (call them ISP2a & ISP2b) each at about 50Mbps.  They have were given a block of 5 static IP addresses.  However, they were given 2 different gateways (one in the correct subnet; one not).  I'm assuming this can be easily fixed by calling the ISP?  but thats not my most pressing issue.  The general idea is to load balance the traffic between the ISP2 connections and use the bonded T1 for redundancy / fail over.


The problem:

Initially, I thought this would be an easy fix:  Assign an ip address to each of the Fa interfaces that connect to the cable modems, no shutdown, and put 2 static default routes in with the same AD.  Then change the AD of the current default route (ISP1 bonded T1) to a high AD.  Wala!  Well, to my huge dismay - the Fa interfaces on the router are not router interfaces - they are switches!  So here is where I am stuck!


Any ideas?  Thanks in advance


The running-config:


Current configuration : 3896 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxx

!

boot-start-marker

boot-end-marker

!

logging count

logging buffered 52000 debugging

Hi ,


If you want to achive failover of ISP then you can try configure using IP SLA configuration and automatic failover of primary ISP to secondary ISP without any manual inetventaion.


ip sla 1   < The number 1 here is arbitrary, used only to identify this sla. It is otherwise knows as the operation number>
icmp-echo any ip address  < ip address that responds to pings out on the internet>
timeout 500  < This is how long to wait for a response from the ping>
frequency 3 < This is the repeat rate for the SLA>
ip sla schedule 1 start-time now life forever < This command says  "start SLA 1 now and keep it running forever>

track 1 rtr 1 reachability   < This comand creates the track object "1" and monitors the SLA 1>


Change the default route and associate it with the tracker

ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1

Then we need to add our secondary route

ip route 0.0.0.0 0.0.0.0 1.1.1.2 10


Now when the ping to destination ip address fails the primary route is removed and the secondary route with the higher metric becomes the default. The route will be reinstated when the connectivity is restored.


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion

Related Content