Connecting Cable Modem Through 3560 Switch

Unanswered Question
Apr 13th, 2011

I have a 3560 series switch and two comcast cable modems. I connected the modems to them switch via cross over cables and set an OSPF routing on their subnets. I connected my wireless router to another port of the switch and set its gateway IP on the switch port. I can ping the modem with the switch and I can ping the wireless too. But I cannot access to the Internet via the wireless router.

Can anybody help me? Tell me what is the process to accomplish this task. I need load balancing on two cable modems and get a single network connection via the wireless router.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
yzeledon Wed, 04/13/2011 - 09:55

Hi,

Here is the scenario as I see it:

Modem-------|

                        |-----------Switch------------- Wireless Router

Modem-------|

You can have 2 default routes on the switch pointing to the Cable Modems, no need for OSPF. If you use multiple ip route 0.0.0.0 0.0.0.0 commands, traffic is load-balanced over the multiple routes:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml#route0.0

Remember to have the cable modems on different SVI's or issue the "no switport" command on the interfaces attached to the modems.

Configure the Wireless router to send all traffic to the switch.

In order for OSPF or any other routing protocol to work, you'll need the modems to use that same protocol.

Let me know how things work.

Cheers,

Yanil

mirsalaradili Wed, 04/13/2011 - 11:21

Thanks, but i have some problems with this switch. Here is the scenario and what i do:

Modem |-------------------------------|

10.10.10.1 255.255.255.0

                                             |-------------Switch-----------|Wireless Router            

Modem |-------------------------------|                                    10.0.0.14 255.255.255.0

20.20.20.2 255.255.255.0

Switch(config)#ip routing
Switch(config)#int fast0/2
Switch(config-if)#ip address 20.20.20.1 255.255.255.0
Switch(config-if)#^Z
Switch#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast0/3
Switch(config-if)#ip address 10.0.0.1 255.255.255.0
Switch(config-if)#int fast0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 10.10.10.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip defa
Switch(config)#ip default-network 20.20.20.2
Switch(config)#ip default-network 10.10.10.1
Switch(config)#exit

But my routing table won't change and I get this (plus I cannot access to the Internet through my wireless router):

Switch#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set  <------------------------------------------------------------------- See!

     20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       20.20.20.0/24 is directly connected, FastEthernet0/2
S       20.0.0.0/8 [1/0] via 20.20.20.2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/3

What am i doing wrong?

yzeledon Wed, 04/13/2011 - 11:53

Hi,

This is an example of configuring a gateway of last resort using the ip route 0.0.0.0 0.0.0.0 command:

Switch#configure terminal

   Enter configuration commands, one per line. End with CNTL/Z.

   Switch(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1

   Switch(config)#ip route 0.0.0.0 0.0.0.0 20.20.20.2

   Switch(config)#^Z

   Switch#

Let me know how it works.

Remember to enable "ip routing".

Cheers,

Yanil

mirsalaradili Wed, 04/13/2011 - 14:05

now I can ping www.google.com from the switch, but my wireless router is not connected to the internet..!! This should not be this hard, it is driving me nuts!!! What do you think is the problem? My wireless router ip address is 10.0.0.14 and the port on the switch which it is connected to is 10.0.0.1. Also i can ping the wireless router from the switch.

Thanks again for your quick replies.

yzeledon Thu, 04/14/2011 - 07:18

Hi,

The configuration on the switch is right, so know, to test it u can attach a computer directly to the switch. Although you may want to check the configuration on the AP, are you using the IP address of the switch as the default gateway for the AP? DG should be 10.0.0.1.

Cheers,

Yanil

mirsalaradili Thu, 04/14/2011 - 07:32

The port on the switch which the AP is connected to is on "no switchport" and has this IP: 10.0.0.1 255.255.255.0

So the DG set on the AP is 10.0.0.1 and the AP itself has an IP address in that range.

I can even ping to modem with the wireless router but not the Internet. Do you know why?

mirsalaradili Thu, 04/14/2011 - 08:17

Also when I connect my laptop to another port of the switch I have no access to the internet. I have internet access on the switch but when I connect a wireless router to it or my own laptop it drops packets. What should I do?

yzeledon Thu, 04/14/2011 - 08:28

Are you using the IP address of the switch as your default gateway? Can I see the configuration of the switch?

Cheers,

Yanil

mirsalaradili Thu, 04/14/2011 - 08:33

What do you mean by IP address of the switch? Which port's IP address are you referring to?

Here is a full "show run" information:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
no logging console
enable password admin
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
!


!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
no switchport
ip address 10.10.10.2 255.255.255.0
!

interface FastEthernet0/2
no switchport
ip address 20.20.20.1 255.255.255.0
!
interface FastEthernet0/3
no switchport
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
no switchport
ip address 30.30.30.1 255.255.255.0
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
!
interface Vlan1

no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.2
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

----------------------

I connected my laptop to FastEthernet 0/7 and gave the IP address to the port.

Please tell me what am i doing wrong?

yzeledon Fri, 04/15/2011 - 06:58

Hi,

Yes, I do see what we are missing:

1-      We still need one more default static route to the other modem.

2-      We need a NAT configuration.

Here is how you should do it:

!

interface FastEthernet0/1

no switchport

ip address 10.10.10.2 255.255.255.0

ip nat outside

!

interface FastEthernet0/2

no switchport

ip address 20.20.20.1 255.255.255.0

ip nat outside

!

interface FastEthernet0/3

no switchport

ip address 10.0.0.1 255.255.255.0

ip nat inside

!

access-list 1 permit 10.0.0.0 0.0.0.255

ip nat inside source list 1 FastEthernet0/1 overload

ip nat inside source list 1 FastEthernet0/2 overload

!

ip route 0.0.0.0 0.0.0.0 10.10.10.1

!

This should solve the problem, sorry for the late response.

Cheers,

Yanil

mirsalaradili Fri, 04/15/2011 - 07:45

Well the switch that I am using is a 3560 serie, so I do not think it supports NAT commands. Is there anyway to go around it and maybe use some other configurations? It is odd that the switch itself can ping 4.2.2.2 and my laptop or the wireless router which are connected to it can't! Also another wierd thing is that when I used Fast0/2 as a trunk port, my laptop seemed to be connected (the icon under there said i have access to the internet) but I could not ping 4.2.2.2!!!

So what do you think?

yzeledon Fri, 04/15/2011 - 08:19

I do see it doesn't support NAT, my bad!

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml

Both modems are only going to route for the 10.10.10.0 and 20.20.20.0 address. So maybe we can include the computer or the AP on the same VLAN (creating a VLAN for each modem) with the modems but that is not going to load balance at all.

Let me reproduce this on my LAB and see what woraround I can find.

Cheers,

Yanil

mirsalaradili Fri, 04/15/2011 - 11:09

Also, do you think it is possible to use the comcast modem to do the NAT? It

has a 1-NAT-1 feature.

Thanks again in advance

yzeledon Fri, 04/15/2011 - 12:49

Hi,

After testing in the lab, I see no workaround. Maybe we should try with a different device. I have consulted other engineers and we came to the same conclusion, use a different device, do you have a router we can configure?

The modem will only do NAT for the addresses configured in the LAN segment.

Cheers,

Yanil

mirsalaradili Fri, 04/15/2011 - 13:15

I am very grateful for your help so far.

Well I can buy one. But how much are we talking here? And also are you sure that a router that does NAT will be an answer to this task and the load balancing will be done fine?

Thanks,

mirsalaradili Mon, 04/18/2011 - 07:22

Any specific model comes to mind? And also can we use the router and the switch together and get the results we want?

yzeledon Mon, 04/18/2011 - 09:12

Hi,

To better recommend a model, here are some basic questions I may need to be answered:

How many users?

Besides NAT, what other features do you need? (Security, Firewall, encryption)

Traffic load? (estimated)

Any VoIP?

Any other input you can give me regarding the network.

Cheers,

Yanil

mirsalaradili Tue, 04/19/2011 - 08:33

Well there are usually 20 to 25 users directly and almost same amount remotely.

There should be a DMZ and firewall which I think we can use the Comcast itself.

About traffic load we have some high traffic days but the load balancing between these two i think will cover it.

There are several virtual servers which each has its own public IPs that needs to be NATed and some physical servers that must have NATing process on them as well.

The thing that makes me wonder is that how is it that I can have access to the Internet through the switch itself but can't have access through another port of the switch. Are you sure there are no ways to accomplish this with current equipments? Is NAT the only way to do this? No other way around?

yzeledon Mon, 04/25/2011 - 06:31

Hi,

First of all, let me apologize for the late response as I was out of the office. Now, to answer your question, the only reazon why the switch is able to access the internet is because it has an IP address on the range that is covered by both modems, different to the other devices that have an address on a different range.

Now, regarding the router, we can use a 2811 router, which is powerfull enough to cover the needs of the network and provide the requested features. We are going to need to add an extra card to connect to the LAN as both integrated 10/100 Fast Ethernet ports are going to be connected each to a different modem.


NAT is a feature that we are going to need for this design.

Let me know if I can be of further help.

Cheers,

Yanil

smitty6504 Mon, 04/25/2011 - 08:39

If you are going to buy a device why not look at the ASA5505 series. It provides 8 ethernet connections and does NAT. You would need to look at the different bundels to make sure it will provide a backup ethernet connecton for your secondary cable connection.

mirsalaradili Mon, 04/25/2011 - 09:22

So what is the best way to choose which model i need? It is important that it does the load balancing without any issues. I have Cisco 1941, Cisco 2811 and ASA 5505. Which one should i choose according to my needs?

yzeledon Mon, 04/25/2011 - 09:23

Hi,

As far as my understanding the ASA5505 will not load balance and NAT on different subnets at the same time, it will do it with 2 different IP's on the same segment, although not as what the customer is looking for.

Cheers,

Yanil

mirsalaradili Mon, 04/25/2011 - 09:29

How about 1941 or 2811? Does it do load balancing? Also I am going to need different VLANs so i need to be able to route in different subnets.

yzeledon Tue, 04/26/2011 - 07:16

Hi,

Both routers will do the job, I have a lot of experience with the 2811 so I can recommend you that one as it is very stable. On the other hand the 1941 is a new router that comes with support to new hardware, although for your needs we should go with the 2811!

Let me know if you need anything else.

Cheers,

Yanil

mirsalaradili Tue, 04/26/2011 - 08:20

So which bundle do you recommend for 2811? And I did not understand if 1941 can accomplish the tast or not? Also the final scenario will be like this:

Cable Modem1|--------

                                     |                                  |---Servers

                                     |-Router-|---- Switch---|---LAN

Cable Modem2|--------                                     |----Wireless Router---|

Correct me if I am wrong

yzeledon Tue, 04/26/2011 - 11:53

Hi,

Both routers can accomplish the same task with no problems, I just recommended the 2811 as I have more experience with it.

Topology is the correct one! I can assure you router will do the job!

Cheers,

Yanil

mirsalaradili Wed, 04/27/2011 - 06:49

Thank you for your very helpful information so far... One quick question so I understand this correctly. 2811 has two HWIC and two FastEthernet ports. They are all RJ-45 ports right? And we are going to plug the two cable modems into those two HWICs with RJ-45 cross-over cables. And then a straight through RJ-45 cable from one of the FastEthernets to the switch. Is that correct?

Sorry I asked so many question. I really appreciate your patience in this and bright information.

Thanks again for everything.

Best,

yzeledon Wed, 04/27/2011 - 14:21

Hi,

The 2811 has 2 builtin fast ethernet ports which we can use for the 2 modems. Now, the HWIC are only slots with nothing on them, we need to get one of the following cards:

Fast Ethernet:

http://www.cisco.com/en/US/partner/prod/collateral/routers/ps5854/product_data_sheet0900aecd80581fe6.html

Gigabit Ethernet:

http://www.cisco.com/en/US/partner/prod/collateral/routers/ps5854/product_data_sheet0900aecd8016be8d.html

We can use either card depening on your local swicth.

Let me know if this helps.

Cheers,

Yanil

mirsalaradili Wed, 04/27/2011 - 19:30

Well, I could not see the links that you sent in your past post. Can you tell me the models so I can see how much will it cost?

Also what are going to be the exact command lines for the task? and the topology plan?

I don't know how to thank you for all the time you've spent for this.

Waiting for your further helpful information

yzeledon Thu, 04/28/2011 - 06:28

Hi,

Probably because I was logged in when got them, try this one:

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd80581fe6.html

The part numbers are:

http://www.cisco.com/en/US/docs/routers/access/interfaces/ic/hardware/installation/guide/fe_hwic.html

The 1-port HWIC (HWIC-1FE) and the 2-port HWIC (HWIC-2FE).

And if you want more speed, this card supports ONLY 1000Gbs:

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd8016be8d_ps5949_Products_Data_Sheet.html

HWIC-1GE-SFP

Gigabit Ethernet HWIC with One SFP Slot

SFPs

GLC-T=

1000BASE-T SFP

Configuration wise, pretty much the same we were doing before:

F0/0

IP address ...

ip nat outside

!

F0/1

IP address ...

ip nat outside

!

F0/0/0

IP address ...

ip nat inside

!

NAT statement.

!

I'll still help you if once you get the card.

Modem1------|

                  |------Router-------|LANSwitch

Modem2------|

Cheers,

Yanil

mirsalaradili Thu, 04/28/2011 - 07:03

Good so I will purchase the device and the card and get back to you soon.

Another question. Are you sure this line of the configuration will work?

access-list 1 permit 10.0.0.0 0.0.0.255

ip nat inside source list 1 FastEthernet0/1 overload

ip nat inside source list 1 FastEthernet0/2 overload

Because I think the router will not keep both of the FastEthernets in this configuration. It will keep the last one only. Am I wrong?

mirsalaradili Thu, 05/12/2011 - 12:05

Hi,

I purchased the cisco 1941 with security package. Can you tell me the command lines that i need to import so i can check mine with yours and make sure everything will work fine?

Thank you very much Yanil,


Best,

Salar

yzeledon Fri, 05/13/2011 - 07:34

Hi,

Here is my recommendation on how you should do it:

!

interface FastEthernet0/0

ip address 10.10.10.2 255.255.255.0

ip nat outside

!

interface FastEthernet0/1

ip address 20.20.20.1 255.255.255.0

ip nat outside

!

interface FastEthernet0/0/0

ip address 10.0.0.1 255.255.255.0

ip nat inside

!

access-list 1 permit 10.0.0.0 0.0.0.255

ip nat inside source list 1 FastEthernet0/0 overload

ip nat inside source list 1 FastEthernet0/1 overload

!

ip route 0.0.0.0 0.0.0.0 10.10.10.1

ip route 0.0.0.0 0.0.0.0 20.20.20.2

!

Let me know how things work.
Cheers,
Yanil
mirsalaradili Thu, 06/02/2011 - 11:37

Hey,

It seems that i can't lead traffic from the swtich to the router. Can you please tell me the commands that i should import for each device separately? What i have on the switch now is just i gave ports ip addresses and then connected the switch to the router without making it trunk, i just set them in same subnet. then on the router i have ports in different subnets and NATing configuration is set as we discussed. But i can't connect to the internet from the switch.

Can you please send me the required command lines for the switch and the router separately so i have a more clear idea about the situation? this thing is taking too long and it is really bad for me, i would appreciate it if you could help me with this.

Thanks,
Salar

yzeledon Thu, 06/02/2011 - 12:16

Hi Salar,

Thank you for the update I was actually thinking about this case a while ago. Well, let the router do all the intervlan routing, maybe routing on a stick will be fine, is there a lot of traffic going to be generated from the LAN? If so, maybe not router on a stick but configure EIGRP between the router and the switch and have the router forward a default route to the switch, the switch doing the intervlan routing.

Let me know what you think about this solution. Here are some documents to read for configuration:

http://www.cisco.com/en/US/partner/docs/ios/12_2/ip/configuration/guide/1cfeigrp.html

Cheers,

Yannil

mirsalaradili Fri, 06/03/2011 - 06:46

Hi,

I think the router has the capability to handle the traffic. The internal traffic is going to be high but the main point of this scenario is to merge the two internet lines and load balance between them with the router so the speed will be increased and the internal network won't experience traffic overloads on the cable modem anymore. Then we are planning to configure VPN, Firewall, NATing configurations for different servers, etc on the router so we have a centralized administration for the internal network.

I couldn't open the link that you provided because i still do not have a contract number and my membership is limited. Can you please tell me more about exactly what to do and how to configure it as we talked before (including the command lines)? Can you please tell me what should be configured on the router and the switch separately?

Thanks,

Salar

Modem 1 |---------

                            |--- 1941W (Router) -----| 3650 (Switch) |-------| Internal Network

Modem 2 |---------

yzeledon Fri, 06/03/2011 - 08:32

Hi Salar,

Here is how it goes:

The switch doesn't need to have more than one network, so all you have to do is configure the interface that goes to the router as a access port, on the same vlan as the rest of the network and have the router be the default gateway for the network.

Are you going to have only 1 VLAN?

If you have more than one VLAN let me know so I can explain you better how we can work things out with EIGRP.

Cheers,

Yanil

mirsalaradili Fri, 06/03/2011 - 08:47

Yes we're going to have more than one VLAN. I think i will need more information about EIGRP. About those configurations can you copy the content of that page that i couldn't open here or email it to me to mirsalar@gmail.com ?

Thanks very much for your help Yanill,

Best,

Salar

mirsalaradili Fri, 06/10/2011 - 14:04

Hi Yanil,

So as the article says i can connect the switch to the  router with EIGRP and use the router as the default gateway for the  switch, is that correct?

Basically it will look like this:

          
Cable Modem1 |---|                                                                                                                               |---Servers
                               |--(NAT & default route)--|1941 Router|--(EIGRP)--| 3650 Switch  |--(Gateway)---|---Servers
Cable Modem2 |---|                                                                                                                               |---Servers

Am  I correct with the image of my network as it is shown on the above?  Will this cover load balancing? How about fault tolerance?

Thanks,
Salar
yzeledon Mon, 06/13/2011 - 08:51

Hi,

Sorry for the delay, I was out of the office. The topology looks great and it is a great idea to do the Inter-VLAN routing on the MLS switch. Load balancing is done on router so yes and fault tolerance, well if you mean the router is going to use the second link if the first one goes down, yes, router do that.

Cheers,

Yanil

Actions

Login or Register to take actions

This Discussion

Posted April 13, 2011 at 9:10 AM
Stats:
Replies:48 Avg. Rating:
Views:3656 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard