Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
3
Replies

Splitting a line to service 2 routers

rebrokenglass
Level 1
Level 1

‎09-14-2008 04:28 PM - edited ‎03-06-2019 01:22 AM

All,

I am setting up a new network consisting of several different zones. Everything has been planned except for the initial line drop into the lab. I have 2 routers (2 layer 3 ports each, and a 4 port HWIC module (ports function as layer 2 unless bumped to layer 3, but limited configuration)) that act also as the firewall, IDS and VPN, a managed 2948-l3 switch and then a couple lower level managed switches. Our Internent line comes in as a single line with a block of static addresses.

My plan for the design was to take the one line in and split it to both routers respectively. I thought I could do this through the layer 3 switch, but that is not the case due to it not supporting NAT. This leaves me with one Internet line that needs to go to 2 different routers, but not much options. I know I can put the routers inline with eachother, but this is not ideal. As mentioned before, this ONE network will be separeted into different zones. One router will function as the standard user net whereas the other will NEED unrestricted access at all times and have NO communication with the usernet. If I put them inline with eachother, I will constantly need to modify the top router (usernet) to allow the testing network out or in. Does anyone have any ideas on how to solve this with just the current hardware mentioned? I know buying a core router that those routers would branch off of would work, but if I don't need to spend money to fix this then that works better.

Just to add, I have thought of an idea that may work:

- Having usernet take the internet line in, create a NAT pool that testing can pull from and connect them that way. Allow anything from testing out and worst case I update the static NAT when needed.

Hopefully all of this makes sense. Thanks in advance.

Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎09-22-2008 10:16 AM

If you have a router bringing your routes in, then put a L2 switch behind that and then connect both of your routers into it. Put the respective addresses on each of the egress interfaces, and then assign your private addresses to the inside. Connect whatever clients you want to your layer 3 switch using VLANs. Use policy routing to route them through their respective routers.

I at least hope I answered the question partially. :-)

--John

HTH, John *** Please rate all useful posts ***
0 Helpful

rebrokenglass
Level 1
Level 1
In response to John Blakley

‎09-22-2008 10:37 AM

Thanks a lot John. I knew I could do that and currently that is the solution I have in place. However, I really wanted to utilize the 2948 L3 switch I have. It seems like you should be able to bring the routed ports back to L2, but I can't figure out a way. The only thing I see is bridging the interfaces together, but the bridge requires that one interface be assigned an IP. That won't work for me if I am splitting the Internet connection (no NAT support on the interfaces on the switch).

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to rebrokenglass

‎09-22-2008 10:58 AM

Can you issue a "no ip routing" on that switch to bring it back to a layer 2 device?

--John

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card