Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Splitting a line to service 2 routers


I am setting up a new network consisting of several different zones. Everything has been planned except for the initial line drop into the lab. I have 2 routers (2 layer 3 ports each, and a 4 port HWIC module (ports function as layer 2 unless bumped to layer 3, but limited configuration)) that act also as the firewall, IDS and VPN, a managed 2948-l3 switch and then a couple lower level managed switches. Our Internent line comes in as a single line with a block of static addresses.

My plan for the design was to take the one line in and split it to both routers respectively. I thought I could do this through the layer 3 switch, but that is not the case due to it not supporting NAT. This leaves me with one Internet line that needs to go to 2 different routers, but not much options. I know I can put the routers inline with eachother, but this is not ideal. As mentioned before, this ONE network will be separeted into different zones. One router will function as the standard user net whereas the other will NEED unrestricted access at all times and have NO communication with the usernet. If I put them inline with eachother, I will constantly need to modify the top router (usernet) to allow the testing network out or in. Does anyone have any ideas on how to solve this with just the current hardware mentioned? I know buying a core router that those routers would branch off of would work, but if I don't need to spend money to fix this then that works better.

Just to add, I have thought of an idea that may work:

- Having usernet take the internet line in, create a NAT pool that testing can pull from and connect them that way. Allow anything from testing out and worst case I update the static NAT when needed.

Hopefully all of this makes sense. Thanks in advance.


Re: Splitting a line to service 2 routers

If you have a router bringing your routes in, then put a L2 switch behind that and then connect both of your routers into it. Put the respective addresses on each of the egress interfaces, and then assign your private addresses to the inside. Connect whatever clients you want to your layer 3 switch using VLANs. Use policy routing to route them through their respective routers.

I at least hope I answered the question partially. :-)


HTH, John *** Please rate all useful posts ***
New Member

Re: Splitting a line to service 2 routers

Thanks a lot John. I knew I could do that and currently that is the solution I have in place. However, I really wanted to utilize the 2948 L3 switch I have. It seems like you should be able to bring the routed ports back to L2, but I can't figure out a way. The only thing I see is bridging the interfaces together, but the bridge requires that one interface be assigned an IP. That won't work for me if I am splitting the Internet connection (no NAT support on the interfaces on the switch).

Re: Splitting a line to service 2 routers

Can you issue a "no ip routing" on that switch to bring it back to a layer 2 device?


HTH, John *** Please rate all useful posts ***