Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2911 with multiple Internet connections

I'm sure this question comes up alot but i cant find a deffinative answer.

We are about to install a cisco 2911 router to replace a linux based router.

The Cisco will have 5 gig ports, 4 ports connected to DSL modems each modem connected to a different ISP, and the last port connected to a Cisco LAN switch.

802.1q will be used on the internal router port to split the LAN segments up into VLAN's as the building contains lots of different businesses.

Each customer in the building has there own servers and set of public IP addresses assigned e.g

Customer A - ISP 1      uses  81.34.65.78 NAT'd to 10.0.0.1 Vlan 5 port 25 (SMTP)

Customer B - ISP 2     uses 217.23.67.87 NAT'd to 192.168.1.1 Vlan 6 port 25 (SMTP)

and so on

The outbound traffic also needs to go out of the correct DSL line which ever has been assigned to that customer.

Am i right in thinking the only way to do this will be to use "Route Maps" ??

(IP addresses above are made up, or at least not ours)

3 ACCEPTED SOLUTIONS

Accepted Solutions

Cisco 2911 with multiple Internet connections

Please correct me if I'm wrong guys, but I believe you would add the route-map to your subinterfaces, since you're doing Routing on a stick.

access-list 115 permit ip 10.0.0.0 0.0.0.255 any

access-list 116 permit ip 192.168.1.0 0.0.0.255 any

route-map VLAN5-OUT permit 10

permit ip access-list 115

set ip next-hop 81.34.65.78

route-map VLAN6-out permit 20

permit ip access-list 116

set ip next-hop 217.23.67.87

int x/x.5

ip address 10.0.0.1 255.255.255.0

ip policy route-map VLAN5-OUT
int x/x.6

ip address 192.168.1.1 255.255.255.0

ip policy route-map VLAN6-OUT

And, you can leave your default route there if you want.

New Member

Cisco 2911 with multiple Internet connections

yes, under route map its match ip add 115,

when there are packet that match the access-list 115, then this packets will go to the address that you configure in set ip next-hop

if it doesnt match, it will check the other route map, of no other route map being matched, it will use the normal routing process.

regards,

Hall of Fame Super Silver

Cisco 2911 with multiple Internet connections

permit ip access-list 115 is not accepted because permit is not a valid action in that part of the route map. In that part of the route map you can use match or you can use set, but permit is not a valid option. match ip address 115 is what you want to use and it will use access list 115 to identify the traffic to be policy routed.

And yes the IP address specified is the next hop address and not the outside interface address.

HTH

Rick

19 REPLIES

Cisco 2911 with multiple Internet connections

I would configure PBR for this.

For example:

On the subinterface on the GigE port on the 2911 going to all LANs, for that specific vlan 10.0.0.1 I would create

a route map, and have a next-hop for the specific ISP.

Hall of Fame Super Silver

Cisco 2911 with multiple Internet connections

PBR is certainly one possibility (and I believe that this is what the original poster was meaning when he talked about using route maps). I would think that another possibility would be to configure VRFs with a VLAN and an outside interface in a VRF for each of the customers.

HTH

Rick

New Member

Cisco 2911 with multiple Internet connections

i would agree to all of you in using PBR. its much simpler.

@Richard,

have you implement vrf with vlan for these kind of situation? whats the advantage?

regards,

New Member

Cisco 2911 with multiple Internet connections

Could any one give me an example of how a PBR/Route Map would look assuming...

Vlan 5 - Subnet 10.0.0.0/24 needs to send all traffic out of External IP - 81.34.65.78

Vlan 6 - Subnet 192.168.1.0/24 needs to send all traffic out of External IP - 217.23.67.87

Am i right in thinking the route maps will apply before the default route..

ip route 0.0.0.0 0.0.0.0 87.34.43.2 gi0/0

Takes effect.

Cisco 2911 with multiple Internet connections

Please correct me if I'm wrong guys, but I believe you would add the route-map to your subinterfaces, since you're doing Routing on a stick.

access-list 115 permit ip 10.0.0.0 0.0.0.255 any

access-list 116 permit ip 192.168.1.0 0.0.0.255 any

route-map VLAN5-OUT permit 10

permit ip access-list 115

set ip next-hop 81.34.65.78

route-map VLAN6-out permit 20

permit ip access-list 116

set ip next-hop 217.23.67.87

int x/x.5

ip address 10.0.0.1 255.255.255.0

ip policy route-map VLAN5-OUT
int x/x.6

ip address 192.168.1.1 255.255.255.0

ip policy route-map VLAN6-OUT

And, you can leave your default route there if you want.

New Member

Cisco 2911 with multiple Internet connections

http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml#wp14019

http://www.ciscopress.com/articles/article.asp?p=102092

yes you are right, route map will be done before any routing decisions.

i think you want to use the set ip default network

after configuring this, you can check the traffic path by using traceroute from the user in vlan 5 and 6

regards,

New Member

Cisco 2911 with multiple Internet connections

Thanks for the quick response John, i'm installing the router tomorrow morning i'll try it then and mark answers correct where applicable, looks good to me though

Cisco 2911 with multiple Internet connections

No problem Andy, I ask for help as well sometimes. I figured if I ask for help, I might as well answer some questions too

New Member

Cisco 2911 with multiple Internet connections

Finally getting round to trying this but get stuck when i try and enter..

route-map VLAN5-OUT permit 10

permit ip access-list 115

set ip next-hop 81.34.65.78

The part in bold is not accepted, any ideas?

New Member

Re: Cisco 2911 with multiple Internet connections

What part is being set in bold?

Curtis

Sent from Cisco Technical Support iPad App

New Member

Cisco 2911 with multiple Internet connections

The "permit ip access-list 115" is not an accepted command when i try and created the route-map.

I've used "match ip address 115" instead im guessing its the same thing.

The set ip next-hop x.x.x.x am i right in thinking that will be the IP address of the next router and not the outside interface address?

New Member

Cisco 2911 with multiple Internet connections

yes, under route map its match ip add 115,

when there are packet that match the access-list 115, then this packets will go to the address that you configure in set ip next-hop

if it doesnt match, it will check the other route map, of no other route map being matched, it will use the normal routing process.

regards,

Hall of Fame Super Silver

Cisco 2911 with multiple Internet connections

permit ip access-list 115 is not accepted because permit is not a valid action in that part of the route map. In that part of the route map you can use match or you can use set, but permit is not a valid option. match ip address 115 is what you want to use and it will use access list 115 to identify the traffic to be policy routed.

And yes the IP address specified is the next hop address and not the outside interface address.

HTH

Rick

New Member

Cisco 2911 with multiple Internet connections

Thanks for all your help guys it's working perfectly, the old linux box can go in the bin!!

New Member

Cisco 2911 with multiple Internet connections

Hey Andy can you paste the complete working config, i would need the same shortly.

thanks in advance

CK

New Member

Re: Cisco 2911 with multiple Internet connections

Spoke to soon, i'm on the last Client in the building and the route-map wont work (config is attached if anyone can help).

Its..

route-map vlan23-out permit 40

match ip address 123

set ip next-hop 87.194.168.1

As soon as i add the route-map the client loses internet, if i take the ip policy out from the gi 0/0.123 they work but going out of the wrong ISP as they use the default route.

      

The config isnt finshed yet i havent put in the acl's to block inter-vlan traffic etc, just need to get all the clients online first.

New Member

Re: Cisco 2911 with multiple Internet connections

Just incase anyone notices the next hop IP is 87.194.168.90 on the route-map, ive done that so they can get internet access.

The next hop should be 87.194.168.1

New Member

It has pass long time now I

It has pass long time now I can see but I wouldnt like to create a new topic for something simular.

So I am having a 2911 with two vdsl modules. 

vdsl1 wan ip 2.84.XXX.XXX

vdsl2 wan ip 91.138.XXX.XXX

I have for each vdsl connection a different vlan so if I need someone to send it direct from one connection I can put him to the vlan X.

For vdsl1 its the vlan 50

For vdsl2 its the vlan 51

interface GigabitEthernet0/0.50
description *** vdsl1 ***
encapsulation dot1Q 50
ip address 10.10.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map RM1
!
interface GigabitEthernet0/0.51
description *** vdsl2 ***
encapsulation dot1Q 51
ip address 10.10.51.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map RM2

ip access-list extended ACL1
permit ip 10.10.50.0 0.0.0.255 any
ip access-list extended ACL2
permit ip 10.10.51.0 0.0.0.255 any

route-map RM2 permit 20
match ip address ACL2
set default interface Dialer2
!
route-map RM1 permit 10
match ip address ACL1
set default interface Dialer1

Any ideas or suggestions why this isn't working?

Thank you in advance

Hall of Fame Super Silver

It would help us to give

It would help us to give better answers if we knew more about your situation. In particular what is not working? Is it that the users do not have connectivity to remote resources (which could be issues with address translation or with routing, as well as issues with PBR)? Or do you know that PBR us not working? If PBR is not working then what part is not working? Is it not matching traffic correctly, or is it not using the correct path identified in the set command?

Give us more information to work with and we will try to make suggestions.

HTH

Rick

3387
Views
15
Helpful
19
Replies
CreatePlease login to create content