Current ISP is connected via MultilinkPPP via 2 bonded T1 circuits. (S1/0,1)
Current IP space: 22.214.171.124/26
New ISP is RF-based P2P with new antenna installed on roof.
Cable from roof runs into small bridging box which gives us a FastEthernet handoff.
New IP space: 126.96.36.199/26
I want to setup the new ISP, run everything through the VXR and test the new WAN connection before we commit and renumber.
To that end, I've added 2 new 1-port FastEthernet cards into the 7206 with the intention of running the 2 separate WAN links with their own ingress/egress ports as described.
The box the new RF ISP gave us has what is in essence the router address for our subnet: 188.8.131.52 and I have plugged that into one of the new FE ports (FE-2/0). I need to do the following:
1. route traffic that is addressed to IPs on our new public block out through the second new FE interface (FE-3/0)
2. put into place QoS on traffic coming to/from a particular set of IPs on our new public allocation for a new video conferencing system.
There is no NAT occurring here anywhere, just straight routing.
I did try to create a bridge-group between the two new FE (2/0 & 3/0) interfaces along with a configured BVI with address 184.108.40.206.
It was my understanding from some Cisco docs that this would create a sort of virtual switch/bridge between those interfaces. This did not work as planned either because it was not the right way to go or I missed something in the config (bridge irb, BVI, bridge-group 10, etc...)
I've attached a general diagram of what I'm trying to do.
Any suggestions, pointers in the right direction would be much appreciated.
The diagram was helpful and I would like to clarify one thing - it looks like your current provider gave you the 220.127.116.11 address space for your internal use and that the address of the multilink interface is a different subnet. Is that the case?
If that is the case then the basic issue is that your old provider is using 2 subnets while the new provider is using only a single subnet. So one alternative would be to ask the new provider if they could provide a second subnet and your implementation would be quite straightforward. If the new provider will give only the single subnet then I believe that you have a couple of alternatives to consider:
- I have seen situations like this where the solution was to use the provider address subnet as a pool of addresses for Network Address Translation. Some of the translations might be static and some might be dynamic depending on your requirements.
- the other solution would be to try to bridge the new outside interface to an inside interface, which is what you were doing with the BVI. I would think that should have worked. Perhaps you can post some of the configuration detail so that we could see if there were some issue with it?
As I said, there is no NAT'ing going on here. These are straight public IP address range allocations from the 2 different ISPs. The "WAN switch" is merely a regular layer 2 switch that we connect devices to that have been given 1 more of public IP addresses from the allocated range(s).
As for the BVI config:
bridge 10 protocol ieee bridge 10 route ip
interface FastEthernet2/0 description InFromNewRFisp no ip address bridge-group 10
interface FastEthernet3/0 description InFromNewWANSubnet no ip address bridge-group 10
interface BVI10 ip address 18.104.22.168 255.255.255.192
and then I had tried to force routing for that subnet using a route-map:
ip access-list extended rfispipspace permit ip 22.214.171.124 0.0.0.63 any
route-map rfisp-source-route-hack permit 10 match ip address prefix-list rfispipspace set interface FastEthernet2/0
and had also tried:
route-map rfisp-source-route-hack permit 10 match ip address prefix-list rfispipspace set interface BVI10
We were testing basic pings between the RF ISP bridge device (it has a remote console) and the 7206 and also out to the internet to other devices and we could not seem to get much to work as expected.
Obviously, when we drop the old ISP, the routing config will become "simple" again, and assuming most of my config was correct, what would devices on our "WAN" subnet use for gateway? 126.96.36.199 or 188.8.131.52?
You have made it abundantly clear that there is no NAT in your current environment. And I completely understand that. I am not talking about NAT in your present environment but I am suggesting that you might need NAT in your future environment.
I am not sure that you understand the significance of a subtle change that is taking place as you switch providers. Your original provider supplied 2 subnets (one for your router interface and one for your users) and it easily supports the implementation where the connection to the provider is one interface and the interface to the users is a different interface. But with the new provider they are supplying you with a single subnet and this suggests an assumption that the users are on the same interface as the connection to the provider.
If the users are not on the same interface as the connection to the provider then as I see it you have several options:
- you can ask the provider for a second subnet.
- you can try the bridging/BVI option.
- you can do NAT. (and in my experience the NAT option is chosen more frequently than the bridging/BVI option).
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...