Re: Routing with Multiple FE interfaces

Matt.Fields · ‎11-30-2006

I have a Cisco 2811 that has 2 Fast Ethernet interfaces. One interface

I want to use to control "Routes" on my local private network

(Basically just routing back throught same same interface).

The other Interface is the LAN side my T1 connection coming in on a WIC

card (WAN).

My issue is that I can only specifly one default-gateway and one

0.0.0.0 0

0.0.0 route for the router.

Ideally, I need to be able to route and specify gateway settings by

interface.

Is this possible?

pkhatri · ‎11-30-2006

Matt,

If you speciy multiple default gateways, then you will end up load-sharing over them which is really not what you want.

I suggest you consider the use of a routing protocol if you have more complex requirements.

Paresh

Matt.Fields · ‎11-30-2006

This is currently how it looks:

interface Multilink1

ip address 67.xxx.xxx.126 255.255.255.252

ppp multilink

ppp multilink fragment disable

ppp multilink group 1

!

interface Serial0/0/0

description Quest Internet T1

no ip address

encapsulation ppp

no keepalive

no fair-queue

ppp multilink

ppp multilink group 1

no shutdown

!

interface Serial0/1/0

no ip address

encapsulation ppp

no keepalive

no fair-queue

ppp multilink

ppp multilink group 1

no shutdown

interface FastEthernet0/0

ip address 69.xxx.xxx.65 255.255.255.224

speed auto

full-duplex

no shutdown

speed auto

interface FastEthernet0/1

ip address 192.168.21.1 255.255.255.0

no shutdown

duplex auto

speed auto

For anything traveling though the FE0/1 interface, I want to use the below routes:

ip route 0.0.0.0 0.0.0.0 192.168.21.2 (Back to PIX, then gets filtered by Websense)

ip route 172.16.0.0 255.252.0.0 192.168.21.4

ip route 172.20.0.0 255.252.0.0 192.168.21.4

ip route 192.168.33.0 255.255.255.0 192.168.21.4

For anything traveling though the FE0/0 interface, I want to use the below routes:

ip route 0.0.0.0 0.0.0.0 67.XXX.XXX.125 (WAN Gateway back to ISP)

I would like to segragate the two interfaces, as if they were different routers.

Is this possible?

pkhatri · ‎11-30-2006

Hi.

Yes, that is possible using Policy-Based routing, which will allow you to route based on the source of the packets. Here's a document which describes it in more detail:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm

Paresh

PS> Pls do remember to rate posts

Matt.Fields · ‎11-30-2006

This really helps and after working with it a while I really like the concept. I was able to get one of my interfaces routing OK, but the Local Private LAN is not. Here is the Routing config I currently have.

interface FastEthernet0/0

ip address 67.xxx.xxx.65 255.255.255.224

ip policy route-map INETLAN

duplex full

speed auto

!

interface FastEthernet0/1

ip address 192.168.21.1 255.255.255.0

ip policy route-map ELGINLAN

duplex auto

speed auto

no routing dynamic

access-list 1 permit 192.168.21.0 0.0.0.255

access-list 2 permit 172.16.0.0 0.3.255.255

access-list 3 permit 172.20.0.0 0.3.255.255

access-list 5 permit any

access-list 6 permit 192.168.33.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

route-map ELGINLAN permit 10

match ip address 1 2 3 6

set ip next-hop 192.168.21.4

set ip default next-hop 192.168.21.2

!

route-map INETLAN permit 10

match ip address 5

set ip next-hop 67.xxx.xxx.125

When doing a trace route to a public address, for instance 4.2.2.2 from behind the FE0/1 interface, the default route is not wanted to kick in. 192.168.21.1 is the default gateway for the workstation I am doing this from. Here is what the results look like:

- 192.168.21.1

- 192.168.21.4

- ************

or sometimes they come back starting with 192.168.21.4 as the first hop, assuming my machine is using the arp info.

Also it has come back like this:

- 192.168.21.1

- 67.xxx.xxx.65

- *********

Ideally, I would like it to come back as:

- 192.168.21.1

- 192.168.21.2 (PIX out to the internet)

Your thoughts?

royalblues · ‎11-30-2006

Hi Matt,

The problem is with your route-map definition.

You have defined the next-hop as 192.168.21.4 and hence all the packets are being forwarded to it.

the command set ip default next-hop will kick in only when the above fails

HTH, rate if it does

Narayan

Matt.Fields · ‎12-01-2006

Here is the definition of "set ip default next-hop"; "Set next hop to which to route the packet, if there is no explicit route for this destination."

I would assume this mean since I did not explicitly specify a route for say, 4.2.2.2, then it would route to 192.168.21.4, which is the default.

Also, I have tried breaking the 0.0.0.0 route into a different sequence for the ELGLAN interface, but still the same result (see below).

access-list 1 permit 192.168.21.0 0.0.0.255

access-list 2 permit 172.16.0.0 0.3.255.255

access-list 3 permit 172.20.0.0 0.3.255.255

access-list 5 permit any

access-list 6 permit 192.168.33.0 0.0.0.255

route-map ELGINLAN permit 10

match ip address 1 2 3 6

set ip next-hop 192.168.21.4

!

route-map ELGINLAN permit 20

match ip address 5

set ip next-hop 192.168.21.2