Search similar:
|
|
uniqs 5020 |
|
|
|
|
[HELP] Cisco Router Config (2811) with two ISPsHi Everyone, I've been stuck trying to get my new router configured properly, I have a 2811 with an ADSL WIC that's working perfectly, I'd like to add a link from the local FE0/1 to another ISP that's currently coming into the house (specifically Rogers / SMCD3GN Router). I've connected the router port to the SMC router, and I can ping the router just fine from the cisco, but not from the internal network. I've tried adding static routes in place with no change, the Rogers router is still out of reach. [Cable]
[192.168.0.0/24] [ADSL]
(FE0/1) (ADSL WIC)
| |
| |
-------------------------------------
|
|
[Cisco 2811]
|
|
(FE0/0)
[LAN 192.168.100.0/24]
Ideally I'd like to have host 192.168.100.200 only use the Cable path, while having all others use the ADSL interface. Is this something that's possible to do, and if so how would I go about setting it up. Many thanks, --aleks | | |
aryoba
MVM
2011-Nov-15 11:45 am
Ideally with such setup, you have dedicated router for each ISP. Internally you split up your LAN into two where first half of the network uses first ISP as primary and second half of the network uses second ISP as primary. Should one ISP fail, your network will use the other ISP as backup to go out. | | BinkVillains... knock off all that evil join:2006-05-14 Colorado 2 edits |
to atodorovic
I respectfully disagree with aryoba using multiple routers makes things messyas modern routing equipment tends to better support the poor mans BGP/multi-WAN. That said, I suggest you read up on Ciscos PfR/OER and Policy-Based Routing (PBR), which are probably the best/most flexible ways to do what you want. | | |
to atodorovic
Are you double NATing between the 2811 and the SMC -- ie FE0/1 is configured IP NAT outside?
Honestly I'd get Rogers to put the SMC into bridge mode so you have public IP addresses on both your FE0/1 and ADSL interfaces, and as Bink has noted, use PfR/OER and PBR to determine which ISP traffic should take.
Let us know if you need any help with the configs atodorovic.
Regards | | |
Thanks for the tips guys.
I stumbled across PBR last night during my search for a sample configuration and left it as something to read up on, so I'll definitely look into that.
As for the current configuration, yes FE0/1 is configured with IP NAT outside, but I haven't tried the bridge mode on the SMC, I can actually apply that myself I believe, as it's an option on the first configuration page of the SMC router.
I'll definitely set the router to bridge mode, and then see if I can use PBR to get rolling.
Many thanks, --aleks | | atodorovic |
Hi everyone, Tried a few things, and it's still giving me a few issues. The SMC router is now in bridge mode, my FE0/1 interface has an external IP now. I've added the following to the config of the 2811
to the interface FE0/0 (internal network 192.168.100.254) ip route-cache policy ip policy route-map Rogers
then I created an access list like below, to only allow the one host
access-list 1 permit 192.168.100.201
and finally created the actual route map with the following:
route-map Rogers permit 10 match ip address 1 set ip next-hop (external ip of FE0/1 interface)
yet it's still not routing the traffic from that host out the FE0/1 interface.
Any suggestions?
Thanks, --aleks | | atodorovic |
could it be that my next-hop address is incorrect? I currently have it set to the FastEthernet 0/1 IP address, if that's indeed the case, how do I find out what the next-hop should be? btw, I've attached a couple of debug log lines for (debug ip policy) Nov 15 22:25:45 192.168.100.254 2865: IP: s=192.168.100.201 (FastEthernet0/0), d=137.122.187.16, len 64, FIB policy rejected(no match) - normal forwarding
Nov 15 22:25:45 192.168.100.254 2866: IP: s=192.168.100.201 (FastEthernet0/0), d=137.122.187.16, len 64, FIB policy rejected(no match) - normal forwarding
Nov 15 22:25:45 192.168.100.254 2867: IP: s=192.168.100.201 (FastEthernet0/0), d=137.122.187.16, len 64, FIB policy rejected(no match) - normal forwarding
Nov 15 22:25:45 192.168.100.254 2870: IP: s=192.168.100.201 (FastEthernet0/0), d=137.122.187.16, len 52, FIB policy rejected(no match) - normal forwarding
Nov 15 22:25:45 192.168.100.254 2871: IP: s=192.168.100.201 (FastEthernet0/0), d=137.122.187.16, len 52, FIB policy rejected(no match) - normal forwarding
Nov 15 22:25:45 192.168.100.254 2872: IP: s=192.168.100.201 (FastEthernet0/0), d=137.122.187.16, len 52, FIB policy rejected(no match) - normal forwarding
thanks, --aleks | | |
to atodorovic
mind blowing configuration. i am having trouble with the 2811. so far i am doing it right now so far no other questions will im carefully analyzing everything. | | |
to atodorovic
said by atodorovic:Hi everyone, Tried a few things, and it's still giving me a few issues. The SMC router is now in bridge mode, my FE0/1 interface has an external IP now. I've added the following to the config of the 2811
to the interface FE0/0 (internal network 192.168.100.254) ip route-cache policy ip policy route-map Rogers
then I created an access list like below, to only allow the one host
access-list 1 permit 192.168.100.201
and finally created the actual route map with the following:
route-map Rogers permit 10 match ip address 1 set ip next-hop (external ip of FE0/1 interface)
yet it's still not routing the traffic from that host out the FE0/1 interface.
Any suggestions?
Thanks, --aleks Heres what i would suggest to be sure. access-list 100 permit ip host 192.168.100.201 any route-map Rogers permit 10 match ip addr 100 set ip default next-hop IP Now for the IP, i think what you need is the default gateway that rogers would be handing you not the IP of the interface itself, hopefully you can find this IP out, worse case disable the dsl for a minute and try ip route 0.0.0.0 0.0.0.0 dhcp and see if its picks ip the gateway. Reason for this is just sending it to the fa0/1 IP isnt enough if there is no default route anywhere for that connection, its not going to know where to send the packets from there besides its default route out the DSL, because you are just sending the packets to the router itself on a different interface, but its routing table still applies. On the otherhand if you send it to the gateway from rogers, your router knows that IP is on the same subnet as your IP on your fa0/1 interface, so it knows to send it that way, then obviously rogers knows where to send the packets from there. This may provide a little more detail, notice in the example the next-hop is always the other side of the link, not the router ip that the traffic is comming from. » www.cisco.com/en/US/tech ··· 54.shtml | | |
Hi cool, thanks for the info, I finally got it to use the route-map late last night, but have run into a different issue, and it seems to be NAT related, here's the output from debug ip policy, and it's clearly being routed out the proper interface to the default gateway that I got from show dhcp lease yestarday Nov 17 11:04:11 192.168.100.254 39430: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, len 60, FIB policy match
Nov 17 11:04:11 192.168.100.254 39431: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, len 60, PBR Counted
Nov 17 11:04:11 192.168.100.254 39432: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, g=99.236.70.1, len 60, FIB policy routed
when i look at show ip nat translations though the inside global interface is wrong, it's showing it as my dialer0 (DSL) IP. I'm now reading a bunch of articles on NAT with route-maps, however the one example i tried didnt produce proper results ip nat inside source route-map Rogers interface FastEthernet 0/1 overload looking for more info as I type this. Thanks, --aleks | | |
said by atodorovic:Hi cool, thanks for the info, I finally got it to use the route-map late last night, but have run into a different issue, and it seems to be NAT related, here's the output from debug ip policy, and it's clearly being routed out the proper interface to the default gateway that I got from show dhcp lease yestarday
Nov 17 11:04:11 192.168.100.254 39430: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, len 60, FIB policy match
Nov 17 11:04:11 192.168.100.254 39431: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, len 60, PBR Counted
Nov 17 11:04:11 192.168.100.254 39432: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, g=99.236.70.1, len 60, FIB policy routed
when i look at show ip nat translations though the inside global interface is wrong, it's showing it as my dialer0 (DSL) IP. I'm now reading a bunch of articles on NAT with route-maps, however the one example i tried didnt produce proper results ip nat inside source route-map Rogers interface FastEthernet 0/1 overload looking for more info as I type this. Thanks, --aleks Show me a show ip nat stat sh run | inc nat | | cooldude9919 |
said by cooldude9919:said by atodorovic:Hi cool, thanks for the info, I finally got it to use the route-map late last night, but have run into a different issue, and it seems to be NAT related, here's the output from debug ip policy, and it's clearly being routed out the proper interface to the default gateway that I got from show dhcp lease yestarday
Nov 17 11:04:11 192.168.100.254 39430: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, len 60, FIB policy match
Nov 17 11:04:11 192.168.100.254 39431: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, len 60, PBR Counted
Nov 17 11:04:11 192.168.100.254 39432: Nov 17 16:04:11 UTC: IP: s=192.168.100.201 (FastEthernet0/0), d=70.38.0.136, g=99.236.70.1, len 60, FIB policy routed
when i look at show ip nat translations though the inside global interface is wrong, it's showing it as my dialer0 (DSL) IP. I'm now reading a bunch of articles on NAT with route-maps, however the one example i tried didnt produce proper results ip nat inside source route-map Rogers interface FastEthernet 0/1 overload looking for more info as I type this. Thanks, --aleks Show me a show ip nat stat sh run | inc nat In the mean time ill guess. I think your nat is getting hit on the wrong access list. nat with route-maps really isnt much different. Your rogers should look something like this. access-list 100 permit ip host 192.168.100.201 any ip nat inside source list 100 int fa0/1 over int fa0/1 ip nat out Whatever nat you have for your dsl should exclude 192.168.100.201, for example Ip nat inside soruce list 101 int dialer0 over access-list 101 deny ip host 192.168.100.201 any access-list 101 permit ip 192.168.100.0 0.0.0.255 any | | |
you Sir are a genius! you were correct that it was the access list I had the following defined: access-list 5 permit 192.168.100.201 (route map ACL) access-list 100 permit ip 192.168.100.0 0.0.0.0 any access-list 100 deny ip any any changed it to : access-list 5 permit 192.168.100.201 access-list 100 deny ip 192.168.100.201 0.0.0.0 any access-list 100 permit ip 192.168.100.0 0.0.0.0 any access-list 100 deny ip any any and BAM! things started working as they should. Many thanks for all your help cooldude9919. much appreciated, --aleks | | TomS_Git-r-done MVM join:2002-07-19 London, UK |
TomS_
MVM
2011-Nov-19 5:58 pm
said by atodorovic:access-list 100 deny ip any any You can drop that rule, unless you want it specifically for accounting ACL entry hits. All ACLs have an implicit "deny any any" at the end, so its not necessary to explicitly state it - that is to say, if a packet doesnt match against any rules, it gets denied. | | |
|