Adding 2nd ISP to Cisco 9300

chueymtz · ‎08-29-2022

I have a Cisco 9300 that currently uses our century link as our primary isp we recently got a Comcast Business modem and wanted to add this as a secondary to the same router. I’m a little confused as I’ve never done this before, so I assign the Comcast ip to the port that I plug the it into on the Cisco? They gave us 5 static ips 79.91.208.64 to 69. Any help would be much appreciated. But I noticed none of the static ips from our century link are assigned to any of the ports.

MHM Cisco World · ‎08-29-2022

share the topology

balaji.bandi · ‎08-30-2022

Cisco 9300 - is a Switch, it will not do any routing /Nat in general condition.

May be you need to add Layer 2 access port and seperate the VLAN

show run - will help to understand the config to suggest better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎08-30-2022

FYI
the 9000 series support NAT

balaji.bandi · ‎08-30-2022

Cisco 9300 - is a Switch, it will not do any routing /Nat in general condition. - i would have clairfied. In General deployment people do not use Cat 9300 as Edge device to replace Routers/FW (its not a good secure device use Cat 9300 as your Internet end device in the perimeter - sure can be act as Layer 2 switch to pass the information)

yes aware new Cat 9K platform support all the features what end user looking Routing and NAT.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

chueymtz · ‎08-30-2022

Ok guys update, so I have a smaller 3560-cx that splits our isp into 2 to go into the firewall, I noticed that only port 0/1 is configured with the centurylink settings, is this where I am supposed to add the failover by assigning the static Ip for comcast to port 0/2? I will post the config below

chueymtz · ‎08-30-2022

interface GigabitEthernet0/1
description connection to Internet
no switchport
ip address 65.144.x.x 255.255.255.252
!
interface GigabitEthernet0/2
description Comcast
no switchport
ip address 73.23.x.x 255.255.255.248
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
switchport mode access
!
interface GigabitEthernet0/5
switchport mode access
!
interface GigabitEthernet0/6
switchport mode access
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface Vlan1
ip address 74.5.x.x 255.255.255.248
!
interface Vlan2
ip address 70.91.x.x 255.255.255.248
!
ip forward-protocol nd
!
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 65.144.x.x
ip route 0.0.0.0 0.0.0.0 73.23.x.x
!
!
access-list 46 permit 185.189.149.184
access-list 46 permit 185.189.151.235
access-list 46 permit 89.248.173.131
access-list 46 permit 185.158.251.126
access-list 46 permit 185.212.47.166
!
!
!
!
line con 0
line vty 0 4
access-class 46 in
privilege level 15
login local
transport input telnet ssh
line vty 5 14
access-class 46 in
login
line vty 15
login
!
!
end

3560-CX_HQ_ASA_GATEWAY#

MHM Cisco World · ‎08-30-2022

w/o PBR
the load balance will make traffic go via two default router
w PBR
interface GigabitEthernet0/1
ip address 65.144.x.x 255.255.255.252
!
interface GigabitEthernet0/2
ip address 73.23.x.x 255.255.255.248
!
interface Vlan1
ip address 74.5.x.x 255.255.255.248
ip policy route-map ISP-A
!
interface Vlan2
ip address 70.91.x.x 255.255.255.248
ip policy route-map ISP-B
!
ip access-list extended 100
permit ip 74.5.x.x 255.255.255.248 any
!
ip access-list extended 110
permit ip 70.91.x.x 255.255.255.248 any
!
route-map ISP-A permit 10
match ip add 100
set interface Gt0/1
!
route-map ISP-B permit 10
match ip add 110
set interface G0/2

chueymtz · ‎08-30-2022

Hello,

I tried this but when I put in the interface Vlan1
ip address 74.5.x.x 255.255.255.248
ip policy route-map ISP-A
!
interface Vlan2
ip address 70.91.x.x 255.255.255.248
ip policy route-map ISP-B

I gert an error "Platfrom_PBR-3-UNSUPPORTED_RMAP: Route-map ISPA-A not supported for Policy=Based Routin

MHM Cisco World · ‎08-30-2022

set interface G0/2<<- only change the set from set interface to set next-hop
and then try again

chueymtz · ‎08-30-2022

Sorry I don't understand can you show me?

MHM Cisco World · ‎08-31-2022

route-map ISP-A permit 10
match ip add 100
set ip next-hop <x>
!
route-map ISP-B permit 10
match ip add 110
set ip next-hop <y>

chueymtz · ‎09-01-2022

This didn't work for me either.

MHM Cisco World · ‎09-01-2022

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr79637

this bug I think

balaji.bandi · ‎08-30-2022

First instance you mentioned Cat 9300, now you comeup with Cat 3560X switch.

As the Switch information it is connected to ASA (if that is case) why not do the Dual ISP gateway using ASA, rather rely on switch.

Still you looking to do with Switch here PBR config and IOS code you need to run :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_7_e/configuration_guide/b_1527e_consolidated_3560cx_2960cx_cg/configuring_policy_based_routing__pbr_.html

ASA with dual ISP my take.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help