Cisco 1100 Router - Dual WAN Configuration

alexander2003 · ‎01-14-2023

Hello,
I have a question.
Currently I am trying to configure my new Cisco 1111 router.

Now to my problem:
I have two internet connections from two ISP. I would like to bundle both connections and get a load balancing, and therefore also reach the double speed (both connections are 300 Mbit each).

So far I haven't really found a way to configure this.

Would it be possible to connect a 3rd WAN port and route only one specific IP over this WAN?

Thanks

MHM Cisco World · ‎01-14-2023

what you need is load balance.
I will share lab with you

Joseph W. Doherty · ‎01-14-2023

"I have two internet connections from two ISP."

How do you route with them?

"I would like to bundle both connections and get a load balancing, and therefore also reach the double speed (both connections are 300 Mbit each)."

"double speed", no. Possibly 150% capacity, though.

"Would it be possible to connect a 3rd WAN port and route only one specific IP over this WAN?"

Possibly, depend on what features the 1100 supports. E.g. PBR might do that.

Leo Laohoo · ‎01-14-2023

ISR 1100 only supports ONE (1) copper WAN link.

It is possible to install a cellular modem for redundancy.

paul driver · ‎01-14-2023

Hello
You wont be able to "bundle" two different isp circuits together but you could implement a feature that would load balance application traffic over both isp links and achieve maximum BW utilization for those links - the feature is call Performance Routing PfR (formally OER)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎01-14-2023

You tell us very little about your environment and the lack of detail impacts our ability to give good advice. Your post contains several questions and I will deal with the easy one first:"Would it be possible to connect a 3rd WAN port and route only one specific IP over this WAN?" I would expect that your 1111 should support configuration of a third WAN and should support configuration of Policy Based Routing which could forward traffic from a single specific IP over the third WAN.
The more important question in the post is " I would like to bundle both connections and get a load balancing". There are several aspects to consider about this. When we are dealing with traffic to/from the Internet we should consider separately traffic to the Internet and traffic from the Internet. To arrange traffic to the Internet we need to understand your relationship with both ISP. We do not know how you plan to forward traffic to the ISPs. Are you planning to run BGP with both ISP? Or are you planning to configure static routes for each ISP? If you are planning to use BGP will each ISP advertise just a default route? Or will they advertise a default and some other routes?
You have a fair amount of control over how you send traffic to the Internet. You have less control over how the Internet sends traffic to you. One important question is whether some devices in the Internet will send traffic to you. One of the things that we do not know is whether some Internet devices will initiate traffic to your network. If they will initiate traffic to you then how will they learn your addresses? Do you have Public IP address space of your own? Or will you be using Public addresses provided by one or both of the ISP?

HTH

Rick

Georg Pauwen · ‎01-15-2023

Hello,

assuming you have the C1111-4P or C1111-8P, which I think has dual WAN GigabitEthernet interfaces, below is a sample configuration on how to use both WAN links simultaneously. It basically involves two static default routes, which are monitored through IP SLAs in case the connection to either ISP changes to up or down:

hostname ISR1111-4P
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
no ip domain lookup
ip cef
no ipv6 cef
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
ip tcp synwait-time 5
!
interface GigabitEthernet0/0/0
description ISP 1 WAN UPLINK
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0/1
description ISP 2 WAN UPLINK
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0/2
description LAN Interfaxe
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
no ip http server
no ip http secure-server
ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload
ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
!
ip sla
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
ip sla schedule 2 life forever start-time now
!
route-map ISP_1 permit 10
match ip address 101
match interface GigabitEthernet0/0/0
!
route-map ISP_2 permit 10
match ip address 101
match interface GigabitEthernet0/0/1
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
event manager applet ISP_1_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0"
action 4.0 cli command "ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
event manager applet ISP_1_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0"
action 4.0 cli command "no ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_UP
event track 2 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1"
action 4.0 cli command "ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_DOWN
event track 2 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1"
action 4.0 cli command "no ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"

alexander2003 · ‎01-16-2023

Is it possible to implement it this way as well?

I have 4 vlan's configured. I want VLAN 1 and 2 to use primarily WAN 1. VLAN 3 and 4 should use primarily WAN 2. In the event that one WAN is down, the other WAN should be used.

Thanks

Georg Pauwen · ‎01-16-2023

Hello,

possible with PBR. Did you configure what I posted yesterday, and if so, does the load balancing work ?

alexander2003 · ‎01-16-2023

Yes thanks, the configuration from yesterday has worked so far.

Can you help me to implement the routing?

Georg Pauwen · ‎01-16-2023

Hello,

sure thing. Post the configuration you currently have, a few things need to be adjusted...

alexander2003 · ‎01-16-2023

Thank you very much.

Attached is my current configuration:

hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ip domain lookup
ip dhcp excluded-address 10.60.1.1
ip dhcp excluded-address 10.127.1.1
ip dhcp excluded-address 10.128.1.1
ip dhcp excluded-address 10.42.1.1
!
ip dhcp pool dpool_IP_Device
network 10.60.0.0 255.255.254.0
default-router 10.60.1.1
domain-name network.intern
!
ip dhcp pool dpool_IP_Service
network 10.127.0.0 255.255.254.0
default-router 10.127.1.1
domain-name network.intern
!
ip dhcp pool dpool_Camera
network 10.128.1.0 255.255.255.128
default-router 10.128.1.1
domain-name network.intern
!
ip dhcp pool dpool_Guest
network 10.42.1.0 255.255.255.0
default-router 10.42.1.1
domain-name guest.intern
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
vlan 1034,1063,1184,2114
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description ISP 1 WAN INNONET
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description ISP 2 WAN Magenta
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 1
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 10.10.1.1 255.255.255.0
!
interface Vlan1034
ip address 10.60.1.1 255.255.254.0
!
interface Vlan1063
ip address 10.127.1.1 255.255.254.0
!
interface Vlan1184
ip address 10.128.1.1 255.255.255.128
!
interface Vlan2114
ip address 10.42.1.1 255.255.255.0
!
ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload
ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
ip tcp synwait-time 5
ip http server
ip http authentication local
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
ip sla schedule 2 life forever start-time now
!
access-list 101 permit ip 10.60.0.0 0.0.0.1 any
!
!
route-map ISP_1 permit 10
match ip address 101
match interface GigabitEthernet0/0/0
!
route-map ISP_2 permit 10
match ip address 101
match interface GigabitEthernet0/0/1
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
!
!
!
!
event manager applet ISP_1_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0"
action 4.0 cli command "ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
event manager applet ISP_1_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0"
action 4.0 cli command "no ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_UP
event track 2 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1"
action 4.0 cli command "ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_DOWN
event track 2 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1"
action 4.0 cli command "no ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload"
action 5.0 cli command "end"
action 6.0 cli command "clear ip nat translation *"
!
end

If you find any errors, please let me know.

Georg Pauwen · ‎01-16-2023

Hello,

in the previous post you mentioned Vlan 1,2,3,4...in your configuration, I see 5 (different) Vlans. Which Vlan should go through which primary ISP ?

alexander2003 · ‎01-16-2023

VLAN 1 was only for a test purpose, this is not used.

VLAN 1034: Primary WAN 1, Backup WAN 2
VLAN 1063: Primary WAN 2, Backup WAN 1
VLAN 1184: Primary WAN 2, Backup WAN 1
VLAN 2114: Primary WAN 1, Backup WAN 2

WAN1 = Innonet (Gig 0/0/0)

WAN2= Magenta (Gig 0/0/1)

Thank you for your help.

Georg Pauwen · ‎01-16-2023

Hello,

here is the revised config. 1034 and 1063 go through WAN1 as primary, the other two through the secondary.

hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
ip dhcp excluded-address 10.60.1.1
ip dhcp excluded-address 10.127.1.1
ip dhcp excluded-address 10.128.1.1
ip dhcp excluded-address 10.42.1.1
!
ip dhcp pool dpool_IP_Device
network 10.60.0.0 255.255.254.0
default-router 10.60.1.1
domain-name network.intern
!
ip dhcp pool dpool_IP_Service
network 10.127.0.0 255.255.254.0
default-router 10.127.1.1
domain-name network.intern
!
ip dhcp pool dpool_Camera
network 10.128.1.0 255.255.255.128
default-router 10.128.1.1
domain-name network.intern
!
ip dhcp pool dpool_Guest
network 10.42.1.0 255.255.255.0
default-router 10.42.1.1
domain-name guest.intern
!
subscriber templating
!
multilink bundle-name authenticated
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
vlan 1034,1063,1184,2114
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
interface GigabitEthernet0/0/0
description ISP 1 WAN INNONET
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description ISP 2 WAN Magenta
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 1
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 10.10.1.1 255.255.255.0
!
interface Vlan1034
ip address 10.60.1.1 255.255.254.0
ip nat inside
ip policy route-map TO_ISP_1_PBR
!
interface Vlan1063
ip address 10.127.1.1 255.255.254.0
ip nat inside
ip policy route-map TO_ISP_1_PBR
!
interface Vlan1184
ip address 10.128.1.1 255.255.255.128
ip nat inside
ip policy route-map TO_ISP_2_PBR
!
interface Vlan2114
ip address 10.42.1.1 255.255.255.0
ip nat inside
ip policy route-map TO_ISP_2_PBR
!
ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload
ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
ip tcp synwait-time 5
ip http server
ip http authentication local
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
ip sla schedule 2 life forever start-time now
!
access-list 101 permit ip 10.60.1.0.0 0.0.1.255 any
access-list 101 permit ip 10.127.1.0.0 0.0.1.255 any
access-list 101 permit ip 10.128.1.0.0 0.0.127.255 any
access-list 101 permit ip 10.42.1.0.0 0.0.127.255 any
!
access-list 102 permit ip 10.60.1.0.0 0.0.1.255 any
access-list 102 permit ip 10.127.1.0.0 0.0.1.255 any
!
access-list 103 permit ip 10.128.1.0.0 0.0.127.255 any
access-list 103 permit ip 10.42.1.0.0 0.0.127.255 any
!
route-map ISP_1 permit 10
match ip address 101
match interface GigabitEthernet0/0/0
!
route-map ISP_2 permit 10
match ip address 101
match interface GigabitEthernet0/0/1
!
route-map TO_ISP_1_PBR permit 10
match ip address 102
set interface GigabitEthernet0/0/0
!
route-map TO_ISP_1_PBR permit 20
!
route-map TO_ISP_2_PBR permit 10
match ip address 103
set interface GigabitEthernet0/0/1
!
route-map TO_ISP_2_PBR permit 20

control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
event manager applet ISP_1_UP
event track 1 state up
action 1.1 cli command "enable"
action 1.2 cli command "conf t"
action 1.3 cli command "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0"
action 1.4 cli command "ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload"
action 1.5 cli command "interface vlan1034"
action 1.6 cli command "ip policy route-map TO_ISP_1_PBR"
action 1.7 cli command "exit"
action 1.8 cli command "interface vlan1063"
action 1.9 cli command "ip policy route-map TO_ISP_1_PBR"
action 2.0 cli command "exit
action 2.1 cli command "end"
action 3.0 cli command "clear ip nat translation *"
!
event manager applet ISP_1_DOWN
event track 1 state down
action 1.1 cli command "enable"
action 1.2 cli command "conf t"
action 1.3 cli command "no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0"
action 1.4 cli command "no ip nat inside source route-map ISP_1 interface GigabitEthernet0/0/0 overload"
action 1.5 cli command "interface vlan1034"
action 1.6 cli command "no ip policy route-map TO_ISP_1_PBR"
action 1.7 cli command "exit"
action 1.8 cli command "interface vlan1063"
action 1.9 cli command "no ip policy route-map TO_ISP_1_PBR"
action 2.0 cli command "exit
action 2.1 cli command "end"
action 3.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_UP
event track 2 state up
action 1.1 cli command "enable"
action 1.2 cli command "conf t"
action 1.3 cli command "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1"
action 1.4 cli command "ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload"
action 1.5 cli command "interface vlan1184"
action 1.6 cli command "ip policy route-map TO_ISP_2_PBR"
action 1.7 cli command "exit"
action 1.8 cli command "interface vlan2114"
action 1.9 cli command "ip policy route-map TO_ISP_2_PBR"
action 2.0 cli command "exit
action 2.1 cli command "end"
action 3.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_DOWN
event track 2 state down
action 1.1 cli command "enable"
action 1.2 cli command "conf t"
action 1.3 cli command "no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1"
action 1.4 cli command "no ip nat inside source route-map ISP_2 interface GigabitEthernet0/0/1 overload"
action 1.5 cli command "interface vlan1034"
action 1.6 cli command "no ip policy route-map TO_ISP_2_PBR"
action 1.7 cli command "exit"
action 1.8 cli command "interface vlan1063"
action 1.9 cli command "no ip policy route-map TO_ISP_2_PBR"
action 2.0 cli command "exit
action 2.1 cli command "end"
action 3.0 cli command "clear ip nat translation *"
!
end