Hi Miloud,

config below: I'm stuck with the nat part.

### LAN in
!
interface FastEthernet0/0.300
 description ADMIN
 encapsulation dot1Q 300
 ip address 192.168.0.10 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.200
 description USERS
 encapsulation dot1Q 200
 ip address 172.16.0.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.100
 description Mgmt
 encapsulation dot1Q 100
 ip address 10.10.0.1 255.255.255.0
!
### WAN out

!
interface FastEthernet0/0.10
 description ISP1
 encapsulation dot1Q 10
 ip address dhcp
 ip nat outside
!
interface FastEthernet0/0.20
 description ISP2
 encapsulation dot1Q 20
 ip address dhcp
 ip nat outside
!
interface FastEthernet0/0.30
 description ISP3
 encapsulation dot1Q 30
 ip address dhcp
 ip nat outside
!
interface FastEthernet0/0.40
 description ISP4
 encapsulation dot1Q 40
 ip address dhcp
 ip nat outside

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.254
ip route 0.0.0.0 0.0.0.0 192.168.20.254
ip route 0.0.0.0 0.0.0.0 192.168.30.254
ip route 0.0.0.0 0.0.0.0 192.168.40.254

Hi,

I am sure others might have otehr options. But 2 options that quickly popped are below:

1. Use PBR to set 2 of those SP as nexthop/egres interface and apply to USER LAN and leave ADMIN LAN as it is.

2. Use VRFLite - Create a new VRF and move USER LAN to the VRF and leak 2 of the SP default routes to this new VRF and leave ADMIN LAN in global.

-Nagendra

Hi Nagendra,

Can you show me an example cos I'm not familiar with PBR and VRF Lite

TA

Hi,

For PBR,

interface FastEthernet0/0.200

 description USERS

 encapsulation dot1Q 200

 ip address 172.16.0.1 255.255.255.0

 ip nat inside

 ip policy route-map PBR

access-list 2 permit 172.16.0.0 0.0.0.255

route-map PBR permit 10

match ip address 2

set ip next-hot ISP2 ISP3

For VRFLite

ip vrf USERS

interface FastEthernet0/0.200

ip vrf forwarding USERS

ip route vrf USERS 0.0.0.0 0.0.0.0 192.168.20.254

ip route vrf USERS 0.0.0.0 0.0.0.0 192.168.30.254

-miloud griris