Showing results for 
Search instead for 
Did you mean: 

need help adding 2nd isp without mixing routing


  I'm rather new with cisco still, we have a catalyst 2960 that sit in front of our 2 Sophos Firewall in active/passive mode.

Currently our internet provider arrive on port 1 and the data is split into the 2 10g port each going to a firewall creating a lag (configured to use vlan96).I didn't do this, configuration look like this :

vlan internal allocation policy ascending


vlan 74

name VL-193-63-109-72-JN


vlan 96

name VL-194-195-187-JN

interface GigabitEthernet1/0/1

description ### Uplink to JANET ###

switchport access vlan 74

switchport mode access

interface TenGigabitEthernet1/0/1

description ### Uplink to FW-UTM-1 C2 ###

switchport mode trunk

channel-group 1 mode active


interface TenGigabitEthernet1/0/2

description ### Uplink to FW-UTM-2 C2 ###

switchport mode trunk

channel-group 1 mode active


interface Vlan1

no ip address


interface Vlan74

ip address


interface Vlan96

ip address

ip default-gateway

no ip http server

no ip http secure-server


ip route

I have to migrate our connection and as of now i have managed to make it work but only connecting directly to a single firewall, which is not ideal.

We want to use this device in order to split the traffice for the new provider (EE) and all their traffic split between 47/48

our provider gave us, ip in 69 routing to 68, and a public range of

I was going to configure the "in" like this :

vlan 69

name VL-5-148-134-69-EE

interface GigabitEthernet1/0/2

description ### Uplink to EE ###

switchport access vlan 69

switchport mode access

interface Vlan69

ip address

but for the connection to firewall can i do the same with trunk channel group(lag configured on the other side with different vlan, possibly 240) and having to "sacrifice" one of our public ip ?

It would seems more logical for me to have Tg1/2 being configured as access vlan 96, and 47/48 as access vlan 240.

should i remove the default-gateway and add a route for or should i simply let the vlan speak and do the routing ?

Thanks for the help

Everyone's tags (3)
Rising star

Re: need help adding 2nd isp without mixing routing


I recommend you also post this to the Cisco Support Community where other users can take a look at the logs you posted and provide feedback and troubleshooting suggestions.

LAN, Switching and Routing - Cisco Support Community

I hope this helps.

Kelli Glass

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards