cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
866
Views
3
Helpful
1
Replies

need help adding 2nd isp without mixing routing

JeromeBana
Level 1
Level 1

Hi

  I'm rather new with cisco still, we have a catalyst 2960 that sit in front of our 2 Sophos Firewall in active/passive mode.

Currently our internet provider arrive on port 1 and the data is split into the 2 10g port each going to a firewall creating a lag (configured to use vlan96).I didn't do this, configuration look like this :

vlan internal allocation policy ascending

!

vlan 74

name VL-193-63-109-72-JN

!

vlan 96

name VL-194-195-187-JN

interface GigabitEthernet1/0/1

description ### Uplink to JANET ###

switchport access vlan 74

switchport mode access

interface TenGigabitEthernet1/0/1

description ### Uplink to FW-UTM-1 C2 ###

switchport mode trunk

channel-group 1 mode active

!

interface TenGigabitEthernet1/0/2

description ### Uplink to FW-UTM-2 C2 ###

switchport mode trunk

channel-group 1 mode active

!

interface Vlan1

no ip address

!

interface Vlan74

ip address 193.63.109.74 255.255.255.252

!

interface Vlan96

ip address 195.194.187.126 255.255.255.224

ip default-gateway 193.63.109.74

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 193.63.109.73

I have to migrate our connection and as of now i have managed to make it work but only connecting directly to a single firewall, which is not ideal.

We want to use this device in order to split the traffice for the new provider (EE) and all their traffic split between 47/48

our provider gave us 5.148.134.68/31, ip in 69 routing to 68, and a public range of 5.148.143.240/28.

I was going to configure the "in" like this :

vlan 69

name VL-5-148-134-69-EE

interface GigabitEthernet1/0/2

description ### Uplink to EE ###

switchport access vlan 69

switchport mode access

interface Vlan69

ip address 5.148.134.69 255.255.255.254

but for the connection to firewall can i do the same with trunk channel group(lag configured on the other side with different vlan, possibly 240) and having to "sacrifice" one of our public ip ?

It would seems more logical for me to have Tg1/2 being configured as access vlan 96, and 47/48 as access vlan 240.

should i remove the default-gateway and add a route for 5.148.134.68 or should i simply let the vlan speak and do the routing ?

Thanks for the help

1 Reply 1

keglass
Level 7
Level 7

Jerome,

I recommend you also post this to the Cisco Support Community where other users can take a look at the logs you posted and provide feedback and troubleshooting suggestions.

LAN, Switching and Routing - Cisco Support Community

I hope this helps.

Kelli Glass

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: