Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
3
Helpful
1
Replies

need help adding 2nd isp without mixing routing

JeromeBana
Level 1
Level 1

‎02-09-2018 06:44 AM - edited ‎03-05-2019 09:54 AM

Hi

  I'm rather new with cisco still, we have a catalyst 2960 that sit in front of our 2 Sophos Firewall in active/passive mode.

Currently our internet provider arrive on port 1 and the data is split into the 2 10g port each going to a firewall creating a lag (configured to use vlan96).I didn't do this, configuration look like this :

vlan internal allocation policy ascending

!

vlan 74

name VL-193-63-109-72-JN

!

vlan 96

name VL-194-195-187-JN

interface GigabitEthernet1/0/1

description ### Uplink to JANET ###

switchport access vlan 74

switchport mode access

interface TenGigabitEthernet1/0/1

description ### Uplink to FW-UTM-1 C2 ###

switchport mode trunk

channel-group 1 mode active

!

interface TenGigabitEthernet1/0/2

description ### Uplink to FW-UTM-2 C2 ###

switchport mode trunk

channel-group 1 mode active

!

interface Vlan1

no ip address

!

interface Vlan74

ip address 193.63.109.74 255.255.255.252

!

interface Vlan96

ip address 195.194.187.126 255.255.255.224

ip default-gateway 193.63.109.74

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 193.63.109.73

I have to migrate our connection and as of now i have managed to make it work but only connecting directly to a single firewall, which is not ideal.

We want to use this device in order to split the traffice for the new provider (EE) and all their traffic split between 47/48

our provider gave us 5.148.134.68/31, ip in 69 routing to 68, and a public range of 5.148.143.240/28.

I was going to configure the "in" like this :

vlan 69

name VL-5-148-134-69-EE

interface GigabitEthernet1/0/2

description ### Uplink to EE ###

switchport access vlan 69

switchport mode access

interface Vlan69

ip address 5.148.134.69 255.255.255.254

but for the connection to firewall can i do the same with trunk channel group(lag configured on the other side with different vlan, possibly 240) and having to "sacrifice" one of our public ip ?

It would seems more logical for me to have Tg1/2 being configured as access vlan 96, and 47/48 as access vlan 240.

should i remove the default-gateway and add a route for 5.148.134.68 or should i simply let the vlan speak and do the routing ?

Thanks for the help

Labels:
1 Reply 1

keglass
Level 7
Level 7

‎02-21-2018 02:58 PM

Jerome,

I recommend you also post this to the Cisco Support Community where other users can take a look at the logs you posted and provide feedback and troubleshooting suggestions.

LAN, Switching and Routing - Cisco Support Community

I hope this helps.

Kelli Glass

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card