cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
852
Views
30
Helpful
9
Replies

Please advise how to manage this situation.

athan1234
Level 3
Level 3

Hi

Both two SW 9200 and two ISR Routers were acquired by my customer.

His strategy is to evenly distribute traffic between two lines from different internet service providers in order to relieve the current system's congestion.
There will be two lines: one for some data vlanes and the other for streaming traffic.

In the future the balancing will be for the firewall .There are a few things that I'm not sure how to achieve, but I need to implement this scenario in his electronic network.

I need to know if the connection between the 9200 switches and ISR's router is the proper.Connecting the provaider HGU in bridge mode against the ISR is the plan.

Regarding the configuration, I'm not sure.

How could I get the data traffic for some vlans to travel to router ISR 1 and the traffic streaming to router ISR 2?


The 9200 switches in stack I joined have been connected by fiber between SW 92100 1 against Nexux core 1 and the other 9200 Nexus core 2. it is proppper theses conexions ?

I provide the present settings here.

Forti (firewall) nexus infrastructure is not complete, I only to set up and focus in
The 9200 SW and ISR routerBIngo roma.png

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

If the SW9200 is stacked, the connection is ok.

you can achieve the goal you looking load split between ISP1 and ISP2

PBR and EEM ( also use IP sla to track the link)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

My provider has a PPOE connection, thus I'm thinking about how to set up the Cisco ISR router. I believe this guide is appropriate for this project.

https://www.cisco.com/c/en/us/td/docs/routers/ir910/software/release/1_0/configuration/guide/ir910scg/swpppoe.pdf 

My uncertainty is how to set up  the 9200 SW´s  and router´s ISR so that traffic for examples: vlans 128 and 130 goes to ISP 1 and vlans 131 and 132 goes to ISP 2.

 

 

The way to get traffic from vlans 128 and 130 to use ISP 1 and vlans 131 and 132 to use ISP 2 is to implement Policy Based Routing (as suggested by @balaji.bandi ). In the original post you mentioned that you want streaming traffic to use one ISP and other traffic to use the other ISP. PBR would be the way to do this. I am not clear how you would get both requirements to work (certain vlans to specific ISP, or streaming traffic to specific ISP). If you are not clear about how to implement PBR let us know and we can provide some suggestions.

HTH

Rick

There are many examples in the cisco community (also google and youtube can provide enough examples) to set up a PPPoE connection and do NAT.

Why I was suggesting that examples is end - as engineer you are the one who going to deploy and maintain, so you should also know how to troubleshoot, so its very good practice for hands-on.

 

My uncertainty is how to set up  the 9200 SW´s  and router´s ISR so that traffic for examples: vlans 128 and 130 goes to ISP 1 and vlans 131 and 132 goes to ISP 2.

 

As @Richard Burts mentioned, agreed here, you can use for PBR for certain VLAN to ISP1 and others  to ISP2

when did you mention Streaming? what kind of streaming? do you know the destination ? 

or any streaming sites ?  as per I know you can do based on QoS marking, this requires to test :

example :

access-list 100 permit IP  x.x.x.x  any dscp (value)  (based on the Streaming you looking to mark)

route-map PBR-STREAM

match ip address 100

set ip next-hop x.x.x.x  (ISP2 example)

 

also, suggest to read Cat 9200 when you deploy:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-9/configuration_guide/rtng/b_169_rtng_9200_cg/b_169_rtng_9200_cg_chapter_01001.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

Keep in mind  firewall performs level 3 in some vlanes and dhcp in others.(The plan is to isolate this firewall for the time being)

 

 

  • What is your opinion about configure the leve3 on the 9200 SW´s
  • How can I construct two static routes, one for ISP1 vlanes 128 and 130 and another for ISP2 vlan 132?

About streaming traffic :
A new  or two VLANes  camera system that would broadcast video in real time in response to heavy traffic

In the future, this traffic will travel through the firewall, balancing between all internet providers. Keep in mind that this solution is providing.

@balaji.bandi @MHM Cisco World  any recommendation ?

With the additional information you have given we can make some suggestions. Yes enabling ip routing on the 9200 switches would be the first step. You probably want to configure some dynamic routing protocol on the switches and the ISR routers (perhaps eigrp or ospf) to handle inter vlan routing, and routing for management vlan 5 and any other vlan not involved in PBR. You would configure PBR for vlans where you want to control which ISP they use.

My suggestions for PBR will deal with vlans 128 through 132. When you get to the streaming traffic you would use a similar approach. In your description there are some inconsistencies that we need to resolve. Your text describes vlan 129 but your diagram does not include 129. What would you want to do with this vlan? Also your text has an address for vlan 132 but there is no vlan statement for 132.

In configuring PBR the first step is to configure extended access lists (for this you will want 2 acl). I would suggest naming them ISP1 and ISP2 but you can use any name that you want. In the acl the first thing to do is to deny any vlan to vlan traffic, perhaps something like deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255. The next thing is that you identify the traffic that you want to control. In acl ISP1 something like permit ip 10.128.0.0 0.0.25.255 any and permit ip 10.130.0.0 0.0.255.255 any. And in acl ISP2 something like permit ip 10.131.0.0 0.0.25.255 any and permit ip 10.132.0.0 0.0.255.255 any.

The next step is to configure route maps (for this you will want 2 route maps). I would suggest naming them ISP1 and ISP2 but you can use any name that you want. Each route map will have a single match statement and a single set statement. The match statement will specify the appropriate acl and the set statement will specify the ip address of the appropriate sir router interface.

The final step is to apply the route map to the appropriate vlan interface using the ip policy route-map <name>

This will direct traffic from vlans 128 and 130 to ISP1 and vlans 131 and 132 to ISP2.

HTH

Rick

if you run NSK as vPC then no need for stack SW. 
you can direct connect NSK to ISR edge routers.

Review Cisco Networking for a $25 gift card