Solved: Can i set up a WAN connection on a VLAN?

buzzhani1 · ‎09-03-2015

Hello,

I'm trying to set up NAT load balancing with two ISPs on my 1941 router but the router has only two WAN ports and 4 EHWIC ports (which are basically switch ports). One of the WAN ports is currently being used for the LAN SIDE and the other WAN port is for the the first ISP. My question is:

Can i create a VLAN on one of the EHWIC ports and configure for my second ISP? (i.e assign an ip address to it, set up nat etc.) as i have done on the WAN port for the first ISP? If so, how exactly?

Thanks.

Martin Hruby · ‎09-10-2015

Hello

I checked your configuration.
Your static route configuration looks ok.
In your NAT configuration I would remove the following:

ip nat source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.0.0 0.0.255.255

Just use the ZRack pool to translate IPs from range 192.168.0.0/24, and use the route-maps ISP1/ISP2 to translate IPs from range 192.168.1.0/24 to the outgoing interface IP.

Also, the route-map DEFAULT-ROUTE-POLICY is undefined so I would get rid of

ip local policy route-map DEFAULT-ROUTE-POLICY

Please test it let us know.

Best regards,
Martin

View solution in original post

Martin Hruby · ‎09-04-2015

Hello

You can assign your switch-ports (on your e.g. HWIC-4ESW card) on the router into VLANs and then create a Switched Virtual Interface (SVI) on the router to act as a default gateway thereby placing clients into different VLANs. For example:

interface FastEthernet0/0/0
description Link to Host A in VLAN 100
switchport access vlan 100
spanning-tree portfast

interface FastEthernet0/0/1
description Link to Host B in VLAN 115
switchport access vlan 115
spanning-tree portfast

interface Vlan100
ip address 10.100.0.1 255.255.255.0

interface Vlan115
ip address 10.115.0.1 255.255.255.0

You can then configure IP NAT inside on the (SVI) interface Vlan and create NAT translation rules as you wish.

Best regards,
Martin

buzzhani1 · ‎09-04-2015

Thanks. That seems pretty straightforward but i have a couple of questions:

1. The NAT configuration would be done on the Vlan interface and not on the FastEthernet Interface right? and would ip nat outside work?

2. From my end, the interface GigabitEthernet0/0/0 returns the following from a show run command:

interface GigabitEthernet0/0/0

switchport access vlan 2

no ip address

It shows no ip address . Is this normal? Because vlan 2 has been assigned an IP as shown from show run command.

interface vlan 2

ip address 197.242.249.18 255.255.255.248

Also spanning-tree portfast returns the following warning. I don't really understand this. Can you kindly explain?

portfast should only be enabled on ports connected to a single host.

Connecting hubs, concentrators, switches, bridges, etc.to this interface

when portfast is enabled, can cause temporary spanning tree loops.

Use with CAUTION

%Portfast has been configured on GigabitEthernet0/0/0 but will only

have effect when the interface is in a non-trunking mode.

Martin Hruby · ‎09-04-2015

Hello

Yes, the NAT configuration would be applied on the SVI which has an IP address, rather than on Gig0/0/0 which is just a switchport. Any NAT configuration that you normally use will also work under an SVI.

It's normal that Gig0/0/0 shows no IP address, in fact you cannot assign an IP address to it because it's just a switchport of your HWIC card.

The spanning-tree warning is nothing to be worried about, it just means that it will only have effect on ports which don't connect to switches or other devices that might cause switching loops to occur. In your case if you're connecting PCs to the switchports, it's safe to use it and you save time on STP convergence because the port doesn't have to cycle through all the STP states.

Best regards,
Martin

buzzhani1 · ‎09-04-2015

Okay Thank you.

buzzhani1 · ‎09-10-2015

I implemented it and it works for the most part BUT having a bit of an issue. When the primary ISP goes down, the router changes the gateway correctly to the back up ISP BUT i still don't have access to the internet. I've attached my config. Please any ideas on why this could be happening?

Thanks.

Martin Hruby · ‎09-10-2015

Hello

I checked your configuration.
Your static route configuration looks ok.
In your NAT configuration I would remove the following:

ip nat source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.0.0 0.0.255.255

Just use the ZRack pool to translate IPs from range 192.168.0.0/24, and use the route-maps ISP1/ISP2 to translate IPs from range 192.168.1.0/24 to the outgoing interface IP.

Also, the route-map DEFAULT-ROUTE-POLICY is undefined so I would get rid of

ip local policy route-map DEFAULT-ROUTE-POLICY

Please test it let us know.

Best regards,
Martin

buzzhani1 · ‎09-11-2015

That did it!.. It works well. Words can't express my gratitude. Been on this for a long time. Thanks a whole lot.