ok, Reza. One router is fine

mquevedob · ‎12-18-2014

Hi all,

Right now I have a cisco router 1921 with GigabitEthernet0/0 as LAN interface and GigabitEthernet0/1 as WAN interface

This router has en expansion board with 4 additional interfaces.

Is it possible to use one of these interfaces in the expansion board to connect a second WAN connection and route certian VLANs so that they use internet from this additional WAN interface?

regards,

Martin

Justin Pederson · ‎12-18-2014

What kind of expansion board is it?

mquevedob · ‎12-18-2014

Hi Reza, I do have 2 WAN connections. My ISP provider has given me 2 different fiber optics cables, each with a different internet access.

Justin, expansion board says "EHWIC-4ESG". Hope that means something...

Reza Sharifi · ‎12-18-2014

Hi,

Ok, so since you have 2 providers than it will work fine

EHWIC-4ESG is a 4 port Gig Ethernet switch.

The only issue with your design is that if you loose the 1921 router, you lose both ISP connections. A better design would be to use 2 routers one to each provider. This way if one router fails you still have a second one that connects to the second provider.

HTH

mquevedob · ‎12-18-2014

ok, Reza. One router is fine for me for now.

how should i configure my router in order to allow certain VLANs to use the 2nd WAN connection?

my current router configuration is the following

Current configuration : 3455 bytes
!
! Last configuration change at 21:49:31 UTC Tue Dec 16 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hrc_r01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.7.1 10.10.7.10
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN7
network 10.10.7.0 255.255.255.0
default-router 10.10.7.1
dns-server 10.10.7.1
!
ip dhcp pool VLAN3
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.1
!
!
!
ip domain name hrc.com.py
ip name-server 190.104.163.57
ip name-server 200.3.250.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL1834240J
!
!
username xxxxxxxx privilege 15 password 0 xxxxxxxx
!
redundancy
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description LAN
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.7
encapsulation dot1Q 7
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.8
encapsulation dot1Q 8
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.9
encapsulation dot1Q 9
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description WAN
ip address xxx.xxx.xxx.166 255.255.255.252
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.3.150 8181 interface GigabitEthernet0/1 8181
ip nat inside source static tcp 192.168.3.151 8282 interface GigabitEthernet0/1 8282
ip nat inside source static tcp 192.168.3.152 8383 interface GigabitEthernet0/1 8383
ip nat inside source static tcp 192.168.3.150 9000 interface GigabitEthernet0/1 9000
ip nat inside source static tcp 192.168.3.151 10000 interface GigabitEthernet0/1 10000
ip nat inside source static tcp 192.168.3.152 11000 interface GigabitEthernet0/1 11000
ip nat inside source static tcp 192.168.3.150 18004 interface GigabitEthernet0/1 18004
ip nat inside source static tcp 192.168.3.151 19004 interface GigabitEthernet0/1 19004
ip nat inside source static tcp 192.168.3.152 20004 interface GigabitEthernet0/1 20004
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.165
!
access-list 1 permit 10.10.7.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input all
line vty 5 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end

Reza Sharifi · ‎12-18-2014

If you want to do that than you need to use PBR.

see link with example and diagram:

http://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/48003-pbrtracking.html

HTH

mquevedob · ‎12-18-2014

hi Reza,

thanks for the link.

If I am not wrong, PBR is used in case you want to route traffic to a working WAN connection. If PBR detects the connection is down, it will only route traffic to the other WAN.

What I need though is to route Internet traffic from VLAN 2, 3 to WAN from ISP1 and VLAN 7 and 8 to WAN from ISP2. In other words, depending on the VLAN.

Reza Sharifi · ‎12-18-2014

Hi,

Only if you have a 2 WAN connections.

HTH

Cisco Router 1921 with two WAN interfaces