cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
0
Helpful
2
Replies

Internet Routing Design Need RIP?

snowmizer
Level 1
Level 1

We are switching to a new ISP. The ISP is providing us with two VLANs (20 and 30) on one optical line. VLAN 20 will be used to route our internal users to the Internet while VLAN 30 will be used to route replication traffic from our internal network to our disaster recovery site. The ISP only gave me IP 1.1.1.1 as the IP address to their router and 1.1.1.2 as the IP address to be used on my end as the next hop. We don't currently have a router in place and would like to use the 3560 routing capabilities to route this traffic. Here's a layout of our config:

                                                                           Internet

                                                                                |

                                                                                |

                                                                                |

                                                                   ISP Router (IP 1.1.1.1) -------------------------------------------------Disaster recovery site

                                                                                |

                                                                                |

                                                                                |

                                                            Catalyst 3560 switch (IP 1.1.1.2)

                                                                                |

                                                                                |

                                                                                |

                                                                           Firewall

                                                                                |

                                                                                |

                                                                                |

                                                                    Catalyst Switch

                                                                                |

                                                                                |

                                                                                |

                                                               Internal Network (VLAN 40)

Internally we use completely different VLANs. A couple of questions I've come up with: 1) How do I handle the fact that we use different internal VLANs than the VLANs provided by the ISP? Second, since I need to route two different VLANs over the one interface to our ISP I'm thinking I need to set up RIP to handle the routing. Is this correct or is there a better way to achieve what I'm after? Purchasing a router isn't an option.

Thanks.

2 Replies 2

daniel.dib
Level 7
Level 7

Either the ISP should provide L3 services for you and configure your VLANs on the router and your clients use that as default gateway or you have the gateway internally and only route through the ISP for external destinations.

This kind of looks like a stub network, if that is the case then you don't have much need for dynamic routing. Is this the entire network on your topology?

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

This is the flow of our network. One thing I didn't mention though is that the firewall is split into multiple contexts so each context will need to route accordingly. The IPs our current ISP gave us for our next hop is in our allocated public pool so that made the routing really simple on the firewall contexts (plus we don't have two separate VLANs to route over one line). Also, the clients on the internal network currently point their default gateway to an IP associated with VLAN 40 on the internal Catalyst switch prior to getting to the firewall. I don't have the inside or outside interfaces split into sub-interfaces with a VLAN assigned.

The problem I have now is that the two IPs (one for our end and the other for their end as the next hop) I've received from the new ISP aren't in the same pool of IPs they gave us for our websites and stuff. They haven't told me what IPs I need to use for each VLAN (20 and 30). I'm wondering if the IP 1.1.1.2 should be associated with VLAN 734. I think that if I had the appropriate IPs from the ISP and the DR site vendor for each VLAN all I would need to do is set up the VLANs on the 3560 and then set the port attached to fiber connection to the ISP to be a trunk port routing only these two VLANs? I would still need to split the outside interface on the firewall for each context into sub-interfaces so I can specify the VLANs and next hop addresses appropriately?

I'm still a bit fuzzy about what needs to be done to allow the appropriate traffic to route to the DR site. These devices also need access to the Internet for software updates and sending information back to the vendor but also need to send to VLAN 30 for replication purposes. Any guidance on this would be appreciated.

Forgive me if I seem like I'm not sure what I'm doing. Our network has been isolated to just this building and now I've got to venture into the world of WANs so this is new.


Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: