Solved: How to seperate traffic over 2 lines using 2811's

worthingtontech · ‎07-17-2012

Here is our setup:

We have 2 locations. They are connected by a T1 and a new 10 meg fiber connection. Location 1 is the main site. Location 2 gets it's internet, voip, and data over these lines. I have successfully split the traffic going from location 2 to location 1. Here is location 2's 2811 config:

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

description Interface for VLAN 1

encapsulation dot1Q 1 native

ip address 10.1.3.6 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.2

description Interface for VLAN 2

encapsulation dot1Q 2

ip address 192.168.30.5 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.4

description Interface for VLAN 4

encapsulation dot1Q 4

ip address 10.10.11.1 255.255.255.0

no snmp trap link-status

!

interface Serial0/0/0

bandwidth 1540

ip address 10.10.3.1 255.255.255.252

encapsulation ppp

tx-ring-limit 26

tx-queue-limit 26

no keepalive

no fair-queue

service-module t1 timeslots 1-24

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.11.2

ip route 10.1.1.0 255.255.255.0 10.10.3.2

ip route 10.1.2.0 255.255.255.0 10.10.3.2

ip route 192.168.20.0 255.255.255.0 10.10.3.2

ip route 192.168.254.0 255.255.255.0 10.10.3.2

So all internal traffic is going over the T1 (10,10.3.2) and all internet by default is going over the Fiber line (10.10.11.2) The question that I have is related to Site 1. Going back over to Site 2, I want to do the same thing. I want all internal data (10.1.3.0, VOIP etc) to go over the T1, and I want internet traffic to go over the Fiber line (10.10.11.1) Here are the routes for Site 1:

ip classless
ip route 0.0.0.0 0.0.0.0 10.1.2.1
ip route 10.1.1.0 255.255.255.0 10.10.1.1
ip route 10.1.3.0 255.255.255.0 10.10.11.1
ip route 192.168.20.0 255.255.255.0 Serial0/0/0
ip route 192.168.30.0 255.255.255.0 10.10.11.1

With this current setup, all traffic, internet and data are going over the fiber line (10.10.11.1) There must be a way to direct all data over the T1 (10.10.3.2) and have all internet traffic go back over the fiber line (10.10.11.1). So that is the question, how can this be accomplished.

Here are the networks involved:

10.1.2.0 and 192.168.254.0 are Site 1

10.1.3.0 and 192.168.30.0 are Site 2

There is a site 3 that I will eventually clone this model after, as soon as I can get it working. Thanks for any assistance that is out there and please let me know if there are any questions!

cadet alain · ‎07-19-2012

Hi,

yes this was what I was referring to.

ok so can you post a traceroute output for both destinations( data and internet) from the router and from a host.

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎07-18-2012

Hi,

can you post output of sh ip int br and sh ip route on site1.

Regards.

Alain.

Don't forget to rate helpful posts.

worthingtontech · ‎07-18-2012

Thank you for the reply Alain. Here is the information you requested:

sh ip int br:

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES NVRAM up up

FastEthernet0/0.1 10.1.2.3 YES NVRAM up up

FastEthernet0/0.2 192.168.254.5 YES NVRAM up up

FastEthernet0/0.3 unassigned YES NVRAM deleted down

FastEthernet0/0.4 10.10.11.2 YES manual up up

FastEthernet0/1 10.10.20.1 YES NVRAM up up

Serial0/0/0 10.10.1.2 YES NVRAM up up

Serial0/1/0 10.10.3.2 YES NVRAM up up

Serial0/2/0 unassigned YES NVRAM administratively down down

The FE0/0.3 and Serial0/2/0 are not in use.

sh ip route:

Gateway of last resort is 10.1.2.1 to network 0.0.0.0

     192.168.62.0/32 is subnetted, 1 subnets
S       192.168.62.1 [1/0] via 10.10.20.2
S    192.168.30.0/24 [1/0] via 10.10.11.1
S    192.168.20.0/24 is directly connected, Serial0/0/0
     10.0.0.0/8 is variably subnetted, 10 subnets, 3 masks
C       10.10.1.1/32 is directly connected, Serial0/0/0
C       10.10.1.0/30 is directly connected, Serial0/0/0
C       10.10.3.1/32 is directly connected, Serial0/1/0
C       10.10.3.0/30 is directly connected, Serial0/1/0
S       10.1.3.0/24 [1/0] via 10.10.11.1
C       10.1.2.0/24 is directly connected, FastEthernet0/0.1
S       10.1.1.0/24 [1/0] via 10.10.1.1
C       10.10.11.0/24 is directly connected, FastEthernet0/0.4
C       10.10.20.0/30 is directly connected, FastEthernet0/1
S       10.76.0.0/30 [1/0] via 10.10.20.2
C    192.168.254.0/24 is directly connected, FastEthernet0/0.2
S    192.168.220.0/24 [1/0] via 10.10.20.2
S*   0.0.0.0/0 [1/0] via 10.1.2.1

10.1.2.1 is our Firewall at Site 1. Let me know if there is more information needed. Thank you.

cadet alain · ‎07-18-2012

Hi,

Are you using any Policy-based routing on this router? sh run | s route-map

Regards.

Alain.

Don't forget to rate helpful posts.

worthingtontech · ‎07-18-2012

Currently, I don't believe we are. I ran the command above and there was no output. In looking at this article, I think this is what you are referring to, correct? http://fengnet.com/book/cisco.ios.cookbook.2nd/I_0596527225_CHP_5_SECT_8.html

cadet alain · ‎07-19-2012

Hi,

yes this was what I was referring to.

ok so can you post a traceroute output for both destinations( data and internet) from the router and from a host.

Regards.

Alain.

Don't forget to rate helpful posts.

worthingtontech · ‎07-19-2012

Here are the 2 site networks: 10.1.2.1 (Site 1) 10.1.3.6 (Site 2)

Trace from Site 2 to Site 1 Data

Tracing the route to 10.1.2.71

1 10.10.3.2 8 msec 4 msec 8 msec

2 10.1.2.71 4 msec 8 msec 4 msec

Trace from Site 2 to Site 1 Internet

Tracing the route to 173.194.73.106 (google)

1 10.10.11.2 4 msec 4 msec 0 msec

So data is going from site 2 to site 1 over the T1 (10.10.3.2) and internet is going over the Fiber line (10.10.11.2)

Trace from Site 1 to Site 2 Data

Tracing the route to 10.1.3.6

1 10.10.11.1 0 msec * 0 msec

Trace from Site 1 to Site 2 Internet

Tracing route to google.com [74.125.225.46]

over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 10.1.2.3

So data is going from site 1 to site 2 over the fiber, and Site 1 internet (which is the main site for the fiber) goes out over a different fiber line (10.1.2.3 is our firewall). If I route all the data for the internal networks over the T1, the internet download at Site 2 becomes 1.5 meg, the T1 speed. So there is my dilemma. I need to get data going back over the T1 to site 2 but I need the internet for Site 2 to go back over the Fiber line. I hope that makes sense. Thanks!

cadet alain · ‎07-23-2012

Hi,

can you post a diagram along with configs from both sites.

Regards.

Alain.

Don't forget to rate helpful posts.

worthingtontech · ‎07-23-2012

Thank you very much for taking an interest in this Alain. Here is the requested information. (I am aware there are some extraneous lines in the routers...we are eventually switching our 2811's to 2911's):

Site 1 config:

class-map match-any AutoQoS-VoIP-Remark

match ip dscp ef

match ip dscp cs3

match ip dscp af31

class-map match-any AutoQoS-VoIP-Control-UnTrust

match access-group name AutoQoS-VoIP-Control

class-map match-any AutoQoS-VoIP-RTP-UnTrust

match protocol rtp audio

match access-group name AutoQoS-VoIP-RTCP

!

policy-map AutoQoS-Policy-UnTrust

class AutoQoS-VoIP-RTP-UnTrust

priority percent 70

set dscp ef

class AutoQoS-VoIP-Control-UnTrust

bandwidth percent 5

set dscp af31

class AutoQoS-VoIP-Remark

set dscp default

class class-default

fair-queue

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

description Interface for VLAN 1

encapsulation dot1Q 1 native

ip address 10.1.2.3 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.2

description Interface for VLAN 2

encapsulation dot1Q 2

ip address 192.168.254.5 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/0.4

description Interface for VLAN 4

encapsulation dot1Q 4

ip address 10.10.11.2 255.255.255.0

no snmp trap link-status

!

interface FastEthernet0/1

description connection to CML router

ip address 10.10.20.1 255.255.255.252

duplex auto

speed auto

!

interface Serial0/0/0

bandwidth 1540

ip address 10.10.1.2 255.255.255.252

ip nbar protocol-discovery

encapsulation ppp

auto qos voip

service-module t1 clock source internal

service-module t1 timeslots 1-24

ppp authentication chap

service-policy output AutoQoS-Policy-UnTrust

!

interface Serial0/1/0

bandwidth 1540

ip address 10.10.3.2 255.255.255.252

encapsulation ppp

tx-ring-limit 26

tx-queue-limit 26

auto qos voip

no keepalive

service-module t1 clock source internal

service-module t1 timeslots 1-24

!

interface Serial0/2/0

no ip address

encapsulation ppp

shutdown

tx-ring-limit 26

tx-queue-limit 26

no keepalive

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.2.1

ip route 10.1.3.0 255.255.255.0 10.10.11.1

ip route 192.168.30.0 255.255.255.0 10.10.11.1

!

ip http server

ip http authentication local

no ip http secure-server

!

ip access-list extended AutoQoS-VoIP-Control

permit tcp any any eq 1720

permit tcp any any range 11000 11999

permit udp any any eq 2427

permit tcp any any eq 2428

permit tcp any any range 2000 2002

permit udp any any eq 1719

permit udp any any eq 5060

ip access-list extended AutoQoS-VoIP-RTCP

permit udp any any range 16384 32767

Site 2 config:

class-map match-any AutoQoS-VoIP-Remark
match ip dscp ef
match ip dscp cs3
match ip dscp af31
class-map match-any AutoQoS-VoIP-Control-UnTrust
match access-group name AutoQoS-VoIP-Control
class-map match-any AutoQoS-VoIP-RTP-UnTrust
match protocol rtp audio
match access-group name AutoQoS-VoIP-RTCP
!
!
policy-map AutoQoS-Policy-UnTrust
class AutoQoS-VoIP-RTP-UnTrust
priority percent 70
set dscp ef
class AutoQoS-VoIP-Control-UnTrust
bandwidth percent 5
set dscp af31
class AutoQoS-VoIP-Remark
set dscp default
class class-default
fair-queue
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
description Interface for VLAN 1
encapsulation dot1Q 1 native
ip address 10.1.3.6 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.2
description Interface for VLAN 2
encapsulation dot1Q 2
ip address 192.168.30.5 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.4
description Interface for VLAN 4
encapsulation dot1Q 4
ip address 10.10.11.1 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/1
no ip address
duplex full
speed 100
!
interface Serial0/0/0
bandwidth 1540
ip address 10.10.3.1 255.255.255.252
encapsulation ppp
tx-ring-limit 26
tx-queue-limit 26
no keepalive
no fair-queue
service-module t1 timeslots 1-24
!
interface Serial0/1/0
no ip address
encapsulation ppp
shutdown
tx-ring-limit 26
tx-queue-limit 26
no keepalive
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.11.2

ip route 10.1.2.0 255.255.255.0 10.10.3.2
ip route 192.168.254.0 255.255.255.0 10.10.3.2

cadet alain · ‎07-23-2012

Hi Darren,

I won't have the time to look at your configs today but I'll do it tomorrow but maybe someone else will already have found the solution in the meantime.

Regards.

Alain.

Don't forget to rate helpful posts.

worthingtontech · ‎07-31-2012

Hi Alain,

I was just wondering if you had a chance to look this over. I'm going to start researching and working on the PBR solution with access list, but any assistance you can provide would be much appreciated. Thanks!

cadet alain · ‎07-31-2012

Hi,

not yet unfortunately, I'm very busy for the time being and I only spend a few time on CSC forums these days but normally I should have more time tomorrow. But if it's not working with the static routes then why should it work with PBR and anyway

PBR is for src-dst routing but this is not your case, what you want to achieve is assymetric routing( data coming on one link go back on another) ?

Regards.

Alain

Don't forget to rate helpful posts.

worthingtontech · ‎08-22-2012

After working with Cisco, I was able to get the correct routing statements. It was PBR, with a routing map that made the next hop the T1. If anyone wants the appropriate lines of code, let me know. Thanks! And thank you very much cadet alain. I appreciate the time you spent in this thread and pointing me in the right direction.