HELP: T1 + Cable Config

L

Loneregister

n00b
Joined
Aug 10, 2004
Messages
61
Ok -
I have a T1 coming into the house, and then Cable also.

I have a Cisco 1700 with a T1 card (S0), an Ethernet Card (E0) and of course, the fast ethernet interface (F0) which my linksys is hooked up to.

Right now, my Linksys is set to a static IP owned by the T1 provider. and ALL network traffic goes out the t1 line.

I'd like to set this up so that I can split the network stuff.

Ideally - I'd like to add the two together. Can that be done?

If not, can I split the two via IP routes?

I think the main problem is that the cable modem network will kill any IP traffic not from it's own IP route specifically. so - how do I get sneaky to get past this?


thanks!

p.s. I cannot configure anything beyond my router for the Cable side.
I can configure both of my T1 routers (i.e. both routers on both ends of the T1).
 
You can't do CEF like that. To do CEF both of his connections need to terminate on the same network on the far side.

You can do connection-based load balancing with your setup. Just set two default routes for 0.0.0.0 in the Cisco and it should load-balance connections for you.
 
last i checked, the twin-WAN (ethernet) routers dont do T1. as T1 comes in on something other than RJ45 (i have no clue what, tho)
 
Load balancing will work with the two internet connections. But not in the fashion that you are trying to go about it. The reason being is that, in order to route packets the router has to have routes for the two internet connections. In order to get the routes for both internet connections you have to run BGP (Border Gateway Protocol). The ISP that the T1 comes from may be fine with setting up BGP for you. But on the side of the cable they may not, because cable is mainly a consumer and or small business connection not meant for the riggers of being hooked into a multihomed network. Also many ISPs that offer cable connections do not want to play BGP at all because of the way that their infastucture is setup and the fact that BGP uses a /24 mask, which gives you 254 address off the bat to play with and in their eyes that is a giant loss. My only suggestion, is that if you really need the load balancing is that you look into to getting a second T1 and a bigger router that can handle the demands of BGP. Other than that the two networks will only be able to remain seperate and no load balancing will be possible.
 
You don't have to use BGP to load balance. You can, but you don't have to. Just setting up two default routes of 0.0.0.0 will tell the router it can use either connection when doing a connection. Unlike BGP, it won't choose the BEST route to get there it will just do round robin load balancing.
 
omega-x said:
last i checked, the twin-WAN (ethernet) routers dont do T1. as T1 comes in on something other than RJ45 (i have no clue what, tho)
Click to expand...

A T1 comes in via RJ45. He already said his router has a T1 card so he's fine there. He can use an Ethernet port to connect to cable for the other connect.
 
Ok - wow - lots of suggestions.

Let me run down the list.

I have two connections for several reasons.

1) I want SPEED!!! mwahahahahah
2) I am researching ways to make our store location connections more robust with multiple connections. At home, I can play as much as I like without taking a branch down and loosing sales.
3) The reason that I have a T1, is for data security, and speed. It's connected directly to our colocation cabinet so confidential data is a straight shot. No public network used. Also, when shooting data back and forth, the 256mb (and now even 512mb/s) limits were causing multi hour waits on my side. :(
4) I have the cable as a remnant of my previous network connect. Prior to disco-ing it, I want to play a bit and see what I can roll up.

Yes- lucky me! :)

Ok - I have put in two default routes and it appears that the T1 plays ok - but the cable side does not. I can ping and trace from the 1700 just fine. But, when I attempt to get network connect via my computer - blah! nothing. I think it has to do with the fact that my computer and linksys use a public IP address that is NOT part of the 1 IP that I get from cox - hence it thinks spoofed and just kills it.

So - I have to think of another way to roll this. Probably NAT? Right? Do I configure the S0 (T1) and E0 (Cable) with public IP's? How about the F0 (LAN enet)?

How do I go about this?

I know a bit about cisco configs, but it is a bit murky to me. So - any helping hands and guiding info would really be appreciated. For example, I know I have 12.2 IOS - but it appears that there are different "flavors" of that IOS? I don't even know how to check that out? Does it matter?

assuming that the cable network is on 68.x.x.1 and the T1 network is on 215.x.x.1 how do I go about making this whole thing transparent so that both networks with route packets sent via their prospective interfaces without "killing" them?

It seems pretty complex- but I am kinda jazzed to be noodling out the solution. heh.. Just call me a geek!

Kevin
 
NAT on IOS is not to hard. It can just be real picky. Here is the basic commands to get it to run.

On the outside interfaces you want to use the ip nat outside command. On the inside you want to use the ip nat inside command. Then at the global config level you want to enter the ip nat inside source list 102 interface Ethernet1 overload and a similar list for the other connection to. Then you have to define an ACL like this one access-list 102 permit ip 10.10.10.0 0.0.0.255 any. This lets all the traffic from the inside out and tells the router to translate it. Now if you want to run servers or have ports open to you rmachine, you will have to enter a command like this one ip nat inside source static tcp x.x.x.x 21 interface Ethernet1 21. This will create a static mapping for that port. The only downfall i find in doing this is that you can only open that one port to that machine. That is a very basic IOS NAT configuration. If you want to try more complex stuff you can visit this page http://www.cisco.com/en/US/tech/tk648/tk361/tk438/tech_protocol_home.html . Which has a ton of documentaion on NAT and implmenting it on IOS.

NetJunkie, I don't think that would work, mainly because of the way that the 0.0.0.0 works. When you do the ip route it only alows you to specify one next hop adderess or interface as far as I know. That and even if he was able to create two of them for each interface the hosts would only use one or the other based on their defualt gateway. Which would then require two internal networks also. There may be away to do what he wants to, but I have yet to see any guides or documentation on how it is done, or if it even works. Although the NAT may do the trick. But we will have to see.
 
Loneregister said:
Ok - wow - lots of suggestions.

Let me run down the list.

I have two connections for several reasons.

1) I want SPEED!!! mwahahahahah
2) I am researching ways to make our store location connections more robust with multiple connections. At home, I can play as much as I like without taking a branch down and loosing sales.
3) The reason that I have a T1, is for data security, and speed. It's connected directly to our colocation cabinet so confidential data is a straight shot. No public network used. Also, when shooting data back and forth, the 256mb (and now even 512mb/s) limits were causing multi hour waits on my side. :(
4) I have the cable as a remnant of my previous network connect. Prior to disco-ing it, I want to play a bit and see what I can roll up.

Yes- lucky me! :)

Ok - I have put in two default routes and it appears that the T1 plays ok - but the cable side does not. I can ping and trace from the 1700 just fine. But, when I attempt to get network connect via my computer - blah! nothing. I think it has to do with the fact that my computer and linksys use a public IP address that is NOT part of the 1 IP that I get from cox - hence it thinks spoofed and just kills it.

So - I have to think of another way to roll this. Probably NAT? Right? Do I configure the S0 (T1) and E0 (Cable) with public IP's? How about the F0 (LAN enet)?

How do I go about this?

I know a bit about cisco configs, but it is a bit murky to me. So - any helping hands and guiding info would really be appreciated. For example, I know I have 12.2 IOS - but it appears that there are different "flavors" of that IOS? I don't even know how to check that out? Does it matter?

assuming that the cable network is on 68.x.x.1 and the T1 network is on 215.x.x.1 how do I go about making this whole thing transparent so that both networks with route packets sent via their prospective interfaces without "killing" them?

It seems pretty complex- but I am kinda jazzed to be noodling out the solution. heh.. Just call me a geek!

Kevin
Click to expand...


more power to you. it seems like you got the money to have both so things must be going for you :p
 
Well - lets just put it this way - I work a lot of hours to keep our company moving in the right direction. No one's fault but mine- but it's a passion and I love computers. So I get the best of both worlds with my job.

I get to geek out on whatever I think can make our company more competitive and profitable, but, I also get to work, long long hours doing it. All in all, a great deal! :)

I'll get back with you all when I get a moment to do the changeover to NAT.
 
Here's my attempt at getting the split to work - yet I cannot get anything to go out via the cable side.

in order to keep a firewall up - my computers in the office are plugged into a Linksys BEFVP41 (NAT with DHCP) and then that is plugged into the Cisco.

am I missing something? is a NAT behind a NAT a problem? 192.168.10.x -> linksys with a WAN address of 192.168.200.244 -> Cisco with a gateway address of 192.168.200.254 -> and then out some interface?

interface Ethernet0
ip address x.x.x.161 255.255.255.192
ip nat outside
full-duplex
!
interface FastEthernet0
ip address y.y.173.9 255.255.255.252 secondary
ip address 192.168.200.254 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
bandwidth 1500
ip address z.z.z.210 255.255.255.252
ip nat outside
down-when-looped
!
ip nat inside source list 102 interface FastEthernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route y.y.173.10 255.255.255.255 FastEthernet0
ip route y.y.175.0 255.255.255.0 Serial0
no ip http server
!
access-list 100 permit ip host y.y.173.2 any
access-list 100 deny tcp any any eq 139
access-list 100 deny tcp any any eq 445
access-list 100 deny tcp any any eq 3389
access-list 100 deny udp any any eq netbios-ns
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq 445
access-list 100 deny udp any any eq 1900
access-list 100 deny tcp any any eq ftp
access-list 100 deny tcp any any eq smtp
access-list 100 deny tcp any any eq 42
access-list 100 deny tcp any any eq nntp
access-list 100 deny tcp any any eq 389
access-list 100 deny udp any any eq nameserver
access-list 100 deny udp any any eq domain
access-list 100 deny udp any any eq 88
access-list 100 deny udp any any eq 135
access-list 100 deny udp any any eq 1434
access-list 100 permit ip any any
access-list 102 permit ip 192.168.200.0 0.0.0.255 any
!
 
strangely enough - the NAT, NAT solution works behind the T1.

Just not out the cable side.

I can ping via the cable side on the Cisco. But not on my local computers.

I can ping via the T1 side on the Cisco, and I can ping via the T1 on my local computers.

However - that's with manually shutting down the Cable interface (E0) or the T1 (S0) and changing the ip route to:

ip route 0.0.0.0 0.0.0.0 S0 (when the S0(T1) is no shut)
ip route 0.0.0.0 0.0.0.0 E0 (when the E0(cable) is no shut)

whew...
 
Wow.

What an adventure in Cisco networking.

It appears that I have the system working - except that my cox throughput at this time SUCKS! at about 154kbits/sec. BARF!

Anyway - I think it's a hardware issue and I'll have to call cox business on monday to get them to do a reset/look at the account. Ah well.

However, I put in two default routes,

ip route 0.0.0.0 0.0.0.0 s0
ip route 0.0.0.0 0.0.0.0 e0

and it appears that when I take the cable down - it works and switches everything over to the S0 (t1) connection.

Much thanks for tormentor that helped me to debug this thing.

However - I still have one problem - it appears to NOT do NAT properly on two routes at the same time.

How can I get it to do NAT based on the output interface IP and NOT the input ip.

So that if 192.168.100.x goes out the S0 interface, it will NAT to that IP on the S0 interface.

And when 192.168.100.x goes out the E0 interface, it will NAT to that interfaces IP on E0?
 
I also learned some stuff about BGP. Which would let me do what I wanted, with some very large caveats.

1) as a BGP, the two ISP's would be able to route traffic back and forth between themselves, through me. not a good thing.

2) also - I would be sent (without some filtering) large database lists of other router maps. Which would quickly overload my 1700.

so - it appears that BGP would not be a viable alternative to me at this time. Also, I think setting up with BGP requires some config on the ISP's parts as well - which I am sure that cox would not be interested in doing.
 
yeah my cox connect has been flaking out on me this weekend too. pings to the first hop are min 10 and max 915 on 50 tries and around 5% packet loss... dont bother calling them ive been on the phone for 4 hours today trying to get them to fix this crap. all they will tell me is that if im pinging less than 600 on average there is no problem..... :eek:

they are sending someone out next saturday :mad: to look at the cable that some other cox jerk spliced 2 weeks ago because the lawn care people for the complex cut it with a lawn mower and the cox jerk spliced the cable instead of replacing it and he didnt even put heatshrink around it. then he burried it!!!!!!! i went out and looked today just to see if he did something stupid and sure enough he didnt even use grease on the connection and the splice and barrel where burried!!!!!!!!!!!!!!!!!! my buddy who works for cox hsi says its probably water dammage..causing ingress...i'm thinking that it is a combination of the former and
COX isnt expecting all those people to actually use the extra bandwidth they gave them. hey but when it was working last week it was smokin :rolleyes:

oh and about your little problem...........http://www.hotbrick.com/lb-2.html
 
Surely I can configure a Cisco 1700 to handle this problem though?

It looks like my Cable is now up again. But- with it up - it appears that everything wants to NAT through the cable IP address - even the items that are set to route through the Serial interface.

here's my config:

interface Ethernet0
description COX CABLE INTERNET
ip address y.y.y.161 255.255.255.192
ip nat outside
shutdown
full-duplex
!
interface FastEthernet0
description INTERNAL NETWORK CONNECTION
ip address 192.168.200.254 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
description T1 CONNECT
bandwidth 1500
ip address x.x.173.10 255.255.255.252
ip nat outside
down-when-looped
!
ip nat inside source list 15 interface Ethernet0 overload
ip nat inside source list 16 interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 0.0.0.0 0.0.0.0 Serial0
ip route x.x.173.1 255.255.255.255 Serial0
ip route x.x.173.2 255.255.255.255 Serial0
ip route x.x.173.3 255.255.255.255 Serial0
ip route x.x.173.4 255.255.255.255 Serial0
ip route x.x.175.0 255.255.255.0 Serial0

access-list 15 permit 192.168.200.0 0.0.0.255
access-list 16 permit 192.168.200.0 0.0.0.255

Is there a difference between specifying the interface name, and the actual IP address of the other end of the interface?

When I try to access something on the x.x.175.0 network, the NAT applys the y.y.y.161 address to the 192.168.200.x address. Any idea on how I can control it?

Anything that goes via the S0, should have NAT apply the x.x.173.10 address to it. But it does not. HELP!
 
Loneregister said:
1) as a BGP, the two ISP's would be able to route traffic back and forth between themselves, through me. not a good thing.
Click to expand...

There is a way to stop them from doing that, but I don't rember off the top of my head.

And with the NAT taking the cable, I think it may be taking if because of the ethernet interfaces better bandwith. s0 = 1.5 Mbps e0 = 10 Mbps in the routers logic. Not sure how this would make things react but you could try ip route 0.0.0.0 0.0.0.0 ethernet 0 10. Now this may make the router only use the T1. Because it will make the ip route for the ethernet interface less desirable., But it may only use the ethernet interface if the T1 goes down. But then it may do what you want. Give it a try and tell me how it works out.
 
Let me try that.

In the mean time - how can I force it to use an interface based on the destination IP address?
Ideally, I'd like to have the T1 for failover - and for certain static IP addresses. If the T1 is up, then these static ip addresses will ALWAYS be routed via the T1.

If the T1 goes down, everything over the cable. If the Cable goes down, everything over the T1.
If both are up, everything over the cable, except for the specific IP's.

Thanks! I'll make the changes and be back in a few.
 
I just updated the system to the
ip route 0.0.0.0 0.0.0.0 e0 10

which didn't seem to have an effect.

I think that perhaps once the NAT is in the translations for a specific IP address, it keeps it NAT'ing to a specific outside public ip.

so, once on cable, always on cable and vice versa.

the problem I have is that I want the traffic to go out an interface depending on destination address. Then, I want it to resolve to that interfaces IP address in the NAT translation.

A NAT pool won't work, since it is a pool that is drawn from from the external interfaces ip range. On the Cable side, I only have 1 IP.

How about bridging?
 
Ok - here's where I am at now.

I have turned off NAT on the T1.

All of my network protocol from my computer, to Linksys, to Cisco 1700 are all set with IP's from my T1 side. (Except of course, my computers, which are behind the linksys NAT and firewall).

Then - I setup ip nat inside on F0, and ip nat outside on E0 (cable) - and NO ip nat statement on the T1.

That way - anything that goes out via ip route via the t1 - will go out "naturally" with no translation.

However, if it does not find the route in the ip route table, it then defaults to:

ip route 0.0.0.0 0.0.0.0 e0

Which has ip nat outside on it.

The E0 is set to my cable companies IP address that they gave me. x.x.x.x
(and my linksys) is set to y.y.y.y (one of my T1 public ip addresses)

I have the statement

access-list 15 permit y.y.y.y 255.255.255.252
ip nat inside source list 15 interface Ethernet0 overload

shouldn't that not do it?

I did debug ip nat- and I see everything doing the NAT translation when it should, and I don't see any NAT when it's going to my specific ip route IP"s. All good.

However, nothing gets returned from the cable connection. I'll have to check tomorrow and see if it's down or not.
 
It appears I got it working.

The problem was that I assumed that NAT had to work on 192.168.x.x addresses.

What I did was to take and leave the T1 side setup like the Cable side was not there. Then, applied NAT to the E0 (Cable) as ip nat outside and had it map appropriately.

bingo - it worked and it routes correctly as well.

Yahoo!

It's not sharing - but it's definately allowing me to use Cable on one side, and T1 on the other at the same time!
 
You must log in or register to reply here.
Back
Top