Need basic router help

[clickaway]

Here's my situation, i am way over my head, but this is relatively simple i imagine.

Cisco 7200 router (IOS 12.0)
Two cards: Dual DS3 card, Dual Ethernet card

I have one T3 from AT&T coming into serial1/0
which is working ok for years.
We are switching to a new Qwest T3, which is now coming into the serial1/1 port

I am trying to route the serial1/0 traffic to ethernet2/0
and the new serial1/1 traffic to ethernet2/1 port.

So i am not looking for load balancing or anything, i just want both networks independently running so i can start moving servers over from the old IP addresses to the new ones on the new network.

I will not be using any NAT etc, i am doing everything i need on the firewall behind the router. I simply want IP traffic passed to either network adapter as appropriate.

currently config is such:

interface serial1/0
ip address x.x.15.86 255.255.255.252
no ip redirects
no ip unreachables
no ip directed-broadcasting
no ip proxy-arp
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10

interface serial1/1
ip address y.y.248.202 255.255.255.252
no ip redirects
no ip unreachables
no ip directed-broadcasting
no ip proxy-arp
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10

inteface FastEthernet2/0
ip address x.x.48.1 255.255.255.252
no ip directed-broadcast
full-duplex

inteface FastEthernet2/1
ip address y.y.198.1 255.255.255.252
no ip directed-broadcast
full-duplex

ip classless
ip route 0.0.0.0 0.0.0.0 serial1/0

anyhelp would be appreciated.

 

[clickaway]

posted a typo above, the ethernet config subnets are wrong, here is correct info:

inteface FastEthernet2/0
ip address x.x.48.1 255.255.254.0
no ip directed-broadcast
full-duplex

inteface FastEthernet2/1
ip address y.y.198.1 255.255.254.0
no ip directed-broadcast
full-duplex

 

[lambent]

Some questions:

1) Are the 2 WAN links connecting to 2 different locations or subnets?

2) What's the source and destination networks of the traffic coming into the old and new T3 links?

3) Will the 2 FE interfaces lead to the same destination network as in No. 2)?

 

[clickaway]

All traffic is IP traffic (we are a web hosting provider)

Not sure exactly what you mean...

The WAN links are both direct internet connections to the rest of the world, one through AT&T (x.x.x.x) and the other through Qwest (y.y.y.y)

for the sake of argument, i will simplify our network. the two fe interfaces are each connected to their own independent 100baseT switch. each switch has two servers on it. the serial1/0-->fe2/0 link is connected to the switch that has servers x.x.x.100 and x.x.x.101 on it. the serial1/1/-->fe2/1 link is connected to the switch that has servers y.y.y.200 and y.y.y.201 on it.

the serial1/0->fe2/0 link has worked for years. i am just trying to get the other network connected so the servers on the other switch operate.

all ip address are actual ip addresses that the world should be able to see. there are no fake IPs (or whatever you call those 192.168 and 10.10 ip addresses)

 

[lambent]

so how about the outbound traffic? Do you want to manipulate the traffic such that traffic from x.x.x.100 and x.x.x.101 to the Internet will be forwarded out of the s1/0, while traffic from y.y.y.200 and y.y.y.201 to the Internet will be forwarded out of the s1/1?

 

[clickaway]

Yes, outbound traffic would need to be routed back through the same serial interface from which it came as inbound request, as you described.

 

[lambent]

And...are you using BGP to advertise your networks to the Internet? (very likely but just want to confirm and get a clearer picture)

 

[clickaway]

I have no knowledge of BGP (i am a newbie i admit), nor do i think BGP is active since we only always had the one provider link.

 

[lambent]

If it's possible please post the configuration less any password

 

[clickaway]

r01#show run
Building configuration...

Current configuration : 6277 bytes
!
version 12.0
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname r01
!
enable secret .....
!
ip subnet-zero
no ip source-route
!
!
no ip finger
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
interface Serial1/0
ip address a.b.15.86 255.255.255.252
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10
!
interface Serial1/1
ip address c.d.248.202 255.255.255.252
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10
!
interface FastEthernet2/0
ip address a.b.48.1 255.255.254.0
no ip directed-broadcast
full-duplex
!
interface FastEthernet2/1
ip address c.d.198.1 255.255.254.0
no ip directed-broadcast
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0
!
!
banner login ^C Authorized Access Only --- All connections are logged and monitored ^C
!
end

r01#

 

[lambent]

You better ask your ISPs whether they're helping you to advertise your networks into the Internet as I only see a default route in your router. So if this is true, then ask the ISP of the old T3 to advertise networks in int f2/0 and/or any server subnets behind f2/0. Then ask the ISP of the new T3 to advertise networks in int f2/1 and/or any server subnets behind f2/1. This will manipulate inbound traffic as per your requirement.

For outbound traffic, you'll need to set policy-based routing:

!
access-list 101 deny ip a.b.48.0 0.0.1.255 c.d.198.0 0.0.1.255
access-list 101 permit ip a.b.48.0 0.0.1.255 any
!
access-list 102 deny ip c.d.198.0 0.0.1.255 a.b.48.0 0.0.1.255
access-list 102 permit ip c.d.198.0 0.0.1.255 any
!
route-map oldt3 permit 10
match ip address 101
set ip next-hop a.b.15.85
route-map oldt3 permit 100
!
route-map newt3 permit 10
match ip address 102
set ip next-hop c.d.248.201
route-map newt3 permit 100
!
interface f2/0
ip policy route-map oldt3
!
interface f2/1
ip policy route-map newt3
!


If you have some other networks behind f2/0 and/or f2/1, you may need to modify the access-lists to include these networks.

Hope this helps.

 

[clickaway]

i dont understand. 'advertise'? the two DS3's are from two different ISPs, and both are full Class-C's. they've already controlled routing on their end to make those class C's come into each of their own DS3's.

yet with my default 0.0.0.0 0.0.0.0.0 ip route in the config, both Ethernet ports get the traffic, which i dont want.

the isps having nothing to do with my fe ports, thats inside my router. so i guess i dont understand.

 

[lambent]

ok usually your ISP will provide a WAN subnet and a LAN subnet for you. The WAN subnet is the network of the WAN link like a.b.15.84/30, the LAN subnet is usually a public IP address range that will be used by your users and servers to access the Internet. You may need to use NAT but this depends on the number of public IP addresses the ISP gives you and your requirement.

If your LAN subnet belongs to a public IP address range and you want to access the Internet, then you must let others in the Internet know about your network. In order words, you have to "advertise" your network into the Internet. We either do this by running BGP with the ISP, or just let the ISP to advertise this network for you.

In your situation, if both of your ISP advertise your 2 fastethernet networks, then that means from the Internet, there will be 2 entrances into both fastethernet networks which I believe you don't want to happen. So for manipulating this inbound traffic from the Internet, if your old ISP only advertises the f2/0 network and your new ISP only advertises the f2/1 network, then any inbound traffic coming into your f2/0 network will be routed into your old T3 only, while the inbound traffic coming into f2/1 network will be routed into your new T3.