Search Our Site

Our Newsletter

Our Ramblings

Cisco – Two LAN, Two WAN ISP and NAT

We recently received a request from a rural customer who was tired of their unreliable 1Mbps ADSL line to add a second ADSL line to their network. The line was ordered and installed and we then added a second ADSL wic interface to their router and set to work making it work. Our brief was to make it work so that each LAN was associated with one WAN link and only used that WAN link. This is how we went about it.

Clearly the second interface needed to be associated with a second dialer created to log in and manage the second connection. Furthermore, we needed to add a second DHCP pool. This new config is shown as follows:

DHCP config:-

ip dhcp pool pollux
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1 
   dns-server 62.6.40.178 62.6.40.162 

As you can see this connection is using BT DNS servers.

Dialer config:-

interface Dialer1
 description btbusiness
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx

We then needed to allocate a second default route to the router and this was achieved by means of the following command:-
ip route 0.0.0.0 0.0.0.0 Dialer1

We created an access list to handle the new traffic relating to the new DHCP network as follows:-
access-list 22 permit 192.168.200.0 0.0.0.255

and then we added a new access list to ensure that the traffic on each LAN network remained segregated from the other LAN. This was done as follows:-

access-list 112 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.1.0 0.0.0.255 any
access-list 122 deny   ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.200.0 0.0.0.255 any

Finally we needed to apply route maps to mechanise the access lists, putting them to work maintaining segregation and ensuring correct operation. The following two route maps were configured:-
route-map pollux permit 22
 match ip address 122
 set interface Dialer1
!
route-map castor permit 12
 match ip address 112
 set interface Dialer0

Putting it all together our new configuration was as follows:-

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname xxx-core-router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 512000 debugging
enable secret xxxxxxx
!
no aaa new-model
no network-clock-participate slot 1 
no network-clock-participate wic 0 
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
!
ip dhcp pool pollux
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1 
   dns-server 62.6.40.178 62.6.40.162 
!
ip dhcp pool castor
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 62.6.40.178 62.6.40.162 
!
!
ip flow-cache timeout active 1
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip name-server 141.1.1.1
!
!
!
archive
 log config
  hidekeys
!
!
! 
!
!
!
interface ATM0/0
 description btbusiness
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode itu-dmt 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip policy route-map castor
 duplex auto
 speed auto
!
interface ATM0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode itu-dmt 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map pollux
 duplex auto
 speed auto
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx
!
interface Dialer1
 description btbusiness
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx
!
router rip
 version 2
 network 192.168.1.0
 network 192.168.200.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.88.0 255.255.255.0 192.168.200.2
ip route 212.159.13.49 255.255.255.255 Dialer1
ip route 212.159.13.50 255.255.255.255 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 12 interface Dialer0 overload
ip nat inside source list 22 interface Dialer1 overload
ip nat inside source route-map castor interface Dialer1 overload
ip nat inside source route-map pollux interface Dialer0 overload
!
access-list 12 permit 192.168.1.0 0.0.0.255
access-list 22 permit 192.168.200.0 0.0.0.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.1.0 0.0.0.255 any
access-list 122 deny   ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.200.0 0.0.0.255 any
route-map pollux permit 22
 match ip address 122
 set interface Dialer1
!
route-map castor permit 12
 match ip address 112
 set interface Dialer0
!
!
!
control-plane
!
!
!
alias exec arp tclsh flash:arp.tcl
alias exec shutnoshut tclsh flash:shutnoshut.tcl
!
line con 0
line aux 0
line vty 0 4
 access-class 12 in
 password xxxxx
 login
 transport input telnet
!
ntp clock-period 17207966
ntp server 85.119.80.233
!
end

 

The network worked beautifully. Another elegant solution from Rustyice Solutions.

Communications

network1The size of a network is limited due to size and distance constraints. However networks may be connected over a high speed communications link (called a WAN link) to link them together and thus become a WAN.

Most business organizations use WAN links to interconnect local area networks (LANs) at geographically dispersed sites. Over the years, as business organizations continue to grow both nationally and globally, the demand for WAN links has steadily increased. Call centers, for example, have moved off-shore; distributed computing has replaced large regional data centers; sales offices have expanded to new locations. As WAN links become integral to the day-to-day operations of the business organizations, the availability and reliability of WAN links has a direct, highly visible impact on business operations, employee productivity, and customer satisfaction.

East Africa: Regional conference on satellite communication

logoThis week, more than 250 delegates from East African countries are gathering for a regional conference on broadband and satellite communication for East Africa.

The five-day meeting from 15 to 19 April 2013 is taking place in Kampala, Uganda and has the theme “Strategy for Broadband Access to All in East Africa”. It is organised by the Ministry of ICT, Uganda Communications Commission (UCC), International Telecommunications Organisation (ITSO), and the East African Communications Organisation (EACO).

The event is the first of its kind for the East African region. The objectives of the conference are to build capacities in the region regarding broadband communication and to highlight the importance of satellite communication for the socio-economic development in East Africa.

Apogee Internet will shortly be announcing our latest initiatives supplying these crucial services to the region.

Could 4G help rural areas get online?

While the government likes to talk about broadband as a commodity, alongside water or electricity, the sad truth is that many rural areas can get little to no service. There have been many false dawns in rural broadband; so is 4G set to be the next one, or is it the real deal?

In simple terms, 4G mobile broadband is set to slowly replace the current 3G networks we have cross the UK. You’ll need a new smartphone or dongle to access it, but otherwise it should smoothly replace 3G while offering the promise of faster, more reliable mobile data transfer.

The case for 4G mobile broadband

The 4G revolution certainly has the potential to meet rural needs. Rollout should be relatively straightforward, with first-to-market EE (Orange and T-Mobile) having already brought 4G to 27 UK towns and cities since launching late in 2012.

Price shouldn’t be an issue either. Mobile network Three has announced it will not charge a premium (above its 3G charges) for 4G mobile broadband, so it will be tough for the other networks to do so once competition for customers hots up.

Then there are the speeds. EE has been quoting averages from 8-12Mb since launch, with the current potential for 40Mb max speeds. While this is a long way behind current UK fixed-line speeds over fibre (which are already 100Mb and rising), 40Mb would be more than fast enough for the majority of rural customers’ needs.

And better still, this is potentially the tip of the iceberg in terms of speed. Etislat tests last year clocked a new 4G record at more than 300Mb and while you’re not likely to get that in a windy field near you anytime soon, it shows what this fledgling technology still in the locker.

The case against

As always tends to be the case when it comes to broadband, the biggest barrier to rural 4G is money. While the mobile internet providers are always quick to get their shiny new networks up and running in London, Birmingham and Manchester, those of us living in less population dense areas know the postcode lottery all too well. The talk is always of ‘population’ coverage, not geographical, and you can be sure the 4G rollout will be no different.

Then there’s reliability. We’ve had 3G for a long time now and enjoy very high UK coverage in terms of population, but standing stock still isn’t often enough to hold a reliable signal – let alone moving around. This can make data downloads a tedious task, while streaming can be next to useless. When 3G arrived there was much talk of being able to scrap your fixed line connection – something few have gone on to risk.

This leads us nicely onto speeds. Again, while first 7Mb and then 14Mb were promised the UK average 3G mobile broadband speed has never really got higher than 1-2Mb. Independent 4G field testing isn’t averaging out at 10Mb yet, so for now the jury is very much out. However, many a rural broadband customer would happily accept a reliable 10Mb broadband package.

So yes, 4G mobile broadband has the potential to get rural areas online. But unless you have a very active council or business community getting behind your push for base stations, I wouldn’t start holding your breath just yet.

Author Bio: Matt Powell is the editor for the broadband provider comparison site Broadband Genie.