We recently received a request from a rural customer who was tired of their unreliable 1Mbps ADSL line to add a second ADSL line to their network. The line was ordered and installed and we then added a second ADSL wic interface to their router and set to work making it work. Our brief was to make it work so that each LAN was associated with one WAN link and only used that WAN link. This is how we went about it.
Clearly the second interface needed to be associated with a second dialer created to log in and manage the second connection. Furthermore, we needed to add a second DHCP pool. This new config is shown as follows:
DHCP config:-
ip dhcp pool pollux network 192.168.200.0 255.255.255.0 default-router 192.168.200.1 dns-server 62.6.40.178 62.6.40.162 As you can see this connection is using BT DNS servers.
Dialer config:-
interface Dialer1 description btbusiness ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 2 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxxxx ppp chap password xxxxxxx We then needed to allocate a second default route to the router and this was achieved by means of the following command:-
ip route 0.0.0.0 0.0.0.0 Dialer1 We created an access list to handle the new traffic relating to the new DHCP network as follows:-
access-list 22 permit 192.168.200.0 0.0.0.255
and then we added a new access list to ensure that the traffic on each LAN network remained segregated from the other LAN. This was done as follows:-
access-list 112 deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 112 deny ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255 access-list 112 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 112 permit ip 192.168.1.0 0.0.0.255 any access-list 122 deny ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 122 deny ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255 access-list 122 deny ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 122 permit ip 192.168.200.0 0.0.0.255 any Finally we needed to apply route maps to mechanise the access lists, putting them to work maintaining segregation and ensuring correct operation. The following two route maps were configured:-
route-map pollux permit 22 match ip address 122 set interface Dialer1 ! route-map castor permit 12 match ip address 112 set interface Dialer0
Putting it all together our new configuration was as follows:-
version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service sequence-numbers ! hostname xxx-core-router ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 512000 debugging enable secret xxxxxxx ! no aaa new-model no network-clock-participate slot 1 no network-clock-participate wic 0 ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 no ip dhcp use vrf connected ! ip dhcp pool pollux network 192.168.200.0 255.255.255.0 default-router 192.168.200.1 dns-server 62.6.40.178 62.6.40.162 ! ip dhcp pool castor network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 62.6.40.178 62.6.40.162 ! ! ip flow-cache timeout active 1 ip name-server 212.159.13.49 ip name-server 212.159.13.50 ip name-server 141.1.1.1 ! ! ! archive log config hidekeys ! ! ! ! ! ! interface ATM0/0 description btbusiness no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive dsl operating-mode itu-dmt pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip flow ingress ip flow egress ip nat inside ip virtual-reassembly ip route-cache flow ip policy route-map castor duplex auto speed auto ! interface ATM0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive dsl operating-mode itu-dmt pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 2 ! ! interface FastEthernet0/1 ip address 192.168.200.1 255.255.255.0 ip nat inside ip virtual-reassembly ip policy route-map pollux duplex auto speed auto ! interface Dialer0 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxxxx ppp chap password xxxxxxx ! interface Dialer1 description btbusiness ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 2 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxxxx ppp chap password xxxxxxx ! router rip version 2 network 192.168.1.0 network 192.168.200.0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 192.168.88.0 255.255.255.0 192.168.200.2 ip route 212.159.13.49 255.255.255.255 Dialer1 ip route 212.159.13.50 255.255.255.255 Dialer1 ! no ip http server no ip http secure-server ip nat inside source list 12 interface Dialer0 overload ip nat inside source list 22 interface Dialer1 overload ip nat inside source route-map castor interface Dialer1 overload ip nat inside source route-map pollux interface Dialer0 overload ! access-list 12 permit 192.168.1.0 0.0.0.255 access-list 22 permit 192.168.200.0 0.0.0.255 access-list 112 deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 112 deny ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255 access-list 112 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 112 permit ip 192.168.1.0 0.0.0.255 any access-list 122 deny ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 122 deny ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255 access-list 122 deny ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 122 permit ip 192.168.200.0 0.0.0.255 any route-map pollux permit 22 match ip address 122 set interface Dialer1 ! route-map castor permit 12 match ip address 112 set interface Dialer0 ! ! ! control-plane ! ! ! alias exec arp tclsh flash:arp.tcl alias exec shutnoshut tclsh flash:shutnoshut.tcl ! line con 0 line aux 0 line vty 0 4 access-class 12 in password xxxxx login transport input telnet ! ntp clock-period 17207966 ntp server 85.119.80.233 ! end
The network worked beautifully. Another elegant solution from Rustyice Solutions.