Alright, here is a current config I am working on. I am wondering if
any of you can take a look at this and tell me if I am retarded or not.
Looks like everything is working for the most part. Basically
instituted vlans with blocks of students (vlan 1,10,20,30), an office
(vlan 100), and another vlan (vlan 200)which is also students but being
routed away from the T1 to a cheaper comcast line. In the match ip
address statement I am trying to keep the voip traffic routed to the vm
server of 192.168.1.253, instead of bouncing to the comcast gate.


Current configuration : 4494 bytes
!
! Last configuration change at 04:19:37 pst Wed Jan 26 2005
! NVRAM config last updated at 16:15:55 pst Tue Nov 2 2004
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname gw/xxxxxxx
!
logging buffered 100000 debugging
enable password 7 xxxxxxxx
!
clock timezone pst -8
clock summer-time pdt recurring
ip subnet-zero
!
!
ip name-server 206.13.xx.yy
ip name-server 206.13.xx.yy
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.250 192.168.1.254
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.200.1 192.168.200.10
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
dns-server 206.13.28.12 206.13.31.12
default-router 192.168.1.250
domain-name group1.local
!
ip dhcp pool 10
network 192.168.10.0 255.255.255.0
dns-server 206.13.28.12 206.13.31.12
default-router 192.168.10.250
domain-name group10.local
!
ip dhcp pool 20
network 192.168.20.0 255.255.255.0
dns-server 206.13.28.12 206.13.31.12
default-router 192.168.20.250 255.255.255.0
domain-name group20.local
!
ip dhcp pool 30
network 192.168.30.0 255.255.255.0
dns-server 206.13.28.12 206.13.31.12
default-router 192.168.30.250 255.255.255.0
domain-name group30.local
!
ip dhcp pool 100
network 192.168.100.0 255.255.255.0
dns-server 192.168.100.1
default-router 192.168.100.250 255.255.255.0
domain-name office.local
!
ip dhcp pool 200
network 192.168.200.0 255.255.255.0
default-router 192.168.200.250
domain-name comcast.local
dns-server 216.148.227.68 204.127.202.4
!
!
!
!
!
interface FastEthernet0
description TO LOCAL LAN
no ip address
ip nat inside
speed 100
full-duplex
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
ip address 192.168.1.250 255.255.255.0
ip nat inside
no cdp enable
!
interface FastEthernet0.10
encapsulation dot1Q 10
ip address 192.168.10.250 255.255.255.0
ip nat inside
!
interface FastEthernet0.20
encapsulation dot1Q 20
ip address 192.168.20.250 255.255.255.0
ip nat inside
!
interface FastEthernet0.30
encapsulation dot1Q 30
ip address 192.168.30.250 255.255.255.0
ip nat inside
!
interface FastEthernet0.100
encapsulation dot1Q 100
ip address 192.168.100.250 255.255.255.0
ip nat inside
!
interface FastEthernet0.200
encapsulation dot1Q 200
ip address 192.168.200.250 255.255.255.0
ip policy route-map comcast1
!
interface Serial0
description SBC-CKT# xxx
no ip address
encapsulation frame-relay IETF
logging event subif-link-status
logging event dlci-status-change
no fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description Connection to SBC Internet Services
ip address 216.100.xx.yyy 255.255.255.252
ip nat outside
frame-relay interface-dlci 16
!
router rip
network 192.168.1.0
network 192.168.100.0
!
ip nat pool housenat 63.206.xx.yyy 63.206.xx.yyy netmask
255.255.255.240
ip nat inside source list 7 pool housenat overload
ip nat inside source static tcp 192.168.100.1 25 63.206.xx.aaa 25
extendable
ip nat inside source static udp 192.168.100.1 25 63.206.xx.aaa 25
extendable
ip nat inside source static tcp 192.168.100.1 80 63.206.xx.aaa 80
extendable
ip nat inside source static udp 192.168.100.1 80 63.206.xx.aaa 80
extendable
ip nat inside source static tcp 192.168.100.1 110 63.206.xx.aaa 110
extendable
ip nat inside source static udp 192.168.100.1 110 63.206.xx.aaa 110
extendable
ip nat inside source static tcp 192.168.100.1 3389 63.206.xx.aaa 3389
extendable
ip nat inside source static udp 192.168.100.1 3389 63.206.xx.aaa 3389
extendable

ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
!
access-list 7 permit 192.168.0.0 0.0.255.255
access-list 120 deny tcp any host 192.168.1.253
access-list 120 permit ip any any
route-map comcast1 permit 10
match ip address 120
set ip next-hop 192.168.200.1
!
snmp-server chassis-id line serial #xxxxxxx
snmp-server enable traps tty
!
line con 0
password 7 xxxxxxxxxxxx
login
line aux 0
transport input all
flowcontrol hardware
line vty 0 4
password 7 xxxxxxxxxxxxxxx
login


The weird thing is that as soon as the config was set, I am noticing
that all switch ports (except the gate) on the 200 vlan are all
flashing together, like they are on a hub. Of course they are not on a
hub, but a solid avaya switch. Any ideas?

You have router on stick topology. External router being used for
inter-vlan routing. As a future strategy, going for Layer3 switch is
recommended. Router forms a single point of failure. Secondly router
may get overtly loaded and trunk link may create a bottleneck.

Secondly there is no problem with the configuration as such. I dont
think LED indication should create any concern because they are meant
for LAN activity. Though I am not sure for Avaya Switch. You may also
check for SPEED and duplex settings on trunk port of the switch.

Also in the route-map you have to add another statement, to create a
backup route in case if the Next hop in first statement fails. Also put
ip route-cache policy under interface configuration.. where route-map
is applied if u have IOS 12.0 or higher...

regards
Jay )

Jayesh Sharma wrote:
I understand, we just can't really afford more equipment so I have to
make do in this situation with the router being such a point of
failure. Also this router being a 1721 is not exactly designed to be a
core piece as I am using it, but I am showing about 17% utilization on
the cpu at peak times so no worries.

Trunk port on the router and switch are fixed to 100mbps full, so that
there are no autonegotiation errors. Could be a bottleneck, but
realistically I really don't have all that much bandwidth (T1 plus the
comcast line) so I am not really worried.

I still however am dumbfounded by all the member ports of vlan 200
(where the comcast line is) flashing all together as if on a hub. All
of them except for the comcast gateway itself flash in unison with the
traffic. It makes me think there is some sort of weird broadcasting
going on with me setting the next hop from the gate interface on the
router to the comcast gate of 192.168.200.1 .. Of course if I was
smart I would be able to monitor the traffic in other means, but I
still think there is something screwed up. Btw switch is a p134g2 and
comcast gate a smc 8013wg.

Thxs for the catch on this one. Could you give me an example perhaps?
Also what does the route-cache policy do for me?
I appreciate your time.

Brian

route-cache policy statement fast-switches ur packet which r matched in
route-map.. in earlier versions of IOS they were all process switched..
and also in new versions the default behaviour is to process switch the
packets...