cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1600
Views
0
Helpful
1
Replies

Unable to ping router's backup WAN interface from outside

ps0000000
Level 1
Level 1

Hello all.

I have 2821 router with 2 ISP WAN connections with real IP addresses - main and backup. IOS 15.1(4)M12a

When main ISP is active I can't ping backup ISP interface IP address or access router from Internet. When main ISP is down backup interface is fully accessible.

Will you please help me configure router so I can use backup interface when main ISP is active.

My config

dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
track 11 ip sla 1 reachability
!
track 22 ip sla 2 reachability
 delay down 8 up 8
!
track 33 ip sla 3 reachability
 delay down 8 up 8
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.20
 description MAIN
 encapsulation dot1Q 20
 ip address x.x.x.165 255.255.255.240
 ip nat outside
 ip virtual-reassembly in
!
interface GigabitEthernet0/0.21
 description BACKUP
 encapsulation dot1Q 21
 ip address y.y.y.182 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.30
 description LAN
 encapsulation dot1Q 30
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 80
ip http authentication local
ip http secure-server
!
!
ip nat inside source route-map BACKUP interface GigabitEthernet0/0.21 overload
ip nat inside source route-map MAIN interface GigabitEthernet0/0.20 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.161 track 22
ip route 0.0.0.0 0.0.0.0 y.y.y.1 170
ip route 4.2.2.1 255.255.255.255 x.x.x.161 permanent
ip route 4.2.2.3 255.255.255.255 y.y.y.1 permanent
!
ip sla 1
 icmp-echo 8.8.8.8
 frequency 10
 timeout 10000
 threshold 10000
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 4.2.2.1 source-interface GigabitEthernet0/0.20
 threshold 3000
 timeout 3000
 frequency 5
ip sla schedule 2 life forever start-time now
ip sla 3
 icmp-echo 4.2.2.3 source-interface GigabitEthernet0/0.21
 threshold 3000
 timeout 3000
 frequency 5
ip sla schedule 3 life forever start-time now

access-list 110 permit ip 10.1.1.0 0.0.0.255 any
!
!
!
!
route-map MAIN permit 10
 match ip address 110
 match interface GigabitEthernet0/0.20
!
route-map BACKUP permit 10
 match ip address 110
 match interface GigabitEthernet0/0.21
!
control-plane
!
!
!
!
mgcp profile default
!

Thanks in advance.

 

1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

Perhaps I am not clear on what you want to accomplish. The config establishes a primary outbound link (with track specified) and a backup outbound link (using a floating static default route). That is intended to have a primary link that is normally active and a backup link which is active only when the primary has failed. And it sounds like this is working.

 

Are you saying that you want to change the design and to have both outbound links active at the same time? If so that is fairly simple to accomplish. Change the static route using y.y.y.1 from floating static to regular static by removing the last parameter (170). If you do this then you will have 2 active default routes and the router will do load sharing using both interfaces. Is that what you intend?

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: