1841 fall back to 2nd WAN when 1st WAN is down

wordenmartinit · ‎08-29-2013

I have an 1841 router with several WAN interfaces. What I am trying to accomplish is that if the Ethernet 0/1 interface is down, it will route traffic to the backup interface which is Serial 0/1/0.

Serial 0/0/0 and 0/0/1 are point to point T1 to a remote office and are intended to provide backup connectivity for a VPN between sites. As I am new to the situation and did not configure these, I'm not sure how these are set up and if they are even really being utilized, but for now my main purpose is to get a backup WAN set up.

Primary WAN is a Comcast cable connected to an ASA.

Secondary WAN is T1 on Serial 0/1/0.

When I pull the plug on the comcast connection, I can ping outside IPs but no web traffic gets through. I suspect this has something to do with the "set ip next-hop" configuration. From what I can tell the configuration is set to route all DNS, http and https traffic to this IP (the comcast IP) unless that IP is not accessible, then it would use the default route. I'm not very familiar with this and I am not seeing where there is a default route set to take over in case the comcast goes down. Any help would be appreciated.

Here is the running config:

Building configuration...

Current configuration : 4469 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WMSavoy-McLeod
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
multilink bundle-name authenticated
!
!
!
!
!
username --------

username --------
username --------
archive
log config
hidekeys
!
!
controller T1 0/0/0
framing esf
fdl ansi
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
fdl ansi
linecode b8zs
channel-group 0 timeslots 1-24
!
!
!
!
interface Loopback0
ip address 63.255.237.129 255.255.255.255
!
interface Tunnel0
ip address 172.16.4.254 255.255.255.252
tunnel source 63.255.237.254
tunnel destination 63.255.237.253
tunnel mode ipip
!
interface Multilink1
ip address 63.255.237.254 255.255.255.252
no ip redirects
no ip proxy-arp
no ip mroute-cache
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/0
ip address 10.10.209.253 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description Connected to ASA Firewall
ip address 63.255.237.1 255.255.255.224
ip policy route-map comcast-redirect
duplex auto
speed auto
!
interface Serial0/0/0:0
description Connected to 100 CC
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/0/1:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0
description Connected to McLeod

ip address 63.252.95.114 255.255.255.252
encapsulation ppp
service-module t1 timeslots 1-24
service-module t1 fdl ansi
!
router eigrp 1
redistribute bgp 46210 route-map check-def
passive-interface FastEthernet0/0
passive-interface Serial0/1/0
passive-interface Tunnel0
network 63.255.237.0 0.0.0.255
default-metric 10000 1000 255 1 1500
no auto-summary
!
router bgp 46210
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
network 12.232.83.0 mask 255.255.255.0
network 63.255.237.0 mask 255.255.255.0
neighbor 12.232.83.254 remote-as 46210
neighbor 12.232.83.254 ebgp-multihop 2
neighbor 12.232.83.254 version 4
neighbor 63.252.95.113 remote-as 1785
neighbor 63.252.95.113 version 4
neighbor 63.252.95.113 send-community
neighbor 63.252.95.113 prefix-list BGPDefault in
neighbor 63.252.95.113 route-map MCLEOD-BGP-IN in
neighbor 63.252.95.113 route-map MCLEOD-BGP-OUT out
no auto-summary
!
ip forward-protocol nd
ip route 10.225.103.0 255.255.255.0 172.16.4.253
ip route 12.232.83.0 255.255.255.0 Null0
ip route 19.0.0.0 255.0.0.0 172.16.4.253
ip route 63.255.237.0 255.255.255.0 Null0
ip route 136.132.0.0 255.255.0.0 172.16.4.253
!
no ip http server
no ip http secure-server
!
!
ip access-list extended dns-traffic
permit udp any any eq domain
ip access-list extended web-traffic
permit tcp any any eq www
permit tcp any any eq 443
!
!
ip prefix-list 12.232.83.0/24 seq 1 permit 12.232.83.0/24
!
ip prefix-list 63.255.237.0/24 seq 1 permit 63.255.237.0/24
!
ip prefix-list BGPDefault seq 5 permit 0.0.0.0/0 le 32
!
ip prefix-list def-route seq 5 permit 0.0.0.0/0
access-list 14 permit 19.59.28.51
access-list 14 permit 136.132.1.34
access-list 60 permit 63.255.237.15
access-list 60 permit 63.252.73.2
access-list 60 permit 65.113.253.68
access-list 60 permit 63.252.73.34
access-list 60 permit 12.232.83.15
access-list 60 permit 65.113.253.22
access-list 60 permit 65.113.253.46
snmp-server community 1ntegrity RO 60
snmp-server community integrity RW 60
snmp-server ifindex persist
snmp-server enable traps tty
snmp-server manager
snmp-server inform timeout 10 pending 10
disable-eadi
route-map MCLEOD-BGP-OUT permit 1
match ip address prefix-list 63.255.237.0/24
!
route-map MCLEOD-BGP-OUT permit 2
match ip address prefix-list 12.232.83.0/24
set as-path prepend 46210 46210 46210
set community 116981830
!
route-map check-def permit 10
match ip address prefix-list def-route
!
route-map comcast-redirect permit 10
match ip address web-traffic dns-traffic
set ip next-hop 63.255.237.16
set interface FastEthernet0/1
!
route-map MCLEOD-BGP-IN permit 1
match ip address prefix-list def-route
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
login local
line vty 0 4
access-class 60 in
login local
!
scheduler allocate 20000 1000
end

vinodsh · ‎09-03-2013

Hello David,

i can see that you are running eigrp with ASA and bgp on ser0/1/0, so if your eth0/1 will go down eigrp will go down and you should automatically route out to ser0/1/0 and i do not see any issue with it as long as your bgp is established and working fine on ser0/1/0, sam can be confirmed with:

sh ip bgp sum

sh ip bgp

on your route-map applied on eth0/1 that is your return traffic coming from ASA and not sure what is the purpose of it but it will only effect traffic coming from ASA not outgoing traffic.