I have an 1841 router with several WAN interfaces. What I am trying to accomplish is that if the Ethernet 0/1 interface is down, it will route traffic to the backup interface which is Serial 0/1/0.
Serial 0/0/0 and 0/0/1 are point to point T1 to a remote office and are intended to provide backup connectivity for a VPN between sites. As I am new to the situation and did not configure these, I'm not sure how these are set up and if they are even really being utilized, but for now my main purpose is to get a backup WAN set up.
Primary WAN is a Comcast cable connected to an ASA.
Secondary WAN is T1 on Serial 0/1/0.
When I pull the plug on the comcast connection, I can ping outside IPs but no web traffic gets through. I suspect this has something to do with the "set ip next-hop" configuration. From what I can tell the configuration is set to route all DNS, http and https traffic to this IP (the comcast IP) unless that IP is not accessible, then it would use the default route. I'm not very familiar with this and I am not seeing where there is a default route set to take over in case the comcast goes down. Any help would be appreciated.
Here is the running config:
Current configuration : 4469 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WMSavoy-McLeod ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model dot11 syslog ip source-route ! ! ! ! ip cef multilink bundle-name authenticated ! ! ! ! ! username --------
username -------- username -------- archive log config hidekeys ! ! controller T1 0/0/0 framing esf fdl ansi linecode b8zs channel-group 0 timeslots 1-24 ! controller T1 0/0/1 framing esf fdl ansi linecode b8zs channel-group 0 timeslots 1-24 ! ! ! ! interface Loopback0 ip address 188.8.131.52 255.255.255.255 ! interface Tunnel0 ip address 172.16.4.254 255.255.255.252 tunnel source 184.108.40.206 tunnel destination 220.127.116.11 tunnel mode ipip ! interface Multilink1 ip address 18.104.22.168 255.255.255.252 no ip redirects no ip proxy-arp no ip mroute-cache ppp multilink ppp multilink group 1 ! interface FastEthernet0/0 ip address 10.10.209.253 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description Connected to ASA Firewall ip address 22.214.171.124 255.255.255.224 ip policy route-map comcast-redirect duplex auto speed auto ! interface Serial0/0/0:0 description Connected to 100 CC no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/0/1:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/1/0 description Connected to McLeod
ip address 126.96.36.199 255.255.255.252 encapsulation ppp service-module t1 timeslots 1-24 service-module t1 fdl ansi ! router eigrp 1 redistribute bgp 46210 route-map check-def passive-interface FastEthernet0/0 passive-interface Serial0/1/0 passive-interface Tunnel0 network 188.8.131.52 0.0.0.255 default-metric 10000 1000 255 1 1500 no auto-summary ! router bgp 46210 no synchronization bgp log-neighbor-changes bgp redistribute-internal network 184.108.40.206 mask 255.255.255.0 network 220.127.116.11 mask 255.255.255.0 neighbor 18.104.22.168 remote-as 46210 neighbor 22.214.171.124 ebgp-multihop 2 neighbor 126.96.36.199 version 4 neighbor 188.8.131.52 remote-as 1785 neighbor 184.108.40.206 version 4 neighbor 220.127.116.11 send-community neighbor 18.104.22.168 prefix-list BGPDefault in neighbor 22.214.171.124 route-map MCLEOD-BGP-IN in neighbor 126.96.36.199 route-map MCLEOD-BGP-OUT out no auto-summary ! ip forward-protocol nd ip route 10.225.103.0 255.255.255.0 172.16.4.253 ip route 188.8.131.52 255.255.255.0 Null0 ip route 184.108.40.206 255.0.0.0 172.16.4.253 ip route 220.127.116.11 255.255.255.0 Null0 ip route 18.104.22.168 255.255.0.0 172.16.4.253 ! no ip http server no ip http secure-server ! ! ip access-list extended dns-traffic permit udp any any eq domain ip access-list extended web-traffic permit tcp any any eq www permit tcp any any eq 443 ! ! ip prefix-list 22.214.171.124/24 seq 1 permit 126.96.36.199/24 ! ip prefix-list 188.8.131.52/24 seq 1 permit 184.108.40.206/24 ! ip prefix-list BGPDefault seq 5 permit 0.0.0.0/0 le 32 ! ip prefix-list def-route seq 5 permit 0.0.0.0/0 access-list 14 permit 220.127.116.11 access-list 14 permit 18.104.22.168 access-list 60 permit 22.214.171.124 access-list 60 permit 126.96.36.199 access-list 60 permit 188.8.131.52 access-list 60 permit 184.108.40.206 access-list 60 permit 220.127.116.11 access-list 60 permit 18.104.22.168 access-list 60 permit 22.214.171.124 snmp-server community 1ntegrity RO 60 snmp-server community integrity RW 60 snmp-server ifindex persist snmp-server enable traps tty snmp-server manager snmp-server inform timeout 10 pending 10 disable-eadi route-map MCLEOD-BGP-OUT permit 1 match ip address prefix-list 126.96.36.199/24 ! route-map MCLEOD-BGP-OUT permit 2 match ip address prefix-list 188.8.131.52/24 set as-path prepend 46210 46210 46210 set community 116981830 ! route-map check-def permit 10 match ip address prefix-list def-route ! route-map comcast-redirect permit 10 match ip address web-traffic dns-traffic set ip next-hop 184.108.40.206 set interface FastEthernet0/1 ! route-map MCLEOD-BGP-IN permit 1 match ip address prefix-list def-route ! ! ! control-plane ! ! line con 0 login local line aux 0 login local line vty 0 4 access-class 60 in login local ! scheduler allocate 20000 1000 end
i can see that you are running eigrp with ASA and bgp on ser0/1/0, so if your eth0/1 will go down eigrp will go down and you should automatically route out to ser0/1/0 and i do not see any issue with it as long as your bgp is established and working fine on ser0/1/0, sam can be confirmed with:
sh ip bgp sum
sh ip bgp
on your route-map applied on eth0/1 that is your return traffic coming from ASA and not sure what is the purpose of it but it will only effect traffic coming from ASA not outgoing traffic.
If so, we’d like to speak with you to understand you and your team’s process on how you monitor and troubleshoot network traffic.
We ask that you complete our brief survey: https://ciscoux.az1.qualtrics.com/jfe/form/SV_d4LYJ5oWqWj9CCy Based on your ...
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig...