Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

After OER enabled, randomly unable to ping or SSH into router.

gfwireless
Level 1
Level 1

‎03-24-2008 10:44 PM - edited ‎03-03-2019 09:15 PM

Hello,

We currently have a multihomed Cisco 1811 running IOS 12.4.

FastEthernet0 (FE0) is assigned 1.1.1.1 from ISP-A. FastEthernet1 (FE1) is assigned 2.2.2.2 from ISP-B.

OER is configured and working well.

The problem I have is sometimes (randomly) various remote networks are unable to ping or SSH into the Router itself using ISP-A (1.1.1.1). They have to use ISP-B (2.2.2.2). Sometimes it is vice-versa.

I am assuming that this is caused by the OER algorithm setting a static route to the various destination networks.

I can set up a local policy to force any connections destined for FE0 to go back out FE0.

or...

I can set up a local policy to force any connections destined for FE1 to go back out FE1.

But...

I have been unable to determine how to create a local policy so that both FE0 and FE1 behave this way "simultaneously".

My question is:

1. Is it possible to set a local policy such that when a connection enters FE0, it is routed back through FE0 and when a connection enters FE1 it is routed back through FE1?

Thanks in advance.

Riaz Oosman

Labels:
0 Helpful
3 Replies 3

shailendra.singh
Level 1
Level 1

‎03-25-2008 12:07 AM

Yes, Why not? You can use " match input-interface" in the route-map for this.

Thanks,

Shailendra

0 Helpful

gfwireless
Level 1
Level 1
In response to shailendra.singh

‎03-25-2008 05:10 AM

Hi Shailendra,

Thanks for the reply.

I was unable to find "match input-interface" in a regular route-map statement. I did however find that it was applicable in a QOS class-map. Is this what you are referring to?

Thanks!

Riaz Oosman

0 Helpful

gfwireless
Level 1
Level 1

‎04-07-2008 07:10 AM

Hello,

Doing a little more research I believe I have solved my problem.

Global IP for FE0 is 1.1.1.1, default GW is 1.1.1.254

Global IP for FE1 is 2.2.2.2, default GW is 2.2.2.254

Here are the pertinent config entries that I created:

access-list 170 permit ip host 1.1.1.1 any

access-list 171 permit ip host 2.2.2.2 any

!

route-map equal-access permit 10

match ip address 170

set ip next-hop 1.1.1.254

!

route-map equal-access permit 20

match ip address 171

set ip next-hop 2.2.2.254

!

ip local policy route-map equal-access

This has been on a production router for several days now and we have not had any problems. If anyone sees a security or access issue, please post any corrections. Thanks.

Riaz...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card