09-21-2017 11:19 PM - edited 03-05-2019 09:10 AM
Hello
I have a cisco 1811 with double wan.
I would like to configure the latter for failover.
I have a fiber connection on fe0 and a mobile connection (via a 4g router) on fe1.
the router arrives at pinger 8.8.8.8 and my box fiber. But when I put a computer with an ip static on one of the ports, I can ping the port of the vlan, port fe0 (192.168.1.254) but I can not ping the fiber box (192.168.1.1) xterieur.
I can not find my error, help :)
here my configuration :
routeur-cisco1811#sh conf Using 3032 out of 196600 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname routeur-cisco1811 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 XXXXXXXXXXXXXX ! no aaa new-model ! ! dot11 syslog ip source-route ! ! ! ! ip cef no ip domain lookup ip domain name XXXXXXXX.com no ipv6 cef ! multilink bundle-name authenticated ! ! ! username XXXXXXXX privilege 15 secret 5 XXXXXX ! ! ! archive log config hidekeys ! ! ! track 8 ip sla 1 reachability ! ! ! interface FastEthernet0 description Acces principal FTTH ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 description Acces secour 3/4G ip address 10.0.0.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet2 switchport access vlan 2 ! interface FastEthernet3 switchport access vlan 3 ! interface FastEthernet4 switchport access vlan 4 ! interface FastEthernet5 switchport access vlan 5 ! interface FastEthernet6 switchport access vlan 6 ! interface FastEthernet7 switchport access vlan 7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Vlan1 no ip address ! interface Vlan2 description ip address 192.168.2.254 255.255.255.0 ip access-group 13 out ! interface Vlan3 description casa ip address 192.168.3.254 255.255.255.0 ! interface Vlan4 description stockage ip address 192.168.4.254 255.255.255.0 ! interface Vlan5 description domotique et cameras ip address 192.168.5.254 255.255.255.0 ! interface Vlan6 description sentinelle ip address 192.168.6.254 255.255.255.0 ! interface Vlan7 description Monotoring surveillance generale ip address 10.1.1.254 255.255.255.0 ! interface Async1 no ip address encapsulation slip ! ip default-gateway 10.0.0.1 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 8 ip route 0.0.0.0 0.0.0.0 10.0.0.1 10 no ip http server no ip http secure-server ! ! ! ip sla 1 icmp-echo 192.168.1.1 source-ip 192.168.1.254 ip sla schedule 1 life forever start-time now access-list 13 permit 0.0.0.0 ! ! ! ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 login local transport input ssh ! end
Solved! Go to Solution.
09-24-2017 01:05 PM
Shame on me.
I have forgotten to reload the Cisco Router.
So i have tested to disconnect the Fiber box to the Cisco,it balances to the wan2.
When i connect again, it comes to the wan1. Its working.
but i have notificied something.
I wanted to try a loss of the Fiber signal, and i have let the Fiber box connected to the Cisco Router.
And the failover doesn't operate.
I still stay in the wan1.
Do i put a script which tested ping 8.8.8.8 from the wan port?
09-24-2017 01:24 PM
Hello,
I am sorry, I don't understand what is not working ? Your failover is based on ICMP (PING) reachability. What if you shut down either one of the interfaces ?
09-24-2017 01:37 PM
It's my fault,Sorry my English isn't very good, i am french :p
So i will try to be more understandable.
When i switch off the fiber Box or when i disconnect the network cable which links the Fiber Box and the Cisco router, the fail over works, it balances to the wan2.
But if i let the network cable which links the Fiber Box connected and the Fiber box on, and i cut the Fiber supply, it doesnt balance and i stay in the wan1.
09-25-2017 12:30 AM
Hi there,
You need to change your ip sla statement to test reachability to an IP on the internet. Ideally this should be your first hop to your ISP, or failing that just use google DNS:
! ip sla 1 icmp-echo 8.8.8.8 source-ip 192.168.1.254 !
cheers,
Seb.
09-25-2017 03:46 AM
Hy thakn you for your help.
So, i've changed :
icmp-echo 192.168.1.1 source-ip 192.168.1.254
for
icmp-echo 8.8.8.8 source-ip 192.168.1.254
like you suggest me.
So when i disconnect Fiber supply,it balances to my wan2.
But when i connect again the Fiber supply, it stays in wan2.
I have disconnected the wan2, to force balancing in the wan1.
But my Route doesn't come back in wan1.
Gateway of last resort is not set C 192.168.9.0/24 is directly connected, Vlan9 C 192.168.1.0/24 is directly connected, FastEthernet0
and when i plug again the the wan2, the route is ok and pass by wan 2.
Gateway of last resort is 10.0.0.1 to network 0.0.0.0 C 192.168.9.0/24 is directly connected, Vlan9 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet1 C 192.168.1.0/24 is directly connected, FastEthernet0 S* 0.0.0.0/0 [10/0] via 10.0.0.1
I have reloaded fiber box and cisco router.
Thanks again for your help
09-25-2017 08:47 PM
Hy
I have a question please.
Can I put 2 ip sla?
The ip of my Fiber box and that of Google for example. .
And the condition to stay in the wan 1 would be to ping the fiber box and google. And if I haven't the both conditions, it balances to wan?
Thank you for you help
09-26-2017 12:33 AM
Hi there,
Yes you can using boolean lists:
Try this, fresh from notepad :) :
! ip sla 1 icmp-echo 192.168.1.1 source-ip 192.168.1.254 ! ip sla 2 icmp-echo 8.8.8.8 source-ip 192.168.1.254 ! ip sla schedule 1 life forever start-time now ip sla schedule 2 life forever start-time now ! track 1 ip sla 1 reachability track 2 ip sla 2 reachability ! track 3 list boolean and object 1 object 2 ! ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3 !
cheers,
Seb.
09-27-2017 03:37 AM
Hy,
Thanks again.
I have built-in your code in my configuration.
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname routeur-cisco1811 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 XXXXXX/ ! no aaa new-model ! ! dot11 syslog ip source-route ! ! ! ! ip cef no ip domain lookup ip domain name domoticity.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 no ipv6 cef ! multilink bundle-name authenticated ! ! ! username domoticity privilege 15 secret 5 XXXXXX ! ! ! archive log config hidekeys ! ! ! track 1 ip sla 1 reachability ! track 2 ip sla 2 reachability ! track 3 list boolean and object 1 object 2 ! ! ! interface FastEthernet0 description Acces principal FTTH ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 description Acces secour 3/4G ip address 10.0.0.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet2 switchport access vlan 2 ! interface FastEthernet3 switchport access vlan 3 ! interface FastEthernet4 switchport access vlan 4 ! interface FastEthernet5 switchport access vlan 5 ! interface FastEthernet6 switchport access vlan 6 ! interface FastEthernet7 switchport access vlan 7 ! interface FastEthernet8 switchport access vlan 8 ! interface FastEthernet9 switchport access vlan 9 ! interface Vlan1 no ip address ! interface Vlan2 description domoticity ip address 192.168.2.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan3 description casa ip address 192.168.3.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan4 description stockage ip address 192.168.4.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan5 description domotique et cameras ip address 192.168.5.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan6 description sentinelle ip address 192.168.6.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan7 description Monotoring surveillance generale ip address 10.1.1.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan8 description Orange travail ip address 192.168.8.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan9 description Serveurs multimedia ip address 192.168.9.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Async1 no ip address encapsulation slip ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3 ip route 0.0.0.0 0.0.0.0 10.0.0.1 10 no ip http server no ip http secure-server ! ! ip nat inside source route-map BACKUP_ISP interface FastEthernet1 overload ip nat inside source route-map MAIN_ISP interface FastEthernet0 overload ! ip sla 1 icmp-echo 192.168.1.1 source-ip 192.168.1.254 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 8.8.8.8 source-ip 192.168.1.254 ip sla schedule 2 life forever start-time now access-list 100 permit ip 192.168.2.0 0.0.0.255 any access-list 100 permit ip 192.168.3.0 0.0.0.255 any access-list 100 permit ip 192.168.4.0 0.0.0.255 any access-list 100 permit ip 192.168.5.0 0.0.0.255 any access-list 100 permit ip 192.168.6.0 0.0.0.255 any access-list 100 permit ip 192.168.8.0 0.0.0.255 any access-list 100 permit ip 192.168.9.0 0.0.0.255 any access-list 100 permit ip 10.1.1.0 0.0.0.255 any ! ! ! ! route-map BACKUP_ISP permit 10 match ip address 100 match interface FastEthernet1 ! route-map MAIN_ISP permit 10 match ip address 100 match interface FastEthernet0 ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 login local transport input ssh ! event manager applet CLEAR_NAT_DOWN event track 1 state down action 1.0 cli command "enable" action 2.0 cli command "clear ip nat translations forced" event manager applet CLEAR_NAT_UP event track 1 state up action 1.0 cli command "enable" action 2.0 cli command "clear ip nat translations forced" ! end
First boot, i have the wans plugged.
And my route goes to the wan2(FE1).
routeur-cisco1811#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 10.0.0.1 to network 0.0.0.0 C 192.168.9.0/24 is directly connected, Vlan9 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet1 C 192.168.1.0/24 is directly connected, FastEthernet0 S* 0.0.0.0/0 [10/0] via 10.0.0.1
So i have disconnected the wan2 and no route goes into wan1(Fe0).
routeur-cisco1811#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C 192.168.9.0/24 is directly connected, Vlan9 C 192.168.1.0/24 is directly connected, FastEthernet0
I don't manage to find what's going wrong.
Thank's for your help
09-27-2017 03:58 AM
In the state where the default route doesn't transition back to Fe0, what is the output of sh track ?
09-27-2017 04:12 AM
routeur-cisco1811#sh track Track 1 IP SLA 1 reachability Reachability is Up 2 changes, last change 00:41:20 Latest operation return code: OK Latest RTT (millisecs) 1 Tracked by: Track-list 3 EEM applet CLEAR_NAT_UP EEM applet CLEAR_NAT_DOWN Track 2 IP SLA 2 reachability Reachability is Down 1 change, last change 00:42:30 Latest operation return code: Timeout Tracked by: Track-list 3 Track 3 List boolean and Boolean AND is Down 1 change, last change 00:42:30 object 1 Up object 2 Down Tracked by: STATIC-IP-ROUTING 0 routeur-cisco1811#
this is wha i have with sh track.
09-27-2017 04:50 AM
The output of sh track inidcates that ip sla 2 is failing, ie 8.8.8.8 is not reachable so the boolean AND returns false.
When you reconnect Fe0 are you able to ping 8.8.8.8 sourced from that interface?
sh track
ping 8.8.8.8 soure fe0
09-27-2017 06:20 AM
Hy,
so for the ping 8.8.8.8 with fastethernet0
outeur-cisco1811#ping 8.8.8.8 source f routeur-cisco1811#ping 8.8.8.8 source fastEthernet 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 192.168.1.254 .....
and the sh track
routeur-cisco1811#sh track Track 1 IP SLA 1 reachability Reachability is Up 2 changes, last change 02:50:12 Latest operation return code: OK Latest RTT (millisecs) 1 Tracked by: Track-list 3 Track 2 IP SLA 2 reachability Reachability is Down 1 change, last change 02:51:22 Latest operation return code: Timeout Tracked by: Track-list 3 Track 3 List boolean and Boolean AND is Down 1 change, last change 02:51:22 object 1 Up object 2 Down Tracked by: STATIC-IP-ROUTING 0 EEM applet CLEAR_NAT_DOWN EEM applet CLEAR_NAT_UP routeur-cisco1811#
I have done this befor modifying the configuration.
09-27-2017 06:42 AM
The output proves that your ISP1 link is down and the track object preventing the installation of a default route is doing its job.
Does it take a while for your 'fibre box' to sync with the ISP once you reconnect its WAN link?
09-27-2017 07:07 AM
hy,
no it's fast.
Each time i do a test,idon't disconnect wan1 and the fiber supply.
I have looked in my fiberbox and my cisco's address is in static and in a dmz.
09-27-2017 07:12 AM
I thought your steps were:
ISP1(connected) + ISP2(connected) = use ISP1
ISP1(disconnected) + ISP2(connected) = use ISP2
ISP1(disconnected) + ISP2(disconnected) = no route
ISP1(connected) + ISP2(disconnected) = no route
The tracking state and your ping test shows that ISP1 is not providing a route to the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide