Hello,

I am sorry, I don't understand what is not working ? Your failover is based on ICMP (PING) reachability. What if you shut down either one of the interfaces ?

It's my fault,Sorry my English isn't very good, i am french :p 

So i will try to be more understandable.

When i switch off the fiber Box or when i disconnect the network cable which links the Fiber Box and the Cisco router, the fail over works, it balances to the wan2.

But if i let the network cable which links the Fiber Box connected and the Fiber box on, and i cut the Fiber supply, it doesnt balance and i stay in the wan1.

Hi there,

You need to change your ip sla statement to test reachability to an IP on the internet. Ideally this should be your first hop to your ISP, or failing that just use google DNS:

!
ip sla 1
 icmp-echo 8.8.8.8 source-ip 192.168.1.254
!

cheers,

Seb.

Hy thakn you for your help.

So, i've changed :

icmp-echo 192.168.1.1 source-ip 192.168.1.254

for 

icmp-echo 8.8.8.8 source-ip 192.168.1.254

like you suggest me.

So when i disconnect Fiber supply,it balances to my wan2.

But when i connect again the Fiber supply, it stays in wan2.

I have disconnected the wan2, to force  balancing in the wan1.

But my Route doesn't come back in wan1.

Gateway of last resort is not set

C    192.168.9.0/24 is directly connected, Vlan9
C    192.168.1.0/24 is directly connected, FastEthernet0

and when i plug again the the wan2, the route is ok and pass by wan 2.

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

C    192.168.9.0/24 is directly connected, Vlan9
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet1
C    192.168.1.0/24 is directly connected, FastEthernet0
S*   0.0.0.0/0 [10/0] via 10.0.0.1

I have reloaded fiber box and cisco router.

Thanks again for your help

Hy

I have a question please.

Can I put 2 ip sla?

The ip of my Fiber box and that of Google for example. .

And the condition to stay in the wan 1 would be to ping the fiber box and google. And if I haven't the both conditions, it balances to wan?

Thank you for you help

Hi there,

Yes you can using boolean lists:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.html#GUID-BE67A0C1-7166-4D79-A5B4-4AFC0BF8A934

Try this, fresh from notepad :) :

!
ip sla 1
 icmp-echo 192.168.1.1 source-ip 192.168.1.254
!
ip sla 2
 icmp-echo 8.8.8.8 source-ip 192.168.1.254
!
ip sla schedule 1 life forever start-time now
ip sla schedule 2 life forever start-time now
!
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
!
track 3 list boolean and
  object 1
  object 2
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3
!

cheers,

Seb.

Hy,

Thanks again.

I have built-in your code in my configuration.

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname routeur-cisco1811
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 XXXXXX/
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name domoticity.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username domoticity privilege 15 secret 5 XXXXXX
!
!
!
archive
 log config
  hidekeys
!
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
track 3 list boolean and
 object 1
 object 2
!
!
!
interface FastEthernet0
 description Acces principal FTTH
 ip address 192.168.1.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 description Acces secour 3/4G
 ip address 10.0.0.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet2
 switchport access vlan 2
!
interface FastEthernet3
 switchport access vlan 3
!
interface FastEthernet4
 switchport access vlan 4
!
interface FastEthernet5
 switchport access vlan 5
!
interface FastEthernet6
 switchport access vlan 6
!
interface FastEthernet7
 switchport access vlan 7
!
interface FastEthernet8
 switchport access vlan 8
!
interface FastEthernet9
 switchport access vlan 9
!
interface Vlan1
 no ip address
!
interface Vlan2
 description domoticity
 ip address 192.168.2.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan3
 description casa
 ip address 192.168.3.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan4
 description stockage
 ip address 192.168.4.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan5
 description domotique et cameras
 ip address 192.168.5.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan6
 description sentinelle
 ip address 192.168.6.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan7
 description Monotoring surveillance generale
 ip address 10.1.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan8
 description Orange travail
 ip address 192.168.8.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan9
 description Serveurs multimedia
 ip address 192.168.9.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3
ip route 0.0.0.0 0.0.0.0 10.0.0.1 10
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map BACKUP_ISP interface FastEthernet1 overload
ip nat inside source route-map MAIN_ISP interface FastEthernet0 overload
!
ip sla 1
 icmp-echo 192.168.1.1 source-ip 192.168.1.254
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 8.8.8.8 source-ip 192.168.1.254
ip sla schedule 2 life forever start-time now
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 100 permit ip 192.168.6.0 0.0.0.255 any
access-list 100 permit ip 192.168.8.0 0.0.0.255 any
access-list 100 permit ip 192.168.9.0 0.0.0.255 any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
!
!
!
!
route-map BACKUP_ISP permit 10
 match ip address 100
 match interface FastEthernet1
!
route-map MAIN_ISP permit 10
 match ip address 100
 match interface FastEthernet0
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 login local
 transport input ssh
!
event manager applet CLEAR_NAT_DOWN
 event track 1 state down
 action 1.0 cli command "enable"
 action 2.0 cli command "clear ip nat translations forced"
event manager applet CLEAR_NAT_UP
 event track 1 state up
 action 1.0 cli command "enable"
 action 2.0 cli command "clear ip nat translations forced"
!
end

First boot, i have the wans plugged.

And my route goes to the wan2(FE1).

routeur-cisco1811#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

C    192.168.9.0/24 is directly connected, Vlan9
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet1
C    192.168.1.0/24 is directly connected, FastEthernet0
S*   0.0.0.0/0 [10/0] via 10.0.0.1

So i have disconnected the wan2 and no route goes into wan1(Fe0).

routeur-cisco1811#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.9.0/24 is directly connected, Vlan9
C    192.168.1.0/24 is directly connected, FastEthernet0

I don't manage to find what's going wrong.

Thank's for your help 

In the state where the default route doesn't transition back to Fe0, what is the output of sh track ?

routeur-cisco1811#sh track
Track 1
  IP SLA 1 reachability
  Reachability is Up
    2 changes, last change 00:41:20
  Latest operation return code: OK
  Latest RTT (millisecs) 1
  Tracked by:
    Track-list 3
    EEM applet CLEAR_NAT_UP
    EEM applet CLEAR_NAT_DOWN
Track 2
  IP SLA 2 reachability
  Reachability is Down
    1 change, last change 00:42:30
  Latest operation return code: Timeout
  Tracked by:
    Track-list 3
Track 3
  List boolean and
  Boolean AND is Down
    1 change, last change 00:42:30
    object 1 Up
    object 2 Down
  Tracked by:
    STATIC-IP-ROUTING 0
routeur-cisco1811#

this is wha i have with sh track.

The output of sh track inidcates that ip sla 2 is failing, ie 8.8.8.8 is not reachable so the boolean AND returns false.

When you reconnect Fe0 are you able to ping 8.8.8.8 sourced from that interface?

sh track

ping 8.8.8.8 soure fe0

Hy,

so for the ping 8.8.8.8 with fastethernet0

outeur-cisco1811#ping 8.8.8.8 source f
routeur-cisco1811#ping 8.8.8.8 source fastEthernet 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.254
.....

and the sh track

routeur-cisco1811#sh track
Track 1
  IP SLA 1 reachability
  Reachability is Up
    2 changes, last change 02:50:12
  Latest operation return code: OK
  Latest RTT (millisecs) 1
  Tracked by:
    Track-list 3
Track 2
  IP SLA 2 reachability
  Reachability is Down
    1 change, last change 02:51:22
  Latest operation return code: Timeout
  Tracked by:
    Track-list 3
Track 3
  List boolean and
  Boolean AND is Down
    1 change, last change 02:51:22
    object 1 Up
    object 2 Down
  Tracked by:
    STATIC-IP-ROUTING 0
    EEM applet CLEAR_NAT_DOWN
    EEM applet CLEAR_NAT_UP
routeur-cisco1811#

I have done this befor modifying the configuration.

The output proves that your ISP1 link is down and the track object preventing the installation of a default route is doing its job.

Does it take a while for your 'fibre box' to sync with the ISP once you reconnect its WAN link?

hy,

no it's fast.

Each time i do a test,idon't disconnect wan1 and the fiber supply.

I have looked in my fiberbox and my cisco's address is in static and in a dmz.

I thought your steps were:

ISP1(connected) + ISP2(connected) = use ISP1

ISP1(disconnected) + ISP2(connected) = use ISP2

ISP1(disconnected) + ISP2(disconnected) = no route

ISP1(connected) + ISP2(disconnected) = no route

The tracking state and your ping test shows that ISP1 is not providing a route to the internet.