Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
4
Replies

Cisco 1921 (IP SLA + PBR + 3xWAN + FailOver)

George Rizk
Level 1
Level 1

‎12-21-2015 06:44 PM - edited ‎03-05-2019 02:59 AM

Hi Cisco Support,

Got a beauty here would love you to look at. I have the following configuration which takes advantage of the new "MATCH TRACK" feature in ROUTE-MAP. This feature from what I understand is meant to only use the ROUTE-MAP if the MATCH TRACK returns True. The issue I am having is the MATCH TRACK appears to not be working. I have double checked the IP SLA and it's working properly.

Please let me know if there is anything wrong in my config. What I am trying to acheive is this:

VOIP ROUTE-MAP = Use GigabitEthernet0/0 Internet connection as default and fall back to Dialer1 if GigabitEthernet0/0 is not working
GENERAL ROUTE-MAP = Use Dialer0 as default and fall back to GigabitEthernet0/0 if Dialer0 is not working
GENERAL-EPO ROUTE-MAP = Use Dialer1 as default and fallback to GigabitEthernet0/0 if Dialer1 is not working


Note that I am using the support IOS software release for the new "MATCH TRACK" feature.

Here is the MATCH TRACK Cisco article which doesn't really give too much away.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/15-mt/iri-15-mt-book/iri-pbr-match-track-object.html

Am using Cisco IOS software 15.4(3)M

no ip domain-lookup
ip domain-name DOMAIN.LOCAL

ip sla 1
icmp-echo 192.231.203.132 source-interface Dialer0
timeout 2000
frequency 5
ip sla schedule 1 life forever start-time now

ip sla 2
icmp-echo 192.231.203.3 source-interface Dialer1
timeout 2000
frequency 5
ip sla schedule 2 life forever start-time now

ip sla 3
icmp-echo 192.189.54.17 source-interface GigabitEthernet0/0
timeout 2000
frequency 5
ip sla schedule 3 life forever start-time now

track 10 ip sla 1 reachability
delay down 2 up 2
!
track 20 ip sla 2 reachability
delay down 2 up 2
!
track 30 ip sla 3 reachability
delay down 2 up 2
!
bridge irb
ip cef
!
spanning-tree mode pvst
interface GigabitEthernet0/0
 Description AAPT
 ip address 10.0.0.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 no shutdown
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 no shutdown
!
interface GigabitEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 192.168.0.254 255.255.255.0
 ip helper-address 192.168.0.10
 ip nat inside
 ip flow ingress
 ip flow egress
 ip tcp adjust-mss 1412
 ip virtual-reassembly
 ip policy route-map GENERAL
 no shutdown

!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 7
 ip flow ingress
 ip virtual-reassembly
 ip address 192.168.7.254 255.255.255.0
 ip helper-address 192.168.0.10
 ip nat inside
 ip tcp adjust-mss 1412
 ip policy route-map GENERAL-EPO
 no shutdown
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 100
 ip address 192.168.100.254 255.255.255.0
 ip helper-address 192.168.0.10
 ip nat inside
 ip flow ingress
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 ip policy route-map VOIP
 no shutdown
!
interface ATM0/0/0
 description INT1
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
 encapsulation aal5mux ppp dialer
 dialer pool-member 1
!
interface ATM0/1/0
 description INT2
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
 encapsulation aal5mux ppp dialer
  dialer pool-member 2
!
interface Dialer0
 bandwidth inherit
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp header-compression iphc-format
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp chap hostname username
 ppp chap password 0 password
 ppp pap sent-username username password 0 password
 ppp ipcp dns request
 ppp ipcp address accept
 no cdp enable
 ip rtp header-compression iphc-format
!
interface Dialer1
 bandwidth inherit
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp header-compression iphc-format
 ip tcp adjust-mss 1452
 dialer pool 2
 dialer idle-timeout 0
 dialer-group 2
 ppp chap hostname username
 ppp chap password 0 password
 ppp pap sent-username username password 0 password
 ppp ipcp dns request
 ppp ipcp address accept
 no cdp enable
 ip rtp header-compression iphc-format
!
no ip nat service sip udp port 5060
ip nat inside source route-map INT1 interface Dialer0 overload
ip nat inside source route-map INT2 interface Dialer1 overload
ip nat inside source route-map INT3 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.0.10 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.0.10 25480 interface Dialer0 25480
ip nat inside source static tcp 192.168.0.30 443 interface Dialer0 25443
ip route 192.231.203.132 255.255.255.255 Dialer0
ip route 192.231.203.3 255.255.255.255 Dialer1
ip route 192.189.54.17 255.255.255.255 10.0.0.1
ip route 0.0.0.0 0.0.0.0 Dialer0 track 10
ip route 0.0.0.0 0.0.0.0 Dialer1 track 20
ip route 0.0.0.0 0.0.0.0 10.0.0.1 track 30
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source GigabitEthernet0/1.1
ip flow-export version 5
ip flow-export destination 192.168.0.10 29996
!
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 11 permit 192.168.7.0 0.0.0.255
access-list 12 permit 192.168.100.0 0.0.0.255
access-list 100 remark (Access List for Default VLAN1)
access-list 100 permit gre 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 remark (Access List for Default VLAN7)
access-list 101 permit gre 192.168.7.0 0.0.0.255 any
access-list 101 permit ip 192.168.7.0 0.0.0.255 any
access-list 102 remark (Access List for Default VLAN100)
access-list 102 permit ip 192.168.100.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map VOIP permit 10
 match ip address 102
 match track 30
 set interface GigabitEthernet0/0
!
route-map VOIP permit 20
 match ip address 102
 match track 20
 set interface Dialer1
!
route-map GENERAL permit 10
 match ip address 100
 match track 10
 set interface Dialer0
!
route-map GENERAL permit 20
 match ip address 100
 match track 30
 set interface GigabitEthernet0/0
!
route-map GENERAL-EPO permit 10
 match ip address 101
 match track 20
 set interface Dialer1
!
route-map GENERAL-EPO permit 20
 match ip address 101
 match track 30
 set interface GigabitEthernet0/0
!
route-map INT1 permit 10
match ip address 10
match interface Dialer0
!
route-map INT2 permit 10
match ip address 11
match interface Dialer1
!
route-map INT3 permit 10
match ip address 12
match interface GigabitEthernet0/0
!


bridge 1 protocol ieee
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 23 in
 privilege level 15
 login
 transport input all
 transport output all
!
!
!
end
Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎12-22-2015 08:15 PM

What happens if you change:

set interface Gigabit0/0

to:

set ip next-hop a.b.c.d

0 Helpful

George Rizk
Level 1
Level 1
In response to Philip D'Ath

‎12-22-2015 09:12 PM

That's not possible as ISP does not provide a static next hop.

Need this to work with "Set Interface"

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to George Rizk

‎12-22-2015 09:39 PM

I just spotted you are using the start of a maintenance train, 15.4(3)M.  Can you change to 15.4(3)M4 ?

0 Helpful

George Rizk
Level 1
Level 1
In response to Philip D'Ath

‎12-22-2015 09:53 PM

Will give it a shot. Let you know how it goes. Many thanks P Dath.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card