cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2062
Views
15
Helpful
33
Replies

Cisco 2800 ADSL Failover

parmstrong5
Level 1
Level 1

Hi, am having trouble trying to setup a 2800 series router as a failover device (please bear in mind that I am fairly new to IOS).

The device has two ADSL modules installed which will be used as a direct connection to the ADSL lines rather than go through a seperate modem.

I am looking for the config so I am able to connect to either connection and should the primary connection fail the secondary connect takes over.

I have been trying to configure this on and off for a while however am struggling even to get the router to successfully connect to the ISP.                

33 Replies 33

paolo bevilacqua
Hall of Fame
Hall of Fame

Often asked had you searched before asking.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

Firts have that working , then you can move to the redundacy part, that is often asked here as well.

Note IOS is not easy and not apt for beginners, better would be if youse an RV series routers.

Paolo,

I am happy to help the gentleman to get it working even though the topic has been discussed here several times.

Best regards,

Peter

Peter Paluch wrote:

Paolo,

I am happy to help the gentleman to get it working even though the topic has been discussed here several times.

Best regards,

Peter

No problem, but is worth for anyone to know that the matter is the subject already of many great documents and answers.

Hi Paolo,

No doubt about that.

It's just that we - as people representing the CSC and all its expertise, courtesy and willingness to help others by which it is considered one of the finest voluntary forums around - should not fall back to RTFM kind of answers, though sometimes it really looks like we are. No one is helped by that approach.

If there are documents that already cover the topic being discussed, let's have them quoted, absolutely. But let's not try to stop the discussion entirely just because any of us does not feel comfortable answering it. Lots of other people here have gained their great reputation by answering exactly those little repetitive tidbits we are already tired of responding to, and they have helped others immensely. That's why - and the only why - CSC is here.

Best regards,

Peter

Well said Peter - we were all novices once. And we have all known people along our journey who have taken the time and effort to explain complex things to us and we remember and appreciate those people.

Peter Paluch
Cisco Employee
Cisco Employee

Hello Phil,

Let's continue here so that the indented threading does not limit the available space for answers.

Your current output looks good! According to the output, both your ADSL connections are up and running and they have received an IP address! Congratulations so far!

Please try these pings:

ping 81.139.64.1

ping  88.104.224.1

Both of them should be successful - these are the IP addresses of the ISP. If that works, try pinging 4.2.2.2 or 8.8.8.8 - they should be successful as well.

If you can not access internet from your host please double check its IP settings. In fact, I recall we have not configured any DNS server in the DHCP pool on your router, so your PC is probably unable to ping or contact any domain names, but it should be capable of pinging all IP addresses suggested here so far! Can you test this?

If pinging IP addresses from the PC works, just please go to your router's configuration, enter the DHCP pool configuration and add the following line:

import all

This will cause your router to ask the ISP via PPP/IPCP for various IP settings including the addresses of DNS servers, and add them to the DHCP pool dynamically. After you do this, shutdown and reactivate both Dialer interfaces (this is necessary as we need to renegotiate IP settings with your ISP and request DNS server addresses along with it), and then, do ipconfig /release and ipconfig /renew on your PC. Then try pinging valid hostnames from your PC.

Let me know.

Best regards,

Peter

will test it out tomorrow morning,

dialer interfaces shutdown/ reactivate is there a renew/ reload option for this is or is it a case of opening up the config for each to force the chances?

Hello Phil,

You have to specifically enter the Dialer1 and Dialer2 interface configuration and shutdown / no shutdown them. I do not know any command outside the configuration mode that would "cycle" the interfaces.

Best regards,

Peter

Right tested it this morning and was able to ping both ISP Gateway addresses and 4.2.2.2 / 8.8.8.8 successfully.

shutdown/ no shudown cycled the dialers and release ip settings of the laptop I was using, was still unable to ping any url or url's ip address though can do so through the router itself (ping IP addresses via console).

any thoughts

Hello Phil,

At this moment I need to see your complete running-config. Please capture show running-config output and post it here. Remove sensitive information such as passwords but otherwise, keep it intact.

Best regards,

Peter

Fresh running config from this morning after going through the dchp pool import process and cycling dialers shutdown\no shutdown

Hi Phil,

Your configuration is almost correct - it's just that you have inadvertently mixed uppercase and lowercase when editing the DHCP pools. Their names are case sensitive, and you have inadvertently created another DHCP pool.

Simply enter the following commands into your configure terminal mode:

no ip dhcp pool lan1

ip dhcp pool LAN1

  dns-server 4.2.2.2

  end

Then do the usual ipconfig /release and ipconfig /renew on your PC and try accessing internet again. If this does not work please issue the following command on the PC and post the results here:

tracert -d 158.193.138.7

I am interested to see where the traceroute stops.

Best regards,

Peter

Hello Phil,

Based on your description, I understand that you have two ADSL connections and you need configurations to set-up the PPPOA connections and also would like to have a fail-over functionality between these two WAN connections.

Please find the below set of configurations that can help you set this up,

1. Sample configuration to set-up the PPPOA connection,

a.       Configure Ingress (LAN) interface:

Router(config)#interface Gig 0/0 (Any Ethernet/LAN facing port)

Router(config-if)#description internal interface

Router(config-if)#ip address x.x.x.x  x.x.x.x

Router(config-if)#ip nat inside

Router(config-if)#no shut

b.  Configure Egress(WAN) interface:

Router(config)#interface ATM0

Router(config-if)#no ip address

Router(config-if)#no shut

Router(config-if)#no atm ilmi-keepalive

Router(config-if)#dsl operating-mode auto

Router(config)#interface ATM0.1 point-to-point

Router(config-subif)#pvc 0/38

Router(config-if-atm-vc)# encapsulation aal5mux ppp dialer

Router(config-if-atm-vc)# dialer pool-member 1

Router(config-if-atm-vc)# exit


c.  Configure Dialer interface:

Router(Config)#interface dialer1

Router(Config)#ip address negotiated

Router(Config)#ip mtu 1492

Router(Config)#ip nat outside

Router(Config)#encapsulation ppp

Router(Config)#dialer pool 1

Router(Config)#dialer-group 1

Router(Config)#ppp authentication chap pap callin

Router(Config)#ppp chap hostname xxxxx

Router(Config)#ppp chap password xxxxx

Router(Config)#end

Follow the same steps for the Second ADSL port as well but ensure you create another Dialer interface (Dialer 2) and also ensure to use "dialer pool-member 2" under ATM interface and "dialer pool 2" under the new Dialer 2 interface.

2. NAT configurations for DUAL-WAN set-up:

a. Create an Access-list permitting the LAN subnet intending to access the internet,

access-list extended 101

permit ip 10.10.0.0 0.0.0.255 any (for example 10.10.0.0/24 is considered as LAN subnet).

b. Create Route-maps,

route-map PRIMARY_WAN permit 10

match ip address 101

set interface Dialer 1

route-map SECONDARY_WAN permit 20

match ip address 101

set interface Dialer 2

c. Configure the NAT statement,

ip nat inside source route-map PRIMARY_WAN interface Dialer 1 overload

ip nat inside source route-map SECONDARY_WAN interface Dialer 2 overload

Make sure to add "ip nat inside" and "ip nat outside" on the Ingress and the Egress interfaces respectively.

3. WAN failover functionality (IP SLA),

(config)#ip sla 1

(config-ip-sla)#icmp-echo 4.2.2.2 source-interface Dialer 1

(config-ip-sla)#exit

(config)#track 1 ip sla 1 reachability

(config-track)#exit

(config)#ip sla schedule 1 life forever start-time now

Create default route statements and a permanent static route to reach 4.2.2.2,

ip route 0.0.0.0 0.0.0.0 Dialer 1 track 1

ip route 0.0.0.0 0.0.0.0 Dialer 2 100

ip route 4.2.2.2 255.255.255.255 Dialer 1 permanent.

Try these configurations and let me know how it goes

Cheers,

Mithun


Hello Mithun,

Thank you for joining and for your willingness to help  Phil!

I would like to kindly ask you for more observance of what has been accomplished in this thread so far before posting. Notice that we have already created a configuration for connectivity via both ADSL links, so  posting another configuration that does not perfectly align with Phil's current  configuration can cause confusions. Except for IP SLA which we have not yet implemented as we want first to have well working basic connectivity and only then proceed towards configuring the IP SLA-driven redundancy, Phil's current configuration already contains everything you have suggested.

Going over your suggested configuration, I see commands that pop up in many similar configuration templates and are not entirely correct. You may want to update or remove these commands from your templates:

  1. The ip mtu 1492 command on Dialer interface is not required for PPPoA and should be removed. As there is no intermediate Ethernet encapsulation in PPPoA (as opposed to PPPoE), the encapsulation is directly IP to PPP to AAL5. The maximum size of AAL5 SDU is somewhere around 64 KiB, well above the total size of reasonable IP+PPP datagrams.
  2. The dialer-group 1 command on Dialer interface is not required for PPPoA or PPPoE deployments and should be removed. This command refers to a so-called dialer list (not created in your configuration) that defines the "interesting traffic" that was allowed to make a dial or keep the dial alive, and was used with analog modems and ISDN dialup solutions. DSL is an always-on technology, however, and the concept of interesting traffic has no meaning.
  3. The ppp authentication pap chap callin command on Dialer interface is not required for PPPoA or PPPoE deployments and should be removed. Essentially, it defines that this router will require the opposite PPP endpoint (i.e. the ISP) to authenticate if it calls into this router. However, the DSL connection is always considered as an outgoing (callout) direction and this command will never have an effect. In addition, for a dialup client, requiring an ISP to authenticate is an incorrect direction of authentication which usually fails (the client authenticates to ISP, not vice versa), so if by any chance this command actually had an effect, it would most probably cause the connectivity to fail since ISPs are not configured to authenticate to their clients. I had an extensive discussion about this issue in this thread.

Best regards,

Peter


Hello Peter,

I think I missed the long history of steps that were suggested here and I just wanted to provide the config Phil was looking to realize the set-up.

Sorry for any inconvenience caused.

I agree with your views on the above 3 commands, but I can assure you those would not cause any harm to the set-up either.

Cheers,

Mithun

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: