Re: cisco 2811 manage routing priority between wan and lan

emanuelevacca · ‎06-14-2013

I'm not an expert on cisco devices, so I will explain my situation in order to allow you to suggest me the best way to proceed:

I have a known working configuration with many sites and one operative center that receives all communications.

The connection OF THE OLD SITE is here detailed:

Now I need to integrate another site. The difference between the old site and the new site is the following:

-old site communicates with the operative center by means of the FE0/1 or by means of an HWIC4T serial interface.

old site automatically switches between the tunnel on the ethernet interface (FE0/1) and the serial channel giving priority to the ethernet tunnel.

-new site will communicate with the operative center by means of the FE0/1 or by means of a transceiver device connected on the FE0/0.

-both new site and old site have a LAN on the FE0/0 where data is generated and sent to the router to be dispached to the best available channel.

The connection of THE NEW SITE is here detailed:

the old site was configured this way:

-i created a tunnel from my cisco2811 to the operative center using the FE0/1, then i added the following:

ip route 192.169.0.2 255.255.255.255 Tunnel1

ip route 192.169.0.2 255.255.255.255 Serial0/0/0 10

the first line means that everything starting from the client directed to 192.169.0.2 it will be sent on the tunnel1.

the second line tries to route the same packets on serial0/0/0 with low priority

On the New site i did the same:

-i created the tunnel form my cisco 2811 to the operative center using the FE0/1, then i added the following:

ip route 192.169.0.2 255.255.255.255 Tunnel1

This works as expected routing the packets to the operative center on the FE0/1.

Now I miss the second part: route packets on the FE0/0 to the ip address 192.168.1.31 WITH LOW PRIORITY like i did on the old site.

I did some tries but no one solves. Which is, in your opinion, the right command to add on the cisco2811 in order to get the equivalent of what i did on the old site ( ip route 192.169.0.2 255.255.255.255 Serial0/0/0 10 ) ?

I hope the question is clear..let me know.

mfurnival · ‎06-14-2013

Emanuele,

I am not sure what you mean by "low priority". The configuration you have got on your old site is an example of a floating static route. What you are saying with the lines:

ip route 192.169.0.2 255.255.255.255 Tunnel1

ip route 192.169.0.2 255.255.255.255 Serial0/0/0 10

is route to 192.169.0.2 via tunnel1 if the interface is up, otherwise route it via S0/0/0.

Traffic will never be routed via the serial interface if the tunnel is up.

Are you sure there is not more to this such as policy based routing or some dynamic routing protocols? Are you able to post the configs?

emanuelevacca · ‎06-14-2013

hi mfurnival,

yes i need what i did: if the tunnel is up i want to use it cause it's the fast channel.

If the tunnel is down due to some wan problem, i want to automatically switch to modem (direct link to the operative center).

in the case of NEW site the modem is replaced by a fiber optic transceiver that is connected on the LAN.

I can even post the configs.. but isn't it clear now?

mfurnival · ‎06-14-2013

Ah OK. Then the command you need on your router is:

ip route 192.169.0.2 255.255.255.255 192.168.1.31 10.

emanuelevacca · ‎06-14-2013

d a m n .. so easy?

I'll do a try.

I'll let you know.

this cause the 192.168.1.x is directly connected to FE0/0..

mfurnival · ‎06-14-2013

Yes - that should be all you need to do - you are just specifying a next-hop rather than an interface for the routing. As long as 192.168.1.31 knows how to get to 192.169.0.2 you should be all good.

emanuelevacca · ‎06-19-2013

Your solution doesn't work.

I suppose there is a misunderstanding: the 192.168.1.31 is a transceiver that acts as client host, not as a router.

This means that the destination ip address of the message arriving to 192.168.1.31 should be 192.168.1.31.

mfurnival · ‎06-19-2013

Sorry but I don't understand what you mean. Can you provide more information about this transceiver thing?

emanuelevacca · ‎06-19-2013

It's easy: Replace the transceiver with a computer with microsoft windows.

mfurnival · ‎06-20-2013

Sorry but that still does not help me. Can you send a link to a the hardware spec of this transceiver device because I really can't visualise what you are talking about? In your "New Site" diagram above you have this transceiver device hanging off the LAN switch so I assume it has an ethernet interface and then some sort of WAN interface. It has to be capable of routing IP packets in order to move traffic to / from this site.

emanuelevacca · ‎06-20-2013

the transceiver is a Cadmos device. It converts the ethernet to v.24.

On V.24 there is no ip information, so this device doesn't route anything. It just convert incoming packets data (packets sent to the transceiver on a specific port) on a serial line.

I repeat: forget this transceiver. replace, on the diagram, this device with a common host personal computer with microsoft windows operative system. If you can send the message to the personal computer, the transceiver will receive it as well.

mfurnival · ‎06-20-2013

OK, let's go through what will happen here.

Your router WAN interface goes down. Your client on the LAN (192.168.1.1) continues to send packets to its default gateway (192.168.1.30). The destination address of the packet is 192.169.0.2. The router will now bounce these packets back to 192.168.1.31. The source address and destination address remain the same (192.168.1.1 <--> 192.169.0.2).

What your device will do with this I don't know but that is what will happen.

I assume that what you are saying is it some kind of ethernet bridge device in which case you might have problems because if it sends the packets across the link it will pop out in the operative centre with a source address of 192.168.1.1 which will be meaningless in that environment.

emanuelevacca · ‎06-20-2013

you wrote "The router will now bounce these packets back to 192.168.1.31. The source address and destination address remain the same (192.168.1.1 <--> 192.169.0.2)".

First of all, this does not happen. By means of a sniffer I can't find this message on the lan switch (it's an old hub). I don't know why.

Moreover, we need to change the destination address, maybe with a NAT, in order to translate the 192.169.0.2 to 192.168.1.31. By this way the message for the transceiver it will become 192.168.1.1 --> 192.168.1.31 and the transceiver, as well as a PC, will be able to receive and process the message.

mfurnival · ‎06-20-2013

Well that is what should happen, why you can't see the packets I don't know. You could try "debug ip packet" on the router when you are in the failover state.

I don't think NAT will work in this situation. First of all how does the router know you are in the failover condition? (i.e. it shouldn't NAT when the primary link is up but it should NAT when it is down?). And even if it did NAT - you would be changing the destination address of the packet to 192.168.1.31 so you would need to NAT it again at the main site to change the destination address back to 192.169.0.2.