Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5769
Views
0
Helpful
2
Replies

Cisco 2921 - Dual WAN ISP failover

dbreveard1
Level 1
Level 1

‎02-20-2013 02:03 PM - edited ‎03-04-2019 07:05 PM

I have a Cisco 2921 router with 3 ethernet interfaces. E0/0 is has just been setup to commuicate on secondary ISP.

E0/1 is configured as the interface that connects to my firewall.

E0/2 is setup as my default route and all traffic goest out this interface.

I'd like to be able to keep the traffic flowing out of interface e0/2, but make sure that when it fails traffic flows out of e0/0. Once the line has been restored, I'd like for traffic to be restored to the primary link. I have attached a copy of my running config to this email.

Building configuration...

Current configuration : 4860 bytes

!

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

!

!

ip domain name yourdomain.com

ip name-server 8.8.8.8

ip name-server 4.2.2.2

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

!

!

!

username ***** privilege 15 secret * ******************************

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description ISP Interface #2

ip address 192.x.x.195 255.255.x.x

ip access-group 100 in

ip access-group 100 out

duplex auto

speed auto

!

interface GigabitEthernet0/1

description ISP Interface #1

ip address 50.x.x.254 255.255.x.x

ip access-group 100 in

ip access-group 100 out

duplex auto

speed auto

!

interface GigabitEthernet0/2

description Inside WAN Interface

ip address 50.x.x.82 255.255.x.x

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-top-talkers

top 15

sort-by bytes

!

ip nat inside source list test interface GigabitEthernet0/2 overload

ip route 0.0.0.0 0.0.0.0 50.x.x.81

!

ip access-list extended test

permit ip 0.0.0.0 255.255.255.0 any

permit ip any any

!

access-list 100 permit ip any any

access-list 100 permit icmp any any echo

access-list 100 permit icmp any any echo-reply

!

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
2 Replies 2

blau grana
Level 7
Level 7

‎02-25-2013 05:16 AM

Hi

Best way to accomplish failover is to use dynamic routing protocol, I assume that you do not run any routing protocol with your ISP, so your only choice is using static routes.

Problem with static routes is that even if link is not working, interface status can stay up/up, so routing entry via that link will stay in routing table but all traffic will be blackholed.

I would suggest to use IP SLA with tracking, recently there were some threads with this issue so if you l you search in history, you will find some.

Basic config:

no ip route 0.0.0.0 0.0.0.0 50.x.x.81


ip sla 1

 icmp-echo 50.x.x.81




ip sla schedule 1 start-time now life forever
track 1 ip sla 2 state


ip route 0.0.0.0 0.0.0.0 50.x.x.81 track 1

ip route 0.0.0.0 0.0.0.0 192.x.x.19X 250

This will track if primary link is working, if not, default route via ISP2 is used.

Best Regards

Please rate helpful posts

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

jawad-mukhtar
Level 4
Level 4
In response to blau grana

‎02-25-2013 05:56 AM

  • Here is Sample Config

track 1 rtr 1

ip sla 1

icmp-echo (Next Hope IP of ISP1) source-interface interface GigabitEthernet0/1

ip sla schedule 1 life forever start-time now

track 2 rtr 2

ip sla 2

icmp-echo (Next Hope IP of ISP2) source-interface interface GigabitEthernet0/2

ip sla schedule 2 life forever start-time now

ip route 0.0.0.0.0 0.0.0.0 (Next Hope IP of ISP1) track 1

ip route 0.0.0.0.0 0.0.0.0 (Next Hope IP of ISP2) 2 track 2



ip nat inside source list test interface GigabitEthernet0/1 overload
ip nat inside source list test interface GigabitEthernet0/2 overload
**Do Rate All Helpful Posts**

					
				
			
			
				

	Jawad


			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		
			        

		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents