cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
867
Views
4
Helpful
3
Replies

CISCO 800 - dual WAN switching using IP SLA, PBR or custom routing

rivantsiv
Level 1
Level 1

We have a CISCO 800 series connected to 2 WAN channels, and 2 VLANs. The idea is to have VLAN1 always use WAN1 channel, and VLAN2 use WAN2 channel, but in case of connectivity failure switch to a working channel. Important to say that both WANs use DHCP-assigned IP addresses, so it's not possible to determine next-hop IP address etc.. Default gateways can change from time to time.

I got some problems with realizing this and will greatly appreciate your help:

First some config:

interface FastEthernet8   <---- WAN 2
 ip address dhcp 
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!


interface GigabitEthernet0 <----- WAN 1
 ip address dhcp 
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!

interface Vlan1 <---------- VLAN 1
 description LAN interface
 ip address 192.168.244.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map VLAN1LAN
!


interface Vlan2 <------- VLAN 2
 ip address 192.168.243.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map VLAN2LAN
!

 

Here are the route-maps and access-lists:

ip access-list extended LAN1
 permit ip 192.168.244.0 0.0.0.255 any

!

ip access-list extended LAN2
 permit ip 192.168.243.0 0.0.0.255 any

!

route-map VLAN2LAN permit 10

 match ip address LAN2
 set interface FastEthernet8
!

route-map VLAN1LAN permit 10

 match ip address LAN1
 set interface GigabitEthernet0
!

 

Also have this for NAT:

route-map VLAN1NAT permit 10
 match interface GigabitEthernet0
!

route-map VLAN2NAT permit 10
 match interface FastEthernet8
!

ip nat inside source route-map VLAN1NAT interface GigabitEthernet0 overload
ip nat inside source route-map VLAN2NAT interface FastEthernet8 overload

 

This configuration works (VLAN1 <--nat---> WAN1 and VLAN2 <---nat---> WAN2) but does not solve the problem of channel breakdown switch.

So I implemented some sla and tracks:

track 10 ip sla 1 reachability
 delay down 20 up 20
!
track 20 ip sla 2 reachability
 delay down 20 up 20
!

ip sla 1
 icmp-echo X.X.X.X source-interface GigabitEthernet0
 threshold 500
 timeout 500
 frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo Y.Y.Y.Y source-interface FastEthernet8
 threshold 500
 timeout 500
 frequency 5
ip sla schedule 2 life forever start-time now 

 

This all works (tracks show channel availabiility), but now how do I apply these tracks to PBRs. Since I do not use

next-hop, and use set interface there is no option to set a track. I would like to do smth like this:

 

route-map VLAN2LAN permit 10 <---- high priority

 match ip address LAN2
 set interface FastEthernet8 track 2
!

route-map VLAN2LAN permit 30  <---- used when track 2 fails

 match ip address LAN2
 set interface GigabitEthernet0 track 1
!

 

 

 

 

 

1 Accepted Solution

Accepted Solutions

e.ciollaro
Level 4
Level 4

Why don't you use EEM ? Something like this would to the job:

 

event manager applet DW
 event track 10 state down
 action 1.0 cli command "enable"
 action 1.1 cli command "cisco"
 action 1.2 cli command "conf t"
 action 1.3 cli command "route-map PBR per 10"
 action 1.4 cli command "set interface FastEthernet8"
 action 1.5 cli command "no set interface GigabitEthernet0"

event manager applet UP

  event track 10 state up
 action 1.0 cli command "enable"
 action 1.1 cli command "cisco"
 action 1.2 cli command "conf t"
 action 1.3 cli command "route-map PBR per 10"
 action 1.4 cli command "set set interface GigabitEthernet0"
 action 1.5 cli command "no set interface FastEthernet8"

 

Bye,

e

 

Please rate if useful

View solution in original post

3 Replies 3

e.ciollaro
Level 4
Level 4

Why don't you use EEM ? Something like this would to the job:

 

event manager applet DW
 event track 10 state down
 action 1.0 cli command "enable"
 action 1.1 cli command "cisco"
 action 1.2 cli command "conf t"
 action 1.3 cli command "route-map PBR per 10"
 action 1.4 cli command "set interface FastEthernet8"
 action 1.5 cli command "no set interface GigabitEthernet0"

event manager applet UP

  event track 10 state up
 action 1.0 cli command "enable"
 action 1.1 cli command "cisco"
 action 1.2 cli command "conf t"
 action 1.3 cli command "route-map PBR per 10"
 action 1.4 cli command "set set interface GigabitEthernet0"
 action 1.5 cli command "no set interface FastEthernet8"

 

Bye,

e

 

Please rate if useful

Thank you. EEM was exactly the tool I was missing.

Btw, is it necessary to pass password (action 1.1 cli command "cisco") all the time?

For info, we don't use any AAA on our cisco, so I usually login with admin/pass, do "conf t" and make changes.

I tried with GNS3: applet starts in user mode so you have to switch in privileged mode. If privileged mode is password protected you have to enter the pwd.

 

enrico

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco