06-25-2015 12:22 AM - edited 03-05-2019 01:45 AM
We have a CISCO 800 series connected to 2 WAN channels, and 2 VLANs. The idea is to have VLAN1 always use WAN1 channel, and VLAN2 use WAN2 channel, but in case of connectivity failure switch to a working channel. Important to say that both WANs use DHCP-assigned IP addresses, so it's not possible to determine next-hop IP address etc.. Default gateways can change from time to time.
I got some problems with realizing this and will greatly appreciate your help:
First some config:
interface FastEthernet8 <---- WAN 2
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0 <----- WAN 1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1 <---------- VLAN 1
description LAN interface
ip address 192.168.244.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map VLAN1LAN
!
interface Vlan2 <------- VLAN 2
ip address 192.168.243.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map VLAN2LAN
!
Here are the route-maps and access-lists:
ip access-list extended LAN1
permit ip 192.168.244.0 0.0.0.255 any
!
ip access-list extended LAN2
permit ip 192.168.243.0 0.0.0.255 any
!
route-map VLAN2LAN permit 10
match ip address LAN2
set interface FastEthernet8
!
route-map VLAN1LAN permit 10
match ip address LAN1
set interface GigabitEthernet0
!
Also have this for NAT:
route-map VLAN1NAT permit 10
match interface GigabitEthernet0
!
route-map VLAN2NAT permit 10
match interface FastEthernet8
!
ip nat inside source route-map VLAN1NAT interface GigabitEthernet0 overload
ip nat inside source route-map VLAN2NAT interface FastEthernet8 overload
This configuration works (VLAN1 <--nat---> WAN1 and VLAN2 <---nat---> WAN2) but does not solve the problem of channel breakdown switch.
So I implemented some sla and tracks:
track 10 ip sla 1 reachability
delay down 20 up 20
!
track 20 ip sla 2 reachability
delay down 20 up 20
!
ip sla 1
icmp-echo X.X.X.X source-interface GigabitEthernet0
threshold 500
timeout 500
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo Y.Y.Y.Y source-interface FastEthernet8
threshold 500
timeout 500
frequency 5
ip sla schedule 2 life forever start-time now
This all works (tracks show channel availabiility), but now how do I apply these tracks to PBRs. Since I do not use
next-hop, and use set interface there is no option to set a track. I would like to do smth like this:
route-map VLAN2LAN permit 10 <---- high priority
match ip address LAN2
set interface FastEthernet8 track 2
!
route-map VLAN2LAN permit 30 <---- used when track 2 fails
match ip address LAN2
set interface GigabitEthernet0 track 1
!
Solved! Go to Solution.
06-25-2015 04:16 AM
Why don't you use EEM ? Something like this would to the job:
event manager applet DW
event track 10 state down
action 1.0 cli command "enable"
action 1.1 cli command "cisco"
action 1.2 cli command "conf t"
action 1.3 cli command "route-map PBR per 10"
action 1.4 cli command "set interface FastEthernet8"
action 1.5 cli command "no set interface GigabitEthernet0"
event manager applet UP
event track 10 state up
action 1.0 cli command "enable"
action 1.1 cli command "cisco"
action 1.2 cli command "conf t"
action 1.3 cli command "route-map PBR per 10"
action 1.4 cli command "set set interface GigabitEthernet0"
action 1.5 cli command "no set interface FastEthernet8"
Bye,
e
Please rate if useful
06-25-2015 04:16 AM
Why don't you use EEM ? Something like this would to the job:
event manager applet DW
event track 10 state down
action 1.0 cli command "enable"
action 1.1 cli command "cisco"
action 1.2 cli command "conf t"
action 1.3 cli command "route-map PBR per 10"
action 1.4 cli command "set interface FastEthernet8"
action 1.5 cli command "no set interface GigabitEthernet0"
event manager applet UP
event track 10 state up
action 1.0 cli command "enable"
action 1.1 cli command "cisco"
action 1.2 cli command "conf t"
action 1.3 cli command "route-map PBR per 10"
action 1.4 cli command "set set interface GigabitEthernet0"
action 1.5 cli command "no set interface FastEthernet8"
Bye,
e
Please rate if useful
06-26-2015 12:17 AM
Thank you. EEM was exactly the tool I was missing.
Btw, is it necessary to pass password (action 1.1 cli command "cisco") all the time?
For info, we don't use any AAA on our cisco, so I usually login with admin/pass, do "conf t" and make changes.
06-26-2015 02:07 AM
I tried with GNS3: applet starts in user mode so you have to switch in privileged mode. If privileged mode is password protected you have to enter the pwd.
enrico
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: