Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
7
Replies

Cisco 819 Wan-Fail Over using DNS lookup

plussier1
Level 1
Level 1

‎01-12-2017 08:36 PM - edited ‎03-05-2019 07:50 AM

I there a way to configure the Cisco 819 to Switch between primary WAN-1 interface GigabitEthernet 0 and Backup WAN-2 on cellular 0 interface ?

On this router I use EIGRP Tunnel and Ip-Sec tunnel too.

I tried IP-SLA but doesn't work at 100% at the moment.

track 1 ip sla 1 reachability

ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0
timeout 6000
frequency 10
ip sla schedule 1 life forever start-time now

ip route 0.0.0.0 0.0.0.0 192.168.37.1 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0 5

Exemple WAN-1 Up

Track 1
IP SLA 1 reachability
Reachability is Up
4 changes, last change 00:00:18
Latest operation return code: OK
Latest RTT (millisecs) 23
Tracked by:
Static IP Routing 0

Exemple Wan-1 Still Up but no Internet Access

*Jan 13 04:22:11.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:22:16.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:22:31.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:22:36.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:22:51.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:22:56.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:23:11.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:23:16.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:23:31.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:23:36.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:23:51.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:23:56.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:24:11.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:24:16.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:24:31.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:24:36.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:24:51.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:24:56.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:25:11.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:25:16.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:25:31.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:25:36.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:25:51.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jan 13 04:25:56.707: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Jan 13 04:26:11.707: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down

etc.......

It's look like that the icmp-echo 8.8.8.8 source-interface GigabitEthernet0 pass also by the interface cellular 0, that why Goes UP-DOWN non stop

What is the way to correct that ?

Here is the Route-Map config on the router

ip nat inside source route-map NAT-WAN1 interface GigabitEthernet0 overload
ip nat inside source route-map NAT-WAN2 interface Cellular0 overload
ip route 0.0.0.0 0.0.0.0 192.168.37.1 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0 5

route-map NAT-WAN2 permit 10
match ip address NAT
match interface Cellular0
!
route-map NAT-WAN1 permit 10
match ip address NAT
match interface GigabitEthernet0

ip access-list extended NAT
deny ip 172.16.5.0 0.0.0.255 172.16.1.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.50.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.51.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.52.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.53.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.55.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.56.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.57.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.58.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.59.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.60.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.62.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.63.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.81.0 0.0.0.255
deny ip 192.168.54.0 0.0.0.255 192.168.82.0 0.0.0.255
permit ip 172.16.5.0 0.0.0.255 any
permit ip 172.18.5.0 0.0.0.255 any
permit ip 192.168.37.0 0.0.0.255 any
permit ip 192.168.54.0 0.0.0.255 any

Thank You !

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎01-13-2017 01:30 AM

Hello,

post the full config. Are you excluding the NAT traffic from the traffic that goes over the tunnel ?

0 Helpful

plussier1
Level 1
Level 1
In response to Georg Pauwen

‎01-14-2017 11:18 AM

Hi,

Please see the attached File. This is the full config of my Router.

All Tunnel is Working, the issues is with IP SLA to ping DNS 8.8.8.8 to enbale WAN Failover between Primary ISP WAN-1 and backup ISP WAN-2.

Let me know !

Thank You !

Have a good day !

Preview file
14 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to plussier1

‎01-14-2017 12:50 PM

Hello,

thanks for the config. My first thought is that the tunnel delays on the tunnels using the cellular interface as the source should be higher than the delays configured on the interfaces using the GigabitEthernet as the source. Try to change the delays as below:

interface Tunnel21
 delay 100

interface Tunnel22
 delay 150

interface Tunnel23
 delay 200

interface Tunnel24
 delay 250

0 Helpful

plussier1
Level 1
Level 1
In response to Georg Pauwen

‎01-19-2017 06:25 AM

Hi

I did all the modification that you post but unfortunately Still does the same thing. When to Router pass to the Backup ISP on WAN-2 the IP SLA State goes Up and Down non Stop.

 

I did some other test and I think that I find how to correct the issues, but I’m not sure if it's a good way to do it works.

 

1) First I remove the permit ip 192.168.37.0 0.0.0.255 any from the ip access-list extended NAT

2) Second I created a permanent Route for the DNS 216.146.35.35 That I have chosen to use instead of 8.8.8.8

ip route 216.146.35.35 255.255.255.255 dhcp permanent

Now it's working but the only thing Is that the DNS 216.146.35.35 is not reachable from the backup interface WAN-2, but I did not use this address like DNS on Computer and other device on the network. I always use 8.8.8.8

I have an other question about IP SLA command

ip sla 1
icmp-echo 216.146.35.35 source-interface GigabitEthernet0
timeout 6000
frequency 10
ip sla schedule 1 life forever start-time now

How many ping the SP SLA command send before considering a DOWN State ?

If only one ping have a Time Out of more then 6000ms, is the IP SLA will goes on DOWN State ?

or they analyze more that one ping ?

example

1- icmp-echo 216.146.35.35 source-interface GigabitEthernet0 Timeout 2000ms OK

10Sec. delay

2-  icmp-echo 216.146.35.35 source-interface GigabitEthernet0 Timeout 8000ms Bad

10Sec. delay

3-  icmp-echo 216.146.35.35 source-interface GigabitEthernet0 Timeout 2000ms OK

Is in this case because only one ping get more that 6000ms is the track 1 ip sla 1 reachability will goes Down ?

If the answer is Yes,

Is there a way to analyse more than one ping before the track 1 ip sla 1 reachability will goes Down ?

Thank you again for your help.

Patrick

0 Helpful

Georg Pauwen
VIP
VIP
In response to plussier1

‎01-19-2017 08:55 AM

Hello Patrick,

I took a look at your original configuration, and I wonder if implementing the following makes a difference. Basically, local ICMP traffic (which would be the traffic generated by the SLA) gets forced out the primary interface:

ip local policy route-map PRIMARY_TRACK


route-map PRIMARY_TRACK permit 10
match ip address 115
set interface GigabitEthernet0


access-list 115 permit icmp any host 8.8.8.8

0 Helpful

plussier1
Level 1
Level 1
In response to Georg Pauwen

‎01-19-2017 07:27 PM

Hi

I tried to add the command to the original Config, but unfortunately Still does the same thing. When to Router pass to the Backup ISP on WAN-2 the IP SLA State goes Up and Down non Stop.

ip local policy route-map PRIMARY_TRACK


route-map PRIMARY_TRACK permit 10
match ip address 115
set interface GigabitEthernet0


access-list 115 permit icmp any host 8.8.8.8

Thank You !

0 Helpful

paul driver
VIP
VIP
In response to plussier1

‎01-14-2017 05:17 PM

Hello

Ip sla flaps could be due to your sla frequency being to long for the tracking delay- Can you try adding a tracking delay higher then the sla frequency

track 1
delay 30

On a side note -I can see you your primary default route is incorrect - it should be referring to DHCP not the next hop ip.

no ip route 0.0.0.0 0.0.0.0 192.168.37.1 track 1
ip route 0.0.0.0 0.0.0.0 dhcp track 1

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card