Solved: Re: Hi Doug,It's been a pleasure! - Page 2

DOUGLAS DRURY · ‎09-24-2015

Hi,

I have a Cisco 887VA router, the problem is I trying to figure out how I can have a fail over between two ADSL lines if the main one go's off.

The router has one ADSL/VDSL port and 4 LAN ports. I have some ADSL modems but I'm not sure what technology to use.

Does anyone have a suggestion?

Thanks

Doug

Peter Paluch · ‎10-03-2015

Hi Doug,

I took vlan 20 out of the command however it didn't work.

Yes, that was to be expected - the point of removing VLAN 20 from the trunk was to prevent your VLAN20 from spanning across your router to the ISP's network (it was a matter of security and proper configuration), not to make things start working.

I set the native vlan on fastethernet 0 to 101 and it now working.

Oh, this is a crucial part of information. You see, formerly, you have posted a configuration in which you had your Ethernet0 configured with a subinterface in VLAN101 and ran the PPPoE client on that subinterface. This made sense to me, as sometimes, VDSL service is provided across a specific VLAN which the customer must configure on its equipment.

Now you are telling me that if you configure the VLAN101 as a native VLAN on the Fa0 trunk interface, the Dialer1 goes up. That means, however, that the VDSL provider is actually fine with untagged frames - it seems that I got misled by the configuration you have used previously.

In such case, however, you should reconfigure the Fa0 interface to be an access port in VLAN 101 only, as having it operating as a trunk is a waste of resources. Please enter the following commands in your configuration mode:

default interface Fa0 ! This will revert it to factory defaults
interface Fa0
 switchport mode access
 switchport access vlan 101

the other problem is the fail over isn't working

Hmm. Doug, after performing the modification above, would you be so kind to post the following outputs? Ideally, capture them into text files and attach them as a ZIP file in your response. Make sure to remove sensitive information but please, if possible, be consistent when replacing it (i.e. replace a specific public IP address with a constant string in all occurrences, etc.).

show running-config
show vlan-switch
show ip route
show ip nat statistics
show pppoe session all

Best regards,
Peter

DOUGLAS DRURY · ‎10-03-2015

Thanks,

I've attached the outputs for you

Peter Paluch · ‎10-03-2015

Hi Doug,

Thanks for the outputs. I do not see anything obviously wrong - every output I've asked for checks out fine.

Perhaps we are only dealing with the fact that even after you disconnect your VDSL link, the NAT entries built for the VDSL link still linger around, and until they expire, packets now going out through the old DSL link are translated using the IP address of the VDSL link which is not usable anymore.

Let's make this test if possible:

Disconnect the VDSL link the same way you did it previously.
Check the show ip route and make sure that now, the default route points out Dialer0 instead of Dialer1.
Try accessing a web page or pinging, say, 8.8.8.8 from a PC in your network. If that does not work, try pinging 8.8.8.8 directly from your router. Tell me whether that worked.
If the pings and web browsing from the PC were unsuccessful, enter the clear ip nat translation forced command on the router. This will clear all dynamic NAT entries and allow the router to build new ones.
Now try the PC again.

Best regards,
Peter

DOUGLAS DRURY · ‎10-03-2015

The default route still points to dialer 1 ever after clearing the nat and waiting 10 minutes. I disabled dialer 1 from the cli then the failover happens. When the line is down (Cable unplugged or power out) dialer 1 will show as being up even though it doesn't have an IP address on it. Could it be we are monitoring the dialer 1 instead of the traffic's ability to make it out on to the FTTC line?

Peter Paluch · ‎10-03-2015

Hi Doug,

You are right - the Dialer interfaces are always up and even if they do not have an IP address currently assigned, they nonetheless may participate in the routing table as egress interfaces for static routes. We'll need to modify our configuration somewhat.

Please paste the following lines into your configuration:

no ip route 0.0.0.0 0.0.0.0 Dialer0
no ip route 0.0.0.0 0.0.0.0 Dialer1
!
track 1 interface Dialer0 ip routing
track 2 interface Dialer1 ip routing
!
ip route 0.0.0.0 0.0.0.0 Dialer0 2 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2

What I am doing here is first removing the existing two default routes and then introducing two so-called track objects - objects that verify a specific property of a certain router or IOS component or mechanism, and then report Up or Down status based on this property. The track object 1 checks whether the Dialer0 has an IP address assigned and is thus fully capable of participating in routing. The track object 2 does the same for Dialer1 interface. Afterwards, the static default routes are configured again, but this time, they are subjected to the states of the tracking object. The default route through Dialer1 will only be considered to be installed into the routing table if the track object 2 says it is Up, meaning that Dialer1 has its IP address assigned. Similarly, the default route through Dialer0 will only be considered to be installed into the routing table if the track object 1 says it is Up, meaning that Dialer0 has its IP address assigned. If both track objects are up then it is up to administrative distances to decide which one of these two goes into the routing table, with the path through Dialer1 being preferred. If only one of the track objects is up, there is no tie between the default routes, as the one with its tracking object being Down is prohibited from entering the routing table anyway.

Would you please mind testing this out?

Best regards,
Peter

DOUGLAS DRURY · ‎10-03-2015

Thanks Peter,

Its working now : ) fail over is switching between the VDSL to the ADSL and back

Thanks for your help

Peter Paluch · ‎10-03-2015

Hi Doug,

It's been a pleasure! I am glad you got it running.

Best regards,
Peter

Llaesha · ‎04-15-2020

Hello,
Thanks to this thread, I have been able to configure the same for my network. But would I like it if possible, that you help me balance the output by either ISP?

Following the configuration applied by Doug, thank you very much

Llaesha

Georg Pauwen · ‎04-15-2020

Hello,

do you mean you want to have both links up permanently (rather than one link being the backup of the other) and load balance across both links ?

Llaesha · ‎04-15-2020

that's correct, that's what I want to finally configure.

Llaesha · ‎04-15-2020

Hello, thanks for your help! :)

I have an additional problem, I was checking the failover configuration.

I thought everything worked ...

but by disconnecting one of the ISP cables

I see that the pppoe tunnel is set, but when I run the show caller:
show caller
                                                   Activate Idle
   Line User Service Time Time
   vty 10 adminnet VTY 00:27:17 00:00:00
   Vi3 <unknown phone number> \
                                     PPPoE 07:17:40 00:00:02

Why this error? unknown phone number?

Georg Pauwen · ‎04-15-2020

Post the current running configuration of your device...

Llaesha · ‎04-15-2020

omit the previous comment

that's not the mistake ..

Llaesha · ‎04-15-2020

Thank you

I attach the running config

Right now the gigabitethernet port 9 has the cable disconnected.

But dialer 1 does not work properly.

Ping 8.8.8.8 is correct, but if I try to call a video conference that I have connected it does not work

For it to work I have to remove the nat:

ip nat inside source route-map IPR203 interface Dialer2 overload
and shutdown to dialer2 interface

Thus, if the videoconference call occurs correctly.

How can I fix it and balance between the two dialers?

Thank you very much

#show ip nat tran
#
#
#
#

Georg Pauwen · ‎04-15-2020

Hello,

make the changes/additions marked in bold:

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname xxxxx
!
boot-start-marker
boot config flash:startup-config
boot-end-marker
!
no aaa new-model
!
ip cef
!
ip domain name disagrupo.es
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C892FSP-K9 sn FCZ171492L7
!
username xxxx privilege 15 secret xxxx
username xxxxx privilege 7 secret xxxxx
!
ip ssh authentication-retries 5
ip ssh version 2
track timer interface 5
!
--> track 1 ip sla 1 reachability
!
--> track 2 ip sla 2 reachability
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
interface GigabitEthernet0
description LAN VCSCRUZ01
switchport access vlan 203
no ip address
no cdp enable
!
interface GigabitEthernet1
description LAN VCSCRUZ02
switchport access vlan 203
no ip address
no cdp enable
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
description lan pruebas
switchport access vlan 203
no ip address
no cdp enable
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
description Physical ADSL ISP01
no ip address
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet8.6
description Virtual ADSL ISP01
encapsulation dot1Q 6
ip nat outside
ip virtual-reassembly in
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface GigabitEthernet9
description Physical ADSL ISP02
no ip address
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet9.6
description Virtual ADSL ISP02
encapsulation dot1Q 6
ip nat outside
ip virtual-reassembly in
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
!
interface Vlan1
description My LAN Interface
no ip address
!
interface Vlan203
ip address 10.128.22.33 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
description Logical ADSL Interface VCSCRUZ01 ISP
mtu 1492
bandwidth 6192
ip address negotiated
ip nat outside
--> no ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer string 1234
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxx
ppp chap password 7 xxxxxxx
ppp pap sent-username xxxxxx password 7 xxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
interface Dialer2
description Logical ADSL Interface VCSZCRUZ02 ISP
mtu 1492
bandwidth 6192
ip address negotiated
ip nat outside
--> no ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 2
dialer string 1234
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxxxx
ppp pap sent-username xxxxx password 7 xxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map IPR203 interface Dialer2 overload
ip nat inside source route-map IPR207 interface Dialer1 overload
!
ip route 0.0.0.0 0.0.0.0 Dialer1 2 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2
!
access-list 10 permit 10.128.22.32 0.0.0.15

access-list 100 permit ip any 192.168.20.0 0.0.0.255
access-list 101 permit ip any 10.128.22.32 0.0.0.15
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Dialer 2
frequency 5

!
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 8.8.8.8 source-interface Dialer 1

frequency 5

!
ip sla schedule 2 life forever start-time now
!
route-map IPR203 permit 10
match ip address 10
--> match interface Dialer2
!
route-map IPR207 permit 10
match ip address 10
--> match interface Dialer1
!
--> event manager applet DIALER_1_DOWN
--> event track 1 state down
--> action 1.0 cli command "enable"
-->action 2.0 cli command "clear ip nat translation forced"
!
--> event manager applet DIALER_2_DOWN
--> event track 2 state down
--> action 1.0 cli command "enable"
--> action 2.0 cli command "clear ip nat translation forced"
!
control-plane
!
!
banner motd ^CCCine
*******************************************************************************
* El acceso a este dispositivo es solo para usuarios autorizados. *
* Si usted no esta autorizado de forma expresa, por favor, *
* desconectese inmediatamente. *
* Todos los accesos a este dispositivo estan monitorizados y *
* y registrados, si no esta de acuerdo desconectese *
* inmediatamente. *
*******************************************************************************
^C
!
line con 0
exec-timeout 15 0
login local
no modem enable
transport preferred ssh
transport output telnet ssh
stopbits 1
line aux 0
line vty 0 4
exec-timeout 15 0
login local
length 0
transport preferred ssh
transport input ssh
transport output telnet ssh
line vty 5 15
exec-timeout 15 0
login local
transport preferred ssh
transport input ssh
transport output telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

CIsco 887va Fail Over