Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4254
Views
19
Helpful
31
Replies

Config help plse - dual WAN on 1811.

Go to solution
neilmac
Level 1
Level 1

‎08-27-2010 02:59 AM - edited ‎03-04-2019 09:34 AM

Hi, I have a

1811 router with one connection to the internet. This connection is going to be tu

rned off for a while, so I would like to set up another interface as a fall back for when it does.

The second WAN connection will be DHCP connected via ethernet.

I have to confiure this remotely prior to changeover, and I am paranoid about locking myself out of the router if I make a wrong turn.

I would like to ask if anyone can help me so that the primary WAN (the one in there now) is always used, and when it goes down, the secondary one will route traffic to the internet.

I am sure it's a simple config to add a second WAN port, all help gratefully received.

NM

Here is current config, some identifying details have been masked.

router.1811#show run
Building configuration...

Current configuration : 5505 bytes
!
! Last configuration change at 09:18:51 UTC Fri Aug 27 2010 by xxxxx
! NVRAM config last updated at 12:29:28 UTC Fri Oct 30 2009 by xxxxx
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router.1811
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
ip name-server 216.7.159.195
ip name-server 216.7.159.133
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
crypto pki trustpoint TP-self-signed-2663121659
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2663121659
revocation-check none
rsakeypair TP-self-signed-2663121659
!
!
crypto pki certificate chain TP-self-signed-2663121659
certificate self-signed 01
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32363633 31323136 3539301E 170D3039 31303239 30373333
  34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36363331
  32313635 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C737 EB0584C5 AA2ADD1F 90B3586B 873DF4EE 1FA55B68 202F08E2 BFF052A8
  056D6BC7 5FECDCC1 4570C547 EFA239FA 4D0816F8 E00AAEBE 36038FEB 0CD6978C
  9A6305E5 1518BC21 AE2259D4 01D784DF 58C63DC7 49A70B66 9A6C4396 B8FE1F6C
  D00ED195 5D6F62DE 99714942 69EB6286 17E8D19E AB95ED39 316971A0 37E05088
  A23B0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
  551D1104 12301082 0E63322E 726F7574 65722E31 38313130 1F060355 1D230418
  30168014 6B11EFF2 E7635566 19AC68F9 431C274C 84CEF1D0 301D0603 551D0E04
  1604146B 11EFF2E7 63556619 AC68F943 1C274C84 CEF1D030 0D06092A 864886F7
  0D010104 05000381 81008F34 15ED6E3B 329073CF CA64939F FC0EADDF E1034B8D
  3231D662 9132BBD4 B3E577F3 5270A020 7E180030 BA54582B 38CD6E03 C22D67B1
  A279E24E 8E250061 C5FEF223 CB8C2432 4ED46E6B 9072DBDC 5E2187A9 899FB6C0
  6016586F 940A4760 6E34E55E 48A9998B F5FCD8A3 6772123B C39F32FA 86D0AFFE
  638EB9AA AAEF6F57 AA38
  quit
username xxxx privilege 15 secret 5 xxxx
!
!
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address 216.7.xxx.xx 255.255.255.252
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
switchport mode trunk
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
ip address 192.168.8.10 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Async1
no ip address
encapsulation slip
shutdown
!
ip route 0.0.0.0 0.0.0.0 216.7.149.33
ip route 192.168.3.0 255.255.255.0 192.168.8.1
ip route 192.168.4.0 255.255.255.0 192.168.8.1
ip route 192.168.5.0 255.255.255.0 192.168.8.1
ip route 192.168.6.0 255.255.255.0 192.168.8.2
ip route 192.168.7.0 255.255.255.0 192.168.8.1
!
ip dns server
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.8.2 5045 interface FastEthernet0 5045
ip nat inside source static tcp 192.168.8.2 4125 interface FastEthernet0 4125
ip nat inside source static tcp 192.168.8.2 3389 interface FastEthernet0 3389
ip nat inside source static tcp 192.168.8.2 3085 interface FastEthernet0 3085
ip nat inside source static tcp 192.168.8.2 443 interface FastEthernet0 443
ip nat inside source static tcp 192.168.8.11 22 interface FastEthernet0 22
ip nat inside source static tcp 192.168.8.11 57 interface FastEthernet0 57
ip nat inside source static tcp 192.168.8.11 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.8.11 3660 interface FastEthernet0 3660
ip nat inside source static tcp 192.168.8.11 3663 interface FastEthernet0 3663
ip nat inside source static tcp 192.168.8.11 4665 interface FastEthernet0 4665
ip nat inside source static tcp 192.168.8.11 3000 interface FastEthernet0 3000
ip nat inside source static tcp 192.168.8.11 4000 interface FastEthernet0 4000
!
access-list 1 permit any
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
ntp clock-period 17180445
ntp server 192.168.8.2 key 0 prefer
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

router.1811#

Labels:
0 Helpful
31 Replies 31

Go to solution
neilmac
Level 1
Level 1
In response to neilmac

‎10-01-2010 03:13 AM

OK, not quite there...

I am only getting internet traffic on my default VLAN

Replacing

access-list 1 permit any

with

access-list 1 permit 192.168.8.0 0.0.0.255

seems to have done the trick for getting FA1 working, however, is this now the cause of the routing problems ?

NM

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to neilmac

‎10-01-2010 04:50 AM

NM

When I suggested that change in the access list I saw 192.168.8.0 as the LAN configured on the router and knew that it needed to be translated. Now that I look through the config again I see that there are static routes for 5 other subnets reached through 192.168.8.1. So they also need to be translated. So now the access list needs to look something like

access-list 1 permit 192.168.3.0 0.0.0.255

access-list 1 permit 192.168.4.0 0.0.0.255

access-list 1 permit 192.168.5.0 0.0.0.255

access-list 1 permit 192.168.6.0 0.0.0.255

access-list 1 permit 192.168.7.0 0.0.0.255

access-list 1 permit 192.168.8.0 0.0.0.255

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card