Re: Dual WAN not routing correctly.

CompuVision Admin · ‎12-06-2010

I'm trying to get my second WAN link on an 1811 border router working. Plan is failover and also some PBR to send non critical traffic over the secondary link.

For starters I'm having trouble getting out on the secondary link and don't understand why. I can hit the ISP gateway but no further. Note that at this time the policy-map / service-policy for my PBR is not activated on the interface. I'm just trying to get out on the secondary link first.

Scrubbed config is below. If I do a ping 8.8.8.8 source FastEthernet1 I get a response of U.U.U. If I do a traceroute 8.8.8.8 source FastEthernet1 the first hop is the gateway on FastEthernet0. I don't get why it isn't going over FE1.

boot-start-marker
boot system flash c181x-advipservicesk9-mz.150-1.M3.bin
boot-end-marker
!
ip cef
no ip bootp server
ip domain name cvsweb.com
ip name-server 10.1.10.1
no ipv6 cef
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
class-map match-any http-secondary-traffic
match protocol http host "*youtube.com*"
match protocol http host "*video.google*"
match protocol http host "*myspace*"
match protocol http host "*facebook*"
match protocol http host "*flickr*"
match protocol http host "*video.msn*"
match protocol http host "*fbcdn.net*"
match protocol http host "*grooveshark*"
match protocol http host "*cnbc*"
match protocol http host "*whatismyip.com*"
match protocol http host "*whatismyip*"
!
!
policy-map mark-secondary-traffic
class http-secondary-traffic
set ip dscp 1
!
!
!
!
!
!
!
!
interface FastEthernet0
description Fiber
ip address 209.**.**.146 255.255.255.240 secondary
ip address 209.**.**.130 255.255.255.240
ip verify unicast reverse-path
ip flow ingress
ip nat outside
ip virtual-reassembly
speed 10
full-duplex
!
!
interface FastEthernet1
description ADSL
ip address dhcp
ip nat outside
ip virtual-reassembly
speed 10
full-duplex
!
!
interface Vlan1
description Inside
ip address 10.254.254.2 255.255.255.252
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
ip nat pool pri-default-pool 209.**.**.130 209.**.**.130 netmask 255.255.255.240
ip nat pool pri-servers-pool 209.**.**.131 209.**.**.131 netmask 255.255.255.240
ip nat pool pri-untrusted-pool 209.**.**.141 209.**.**.141 netmask 255.255.255.240
ip nat pool pri-smtp-pool 209.**.**.135 209.**.**.135 netmask 255.255.255.0
ip nat inside source route-map outbound-pri-default pool pri-default-pool overload
ip nat inside source route-map outbound-pri-servers pool pri-servers-pool overload
ip nat inside source route-map outbound-pri-smtp pool pri-smtp-pool overload
ip nat inside source route-map outbound-sec-default interface FastEthernet1 overload
ip route 0.0.0.0 0.0.0.0 209.**.**.129 track 1
ip route 0.0.0.0 0.0.0.0 75.158.**.1 10 track 2
ip route 10.1.5.0 255.255.255.0 10.254.254.1
ip route 10.1.6.0 255.255.255.0 10.254.254.1
ip route 10.1.7.0 255.255.255.0 10.254.254.1
ip route 10.1.8.0 255.255.255.0 10.254.254.1
ip route 10.1.9.0 255.255.255.0 10.254.254.1
ip route 10.1.10.0 255.255.255.0 10.254.254.1
ip route 10.1.11.0 255.255.255.0 10.254.254.1
ip route 10.1.12.0 255.255.255.0 10.254.254.1
ip route 10.1.13.0 255.255.255.0 10.254.254.1
ip route 10.1.14.0 255.255.255.0 10.254.254.1
!
ip access-list extended http-secondary-traffic
permit ip any any dscp 1
ip access-list extended oubound-sec-default
permit ip any any
ip access-list extended outbound-pri-default
permit ip 10.1.5.0 0.0.0.255 any
permit ip 10.1.6.0 0.0.0.255 any
permit ip 10.1.7.0 0.0.0.255 any
permit ip 10.1.12.0 0.0.0.255 any
permit ip 10.1.13.0 0.0.0.255 any
permit ip 10.1.9.0 0.0.0.255 any
ip access-list extended vty-access
permit tcp 10.1.10.0 0.0.0.255 any eq 22 log
permit tcp 10.1.5.0 0.0.0.255 any eq 22 log
!
ip sla 1
icmp-echo 209.**.**.129 source-interface FastEthernet0
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 75.158.**.1 source-interface FastEthernet1
frequency 10
ip sla schedule 2 life forever start-time now
access-list 2 deny 10.1.11.2
access-list 2 permit 10.1.10.0 0.0.0.255
access-list 2 permit 10.1.11.0 0.0.0.255
access-list 3 permit 10.1.8.0 0.0.0.255
access-list 3 permit 10.1.14.0 0.0.0.255
access-list 4 permit 10.1.11.0 0.0.0.255
no cdp run

!
!
!
!
route-map outbound-pri-servers permit 10
match ip address 2
match interface FastEthernet0
!
route-map outbound-sec-default permit 10
match ip address outbound-sec-default
match interface FastEthernet1
!
route-map outbound-pri-untrusted permit 10
match ip address 3
match interface FastEthernet0
!
route-map route-http-secondary permit 5
match ip address http-secondary-traffic
set ip next-hop 75.158.58.1
set interface FastEthernet1
!
route-map outbound-pri-default permit 10
match ip address outbound-pri-default
match interface FastEthernet0
!
route-map PBR-LAN-Outbound permit 10
match ip address 3
set interface FastEthernet1 FastEthernet0
!
route-map outbound-pri-smtp permit 10
match ip address 4
match interface FastEthernet0
!

cadet alain · ‎12-07-2010

Hi,

don't specify interface when pinging, the router will choose which interface based on routing table.In your case you have no route via fe1 and so it is sending via fe0.

just do a sh ip route static to see which route is in the routing table. an sh ip sla will tell you.

On your adsl I saw you had dhcp so you are given already a deault route with an AD of 254 and your second staic default route with an AD of 10 is

overwriting it.

Regards.

Don't forget to rate helpful posts.

Mathias Garcia · ‎12-07-2010

ip route 0.0.0.0 0.0.0.0 209.**.**.129 track 1
ip route 0.0.0.0 0.0.0.0 75.158.**.1 10 track 2

Im going to guess that the first line is Fa0 and the second is Fa1, is that correct?

If so you have a static route with default metric outgoing on Fa0 (default metric should be 1). So the static going out on Fa1 (metric 10) would never be used unless you shutdown or if the tracking steps and removes the default route for that interface.

HTH

Mathias