Dual WAN ports and traffic shaping.

rabelflower · ‎01-10-2016

Hello,

I am trying to setup a Cisco 2911 router with dual WAN interfaces and do packet shaping.

I want to route web traffic out interface g0/2 and in the event that g0/2 is down, that it fails over to g0/1.

Interface info:

G0/0 local lan.

G0/1 is WAN1

G0/2 is WAN2.

my current config for the ACL is:

ip nat inside source route-map WAN1 interface GigabitEthernet0/1 overload
ip nat inside source route-map WAN2 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 "WAN2 Public IP_address gateway" track 10
ip route 0.0.0.0 0.0.0.0 "WAN1 Public IP_address gateway" track 20

!
ip sla key-chain 1
ip sla responder tcp-connect ipaddress "WAN2 Public IP address gateway" port 1
!
route-map PBR permit 10
match ip address 101 100
set ip next-hop verify-availability "WAN1 Public IP_address gateway" 1 track 20
set ip next-hop verify-availability "WAN2 Public IP_address gateway" 3 track 10
!
route-map PBR permit 30
match ip address 100
set ip next-hop verify-availability "WAN2 Public IP_address gateway" 2 track 10
!
route-map WAN1 permit 10
match ip address 10
match interface GigabitEthernet0/1
!
route-map WAN2 permit 10
match ip address 10
match interface GigabitEthernet0/2
!
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq telnet
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 101 permit ip any any
!
control-plane

I can get to the internet no problem but it is going out interface g0/1,...

Any help would be appreciated.

Philip D'Ath · ‎01-10-2016

I think you'll need to add some extra tracks, like:

track 10 interface GigabitEthernet0/2 ip routing
track 20 interface GigabitEthernet0/1 ip routing

You can use "show track" to confirm the current tracked status.

rabelflower · ‎01-10-2016

Thank you for the reply.

Yes, I have those lines.. sorry, I should have included this info.

Any more thoughts?

Router#sh track
Track 10
Interface GigabitEthernet0/2 ip routing
IP routing is Up
    2 changes, last change 02:35:09
Tracked by:
    Route Map 0
    Static IP Routing 0
Track 20
Interface GigabitEthernet0/1 ip routing
IP routing is Up
    2 changes, last change 02:35:09
Tracked by:
    Route Map 0
    Static IP Routing 0

Philip D'Ath · ‎01-10-2016

So if you unplug or shutdown the main interface it doesn't work?

rabelflower · ‎01-10-2016

I haven't tried unplugging G0/1 to see if it works.

I can try that this coming week.

The main goal is to have WEB traffic go out G0/2 and all other traffic go out G0/1.

AND, IF, G0/2 was down for the WEB traffic to fail over to G0/1

Philip D'Ath · ‎01-10-2016

If you do use PBR, you only need a PBR policy for the one failover case - when things are working when not failed.

route-map PBR permit 10
 match ip address 101
 set ip next-hop verify-availability "WAN2 Public IP_address gateway" 1 track 10

Philip D'Ath · ‎01-10-2016

Also for PBR preference 10, I would only set one next hop. You have a policy preference of 30 for the other next hop.

Philip D'Ath · ‎01-10-2016

So this is a pure active/standby failover, or are you wanting to use both circuits at the same time, and only failover over web traffic?

If it is pure active/standby I would get rid of the PBR all together. The default route tracking you are doing is enough to cause the failover. The PBR adds an extra layer of unneeded complexity.