Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
627
Views
0
Helpful
2
Replies

Dual Want Policy Based Routing Problem

networksniffer
Level 1
Level 1

‎12-03-2013 10:02 AM - edited ‎03-04-2019 09:45 PM

Hello!

I have configured 1700 series router to forward workstation traffic through one port and the voice through another. The Configuration is pretty straight forward, but we experience a major problems. When the SIP phones plugged in to the switch with pass through to the computers, we loose connections to PBX or Internet and it's not consistent, it's flapping in uneven amount of time. I can work all day and then just stop working with no clear cause. It does happened when only phones are connected to integrated switch alone. Completely makes no sense.

When this occurs i can go the router and can ping everhing but NAT translation is just stop working, which is the reson to lost connections.

here is the config:

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cartergeer

!

boot-start-marker

warm-reboot

boot-end-marker

!

no aaa new-model

!

!

dot11 syslog

!

!

ip cef

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool PC-SUBNET

   import all

   network 192.168.1.0 255.255.255.0

   dns-server 7.228.35.42 7.228.37.195 8.8.8.8

   domain-name greatbasin.net

   default-router 192.168.1.1

!

!

ip domain name greatbasin.net

ip name-server 7.228.35.42

ip name-server 7.228.37.195

ip name-server 8.8.8.8

!

multilink bundle-name authenticated

!

!

!

!

archive  

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

description WAN1

ip address 7.228.13.165 255.255.255.252

ip nat outside

ip virtual-reassembly

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet1

decription WAN2

ip address 7.228.13.169 255.255.255.252

ip nat outside

ip virtual-reassembly

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!        

interface Dot11Radio1

no ip address

shutdown

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description LOCAL-LAN

ip address 192.168.2.1 255.255.255.0 secondary

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map LAN-TO-WAN

!

interface Async1

no ip address

encapsulation slip

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0

ip route 0.0.0.0 0.0.0.0 FastEthernet1

!

!

no ip http server

no ip http secure-server

ip nat inside source list 101 interface FastEthernet0 overload

ip nat inside source list 102 interface FastEthernet1 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

!

!

!

route-map LAN-TO-WAN permit 10

description PC-SUBNET-NAT

match ip address 101

set interface FastEthernet0

!

route-map LAN-TO-WAN permit 20

description VOICE-SUBNET-NAT

match ip address 102

set interface FastEthernet1

!

!

!        

!

control-plane

!

!

line con 0

exec-timeout 0 0

logging synchronous

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

end

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎12-04-2013 01:17 AM

Hi,

You should modify your config like this:

no ip nat inside source list 101 interface FastEthernet0 overload
no ip nat inside source list 102 interface FastEthernet1 overload
no route-map LAN-TO-WAN
route-map LAN-TO-WAN permit 10
match ip address 101
set ip next-hop x.x.x.x
route-map LAN-TO-WAN permit 20
match ip address 102
set ip next-hop y.y.y.y
route-map NAT-To-WAN1
match ip address 101
match interface f0
route-map NAT-To-WAN2
match ip address 102
match interface f1
 ip nat inside source route-map NAT-To-WAN1 interface FastEthernet0 overload
 ip nat inside sourceroute-map NAT-To-WAN2  interface FastEthernet1 overload

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

networksniffer
Level 1
Level 1
In response to cadet alain

‎12-05-2013 11:59 AM

Cadet first of all thank you for your response and work! =) I did made  the changes that you proposed and applied them today and I will test  them for the few days and will report back. But, what is the difference  in my approach vs yours for the NAT?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card