10-12-2021 06:39 AM
Hello
Hope you guys are well.
I have configured failover between 2 ISPs and it's working fine. I am using Event Manager with IP SLA.
The last command is in the event manager script is "Clear IP nat translation *"..
Is there any way I don't have to execute Clear IP Nat Translation command because failover did not work without executing this command.
1st ISP>>>>> yyy.yy.yy.yy
2nd ISP>>>>> zzz.zz.zz.zz
event manager applet ISP_1_DOWN
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route xxx.xx.xx.xx 255.255.255.255 yyy.yy.yy.yy
action 4.0 cli command "ip route xxx.xx.xx.xx 255.255.255.255 zzz.zz.zz.zz
action 5.0 cli command "end"
action 6.0 cli command “clear ip nat translation *”
!
event manager applet ISP_1_UP
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command "conf t"
action 3.0 cli command "ip route xxx.xx.xx.xx 255.255.255.255 yyy.yy.yy.yy
action 4.0 cli command "no ip route xxx.xx.xx.xx 255.255.255.255 zzz.zz.zz.zz
action 5.0 cli command "end"
action 6.0 cli command “clear ip nat translation *”
10-12-2021 06:55 AM
>>> Is there any way I don't have to execute Clear IP Nat Translation command <<<
-> only if you do not use NAT
when the addresses xxx.xxx.xxx.xxx and zzz.zzz.zzz.zzz each are owned by a different provider
the "internet" will route these adresses to provider1 or provider2 respectively
you may succeed to have packets using provider-1 adresses going out via the provider-2 network
but incoming traffic will still be routed to provider-1
and if your link to provider1 is down you will not receive return traffic
10-12-2021 07:00 AM
One more thing I want to know.
We are using Cisco IP Phones 7940 & 7960. VOIP server is located on cloud (Asterisk). Phones get registered via asterisk. But after executing clear IP nat translation. Incoming calls are not working and incoming calls go to voice mail.
I have to manullay release/renew the phone ip address from it's configuration menu. Is there any setting regarding register expiries in phone?
10-12-2021 08:18 AM
that is to be expected
in the registration to the VIOP server the NATted address is included
so when using the other provider and using a new NATted address, the phone needs to reregister
of course DHCP renew will trigger a reregister of the phone
10-12-2021 10:24 AM
Hello,
you could try and decrease the StationKeepaliveInterval (see the link below), but it might be better to bounce the ports on the switches. How many switches with connected IP Phones do you have ? The concept of an EEM script that bounces the ports when an IP SLA fails remains the same. The router where the failover occurs would send a syslog message to all switches where phones are connected to, and the syslog message would trigger the EEM.
10-12-2021 11:09 AM
How many switches with connected IP Phones do you have ?
There are almost 8 switches but and there are almost 50 IP phones connected to different ports of the switch.
The concept of an EEM script that bounces the ports when an IP SLA fails remains the same. The router where the failover occurs would send a syslog message to all switches where phones are connected to, and the syslog message would trigger the EEM.
How Can I configure that?
10-12-2021 01:01 PM
Hello,
here is what you do:
1. Configure two loopback interfaces on the router where the ISP connections are. Make sure the loopback IP addresses are reachable from all switches.
2. Configure two EEM scripts that send one ping to each switch from either loopback, depending on if the SLA is down or up.
3. On the switches, enable ICMP debugging.
4. Configure two EEM scripts on each switch that bounce the ports where the phones are connected to.
The entire config would look like this (I have made the assumption that the switches have management IP addresses in the 192.168.1.0/24 range).
Router
interface Loopback 1
ip address 1.1.1.1 255.255.255.255
!
interface Loopback 2
ip address 2.2.2.2 255.255.255.255
!
event manager applet SEND_PING_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "ping 192.168.1.2 source 1.1.1.1 repeat 1"
action 2.1 cli command "ping 192.168.1.3 source 1.1.1.1 repeat 1"
action 2.2 cli command "ping 192.168.1.4 source 1.1.1.1 repeat 1"
action 2.3 cli command "ping 192.168.1.5 source 1.1.1.1 repeat 1"
action 2.4 cli command "ping 192.168.1.6 source 1.1.1.1 repeat 1"
action 2.5 cli command "ping 192.168.1.7 source 1.1.1.1 repeat 1"
action 2.6 cli command "ping 192.168.1.8 source 1.1.1.1 repeat 1"
action 2.7 cli command "ping 192.168.1.9 source 1.1.1.1 repeat 1"
!
event manager applet SEND_PING_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "ping 192.168.1.2 source 2.2.2.2 repeat 1"
action 2.1 cli command "ping 192.168.1.3 source 2.2.2.2 repeat 1"
action 2.2 cli command "ping 192.168.1.4 source 2.2.2.2 repeat 1"
action 2.3 cli command "ping 192.168.1.5 source 2.2.2.2 repeat 1"
action 2.4 cli command "ping 192.168.1.6 source 2.2.2.2 repeat 1"
action 2.5 cli command "ping 192.168.1.7 source 2.2.2.2 repeat 1"
action 2.6 cli command "ping 192.168.1.8 source 2.2.2.2 repeat 1"
action 2.7 cli command "ping 192.168.1.9 source 2.2.2.2 repeat 1"
Switches (change the 'src' address to the respective management IP address of each switch)
debug ip icmp
event manager applet SHUT_NOSHUT_DOWN
event syslog pattern "ICMP: echo reply sent, src 192.168.1.2, dst 1.1.1.1"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface range GigabitEthernet0/1 - 10"
action 4.0 cli command "shut"
action 5.0 cli command "no shut"
action 6.0 cli command "end"
!
event manager applet SHUT_NOSHUT_UP
event syslog pattern "ICMP: echo reply sent, src 192.168.1.2, dst 2.2.2.2"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface range GigabitEthernet0/1 - 10"
action 4.0 cli command "shut"
action 5.0 cli command "no shut"
action 6.0 cli command "end"
10-12-2021 08:48 AM
Hello
You could apply conditional static routing with IPSLA for the NAT and decrease the NAT translations timeouts
Example:
ip sla 10
icmp-echo x.x.x.x source-interface (ISP1 facing interface)
ip sla schedule 10 life forever start-time now
track 1 rtr 10 reachability
ip route 0.0.0.0 0.0.0.0 x.x.x.x 1 name ISP1 track 1
ip route 0.0.0.0 0.0.0.0 y.y.y.y. 200 name ISP2
access-list 100 permit ip x.x.x.x y.y.y.y any < lan subnet to be NATTED
route-map ISP1
match ip address 100
match interface (ISP1 facing interface)
route-map ISP2
match ip address 100
match interface (ISP2 facing interface)
ip nat inside source route-map ISP1 interface (ISP1 facing interface) overload
ip nat inside source route-map ISP12 interface (ISP2 facing interface) overload
ip nat translation timeout 300
ip nat translation tcp-timeout 300
ip nat translation udp-timeout 30
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 30
ip nat translation syn-timeout 30
ip nat translation finrst-timeout 30
10-12-2021 11:43 AM
Is it possible that nat translation could be clear for specificic VLAN or subnet? Because we have different 2 vlans 1 for voice another for data?
10-12-2021 12:38 PM
Hello
your original post queried NAT failover from one ISP to another without clearing the nat translation table either manually or via eem scripting
Now you are asking how to clear specific vlan translations correct?
10-12-2021 01:07 PM
Kindly consider it a new question just for info
10-12-2021 01:31 PM
You can clear specific nat translations if that what you are asking?
example:
clear ip nat translations top/udp x.x.x.x y.y.y.y
10-13-2021 07:53 AM
I have 2 subnet configured in my LAN network. 1 for Data and 1 for voice
Data Subnet: 192.168.32.0/22
Voice Subnet: 192.168.1.0/24
I want to clear nat translation only for 192.168.32.0/22. Is it possible?
10-14-2021 12:32 AM
Hello
@Hamidsattarrana wrote:
I have 2 subnet configured in my LAN network. 1 for Data and 1 for voice
Data Subnet: 192.168.32.0/22
Voice Subnet: 192.168.1.0/24
I want to clear nat translation only for 192.168.32.0/22. Is it possible?
My understanding thats not applicable, you can clear individual or all dynamic entries but not a range of them .
10-14-2021 07:58 AM
What if I create 2 VRF instances? I have seen there is an option "clear ip nat translation vrf".
One VRF instance for Data Subnet
Another VRF instance for Voice Subnet.
So while executing clear ip nat translation vrf data instance. I guess it won't effect voice vrf instance NAT translation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide