Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
8
Replies

Failover on 2611XM using two ISP.

Go to solution
ojasvi.bansal
Level 1
Level 1

‎07-11-2008 11:32 AM - edited ‎03-03-2019 10:41 PM

I have two ISPs connected to my 2611XM. I use Cable connection as the primary connection and want to use DSL as the backup. I tried doing this using the track 123 rtr 1 reachability but couldn't get it working. I would appreciate if anyone could help me on this. Here's the config on the router. Also attached is the diagram for my topology (failover.jpeg)

c2600-adventerprisek9-mz.124-17.bin

FAILOVER#sh run

Building configuration...

Current configuration : 2314 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname FAILOVER

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

!

aaa session-id common

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.50

!

ip dhcp pool FAILOVER

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.1.2 42.63.84.25

lease 4

!

!

ip sla monitor 1

type echo protocol ipIcmpEcho 42.63.95.1 source-interface FastEthernet0/1

timeout 1000

threshold 40

frequency 3

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2

type echo protocol ipIcmpEcho 131.10.28.24 source-interface Dialer1

timeout 1000

threshold 40

frequency 3

ip sla monitor schedule 2 life forever start-time now

vpdn enable

!

track timer interface 5

!

track 123 rtr 1 reachability

delay down 15 up 10

!

track 345 rtr 2 reachability

delay down 15 up 10

!

interface FastEthernet0/0

description INTERNAL_LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed 100

!

interface FastEthernet0/1

description CABLE

ip address 42.x.x.47 255.255.252.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface Ethernet1/0

description DSL

no ip address

half-duplex

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip mroute-cache

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname username

ppp chap password xxx

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 42.63.95.1 track 123

!

no ip http server

no ip http secure-server

ip nat inside source route-map CABLE interface FastEthernet0/1 overload

ip nat inside source route-map DSL interface Dialer1 overload

!

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

route-map CABLE permit 10

match ip address 100

match interface FastEthernet0/1

!

route-map DSL permit 10

match ip address 100

match interface Dialer1

!

control-plane

!

line con 0

line aux 0

line vty 0 4

!

!

end

FAILOVER#

Labels:
Preview file
50 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ojasvi.bansal

‎07-13-2008 02:34 AM

Hi,

No idea, you should look at SIP traces to see what's going on.

Perhaps the server is not configured to handle the phones coming in with another address.

As an appreciation to those providing answers, please rate useful posts with the scrollbox below!

View solution in original post

0 Helpful
8 Replies 8

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎07-11-2008 12:00 PM

What is not working exactly?

If the issue is that the NAT translations remaining after a route is removed, you should use "oer" keyword in "ip nat ....". I'm not sure it is available in 12.4 mainline, however.

0 Helpful

Go to solution
ojasvi.bansal
Level 1
Level 1
In response to paolo bevilacqua

‎07-11-2008 12:09 PM

Thanks for you reply.

The failover doesn't happen at all. AFter the cable link goes down the traffic doesn't transition to DSL.

I am sure that there's something that I did wrong in the configuration.

Thanks in advance for your response.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ojasvi.bansal

‎07-11-2008 12:20 PM

Hi,

indeed you also need a default route with higher distance (aka floating) pointing to dialer interface.

0 Helpful

Go to solution
ojasvi.bansal
Level 1
Level 1
In response to paolo bevilacqua

‎07-11-2008 12:26 PM

Does the backup floating route also need to have a track at the end.

I tried using

ip route 0.0.0.0 0.0.0.0 dialer 1 track 345

But that also did not work.

I didn't try using it with a higher metric though.

Any thoughts would be appreciated.

0 Helpful

Go to solution
ojasvi.bansal
Level 1
Level 1
In response to ojasvi.bansal

‎07-11-2008 01:44 PM

Hi there,

I did a floating route as you said.

ip route 0.0.0.0 0.0.0.0 dialer 1 5

Now the backup route kicks in after the primary route fails. But I have to clear NAT translations before a host could go to outside world.

I don't have the option to use ip nat translation tcp-timeout OR udp-timeout because there are application which will not work after doing this.

I would really appreciate if you could guide me little more as I think that I am somewhere near to get it working.

P.S. I read something about Stateful NAT, not sure though if that fits in my issue or not.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ojasvi.bansal

‎07-12-2008 01:59 AM

Hi, as you found yourself, you don't need a tracking statement if the DSL access is meant for backup only.

I don't think stateful NAT would help as it is meant to address other needs (equipment redundancy rather than circuit redundancy).

What you need is to upgrade to one of the latest 12.4 T releases, once you configure the oer keyword to "ip nat ...", all translation should be removed once the primary route is no more.

Of course from that point on, traffic to the internet would take the DSL address, as you cannot use an address belonging to a circuit to a different one, and there is no configuration or workaround that would allow that.

Hope this helps, please rate post if it does!

0 Helpful

Go to solution
ojasvi.bansal
Level 1
Level 1
In response to paolo bevilacqua

‎07-12-2008 08:22 PM

Hi there,

Thank you so much for your guidance. I used oer at the end of IP nat statement and it works.

The small problem here is that my computer works fine after a failover happens however, my ip phones (registering with asterisk server) don't work. I tried decreasing the registeration time to 60 seconds. But again the phone doesn't register and cannot do outbound and inbound calls. This also happens with Soft phone.

I also tried using

ip nat translation udp-timeout 10 (thinking that after every 10 seconds the entry will delete and the phone will create new entry).

Any suggestions on this would be highly appreciated.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ojasvi.bansal

‎07-13-2008 02:34 AM

Hi,

No idea, you should look at SIP traces to see what's going on.

Perhaps the server is not configured to handle the phones coming in with another address.

As an appreciation to those providing answers, please rate useful posts with the scrollbox below!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card