Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1816
Views
0
Helpful
4
Replies

Failover with two ADSL links

salman abid
Level 1
Level 1

‎02-08-2014 11:50 PM - edited ‎03-04-2019 10:17 PM

Hi Guys,

At one of my remote location currently it is connected to headoffice by using a 40Mbps ADSL link for VPN and NAT but in running week i'll get a 10Mbps ADSL additional link.

I have 2911 router and on that router 1 port gig0/2 is free so i'll connect that 10Mbps link on that port. Actually i want to configure failover with active/standby between 40Mbps and 10Mbps link for VPN and NAT both.

As right now i have configured dialer0 for 40Mbps link then after connectivity 10Mbps on gig0/2 do i need to create an other dialer interface??? if yes then what will be the configuration.

Kindly adivse me on same.

Below is the current config of 2911 router.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.02.09 11:20:28 =~=~=~=~=~=~=~=~=~=~=~=

Current configuration : 8113 bytes

!

! Last configuration change at 19:06:39 AST Fri Jan 17 2014

! NVRAM config last updated at 19:06:55 AST Fri Jan 17 2014 by admin

! NVRAM config last updated at 19:06:55 AST Fri Jan 17 2014 by admin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname OCSRTR

!

boot-start-marker

boot-end-marker

!

!

card type e1 0 0

logging buffered 16384

enable secret 4 Ckg/sS5mzi4xFYrh1ggXo92THcL6Z0c6ng70wM9oOxg

!

no aaa new-model

!

clock timezone AST 4 0

network-clock-participate wic 0

network-clock-select 1 E1 0/0/0

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.142.1 192.168.142.10

ip dhcp excluded-address 192.168.150.1 192.168.150.30

!

ip dhcp pool VOICE

network 192.168.142.0 255.255.255.0

default-router 192.168.142.1

option 150 ip 10.1.2.11 10.1.2.12

!

ip dhcp pool mypool

import all

network 192.168.150.0 255.255.255.0

default-router 192.168.150.1

dns-server 192.6.14.189 192.6.14.182

!

!

!

multilink bundle-name authenticated

!

!

!

!

isdn switch-type primary-net5

!

crypto pki token default removal timeout 0

!

!

voice-card 0

dspfarm

dsp services dspfarm

!

!

!

voice service voip

fax protocol pass-through g711ulaw

!

voice class codec 1

codec preference 1 g711ulaw

codec preference 2 g711alaw

codec preference 3 g729r8

codec preference 4 g729br8

!

voice class h323 1

  h225 timeout tcp establish 3

!

!

!

!

voice translation-rule 1

rule 1 /^45./ /400/

rule 2 /^46./ /400/

rule 3 /^47./ /400/

!

voice translation-rule 2

rule 1 /^0\(2.......\)$/ /00\1/

rule 2 /^0\(3.......\)$/ /00\1/

rule 3 /^0\(4.......\)$/ /00\1/

rule 4 /^0\(5........\)$/ /00\1/

rule 5 /^0\(6.......\)$/ /00\1/

rule 6 /^0\(7.......\)$/ /00\1/

rule 7 /^0\(9.......\)$/ /00\1/

rule 8 /^00\(.*\)/ /0\1/

rule 9 /^.......$/ /0&/

rule 10 // /000\1/

!

voice translation-rule 3

rule 1 /^45./ /6072400/

rule 2 /^46./ /6072400/

rule 3 /^47./ /6072400/

rule 4 /^4../ /6072&/

!

!

voice translation-profile FROM_PSTN

translate calling 2

translate called 1

!

voice translation-profile TO_PSTN

translate calling 3

!

!

license udi pid CISCO2911/K9 sn FGL16441279

hw-module pvdm 0/0

!

hw-module sm 1

!

!

!

username admin privilege 15 secret 4 Ckg/sS5mzi4xFYrh1ggXo92THcL6Z0c6ng70wM9oOxg

!

redundancy

!

!

!

!

controller E1 0/0/0

framing NO-CRC4

pri-group timeslots 1-10,16

!

!

!

!

!

!

!

crypto ipsec client ezvpn OCS_Deira

connect auto

group OCS_Deira key xxxxxxx

mode network-extension

peer 83.xx.xx.xx

nat allow

nat acl 110

xauth userid mode interactive

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.150.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

crypto ipsec client ezvpn OCS_Deira inside

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 2

ip address 192.168.142.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

crypto ipsec client ezvpn OCS_Deira inside

h323-gateway voip interface

h323-gateway voip bind srcaddr 192.168.142.1

!

interface GigabitEthernet0/1

description *** CONNECTED TO 40Mbps link ***

no ip address

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/2

shutdown

!

interface Serial0/0/0:15

no ip address

encapsulation hdlc

isdn switch-type primary-net5

isdn incoming-voice voice

no cdp enable

!

interface SM1/0

ip unnumbered GigabitEthernet0/0.2

service-module ip address 192.168.142.2 255.255.255.0

!Application: CUE Running on SM

service-module ip default-gateway 192.168.142.1

!

interface SM1/1

description Internal switch interface connected to Service Module

no ip address

!

interface Vlan1

no ip address

!

interface Dialer0

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username xxxx password 0 xxxxxx

crypto ipsec client ezvpn OCS_Deira

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source route-map nonat interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 192.168.142.2 255.255.255.255 SM1/0

!

access-list 110 deny   ip 192.168.150.0 0.0.0.255 192.6.14.0 0.0.0.255

access-list 110 deny   ip 192.168.150.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 deny   ip 192.168.142.0 0.0.0.255 192.6.14.0 0.0.0.255

access-list 110 deny   ip 192.168.142.0 0.0.0.255 10.1.0.0 0.0.255.255

access-list 110 permit ip 192.168.150.0 0.0.0.255 any

access-list 110 permit ip 192.168.142.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

route-map nonat permit 10

match ip address 110

!

!

snmp-server community jash RO

snmp-server location -------Dubai OCS----

snmp-server contact Mr.Sivakumar

snmp-server enable traps tty

snmp-server enable traps cpu threshold

snmp-server enable traps syslog

snmp-server host xxx.xxx.xx version 2c jash

!

control-plane

!

!

line con 0

logging synchronous

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 67

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password Admin456

login

transport input all

line vty 5 15

password Admin456

login

transport input all

!

scheduler allocate 20000 1000

ntp master 1

end

OCSRTR#exi

Labels:
0 Helpful
4 Replies 4

Vishesh Verma
Level 1
Level 1

‎02-09-2014 01:22 AM

Yes, you need to create a second dialer interface, which will provide connectivity through second physical interface. Let's say second interface is Dialer1.

Now you need to setup failover if Dialer0 is down. For doing that you would need an ip sla and a track

!***IP SLA config to track reachability of internet via Dialer0***

!

ip sla 1

icmp-echo 4.2.2.2 source dialer0

frequency 5

!

ip sla schedule 1 start now life forever

!

track 1 ip sla 1 reachability

!

!***Route Failover if internet is down via Dialer0***

!

ip route 4.2.2.2 255.255.255.255 Dialer0 permanent

ip route 0.0.0.0 0.0.0.0 Dialer0 track 1

ip route 0.0.0.0 0.0.0.0 Dialer1 100

!

!***NAT config***

!

interface Dialer0

ip nat outside

!

interface Dialer1

ip nat outside

!

ip nat inside source route-map nonat0 interface Dialer0 overload

ip nat inside source route-map nonat1 interface Dialer1 overload

!

!***Route-map need to check the egress interface as well to make the decision to NAT the traffic***

!

route-map nonat0 permit 10

match ip address 110

match interface Dialer0

!

!

route-map nonat1 permit 10

match ip address 110

match interface Dialer1

!

end

Some low-end Cisco platforms may have trouble clearing the NAT  translations during failover so you can use an EEM script to clear NAT  translations if primary interface is down and traffic is switched to  secondary link. Refer to following post in which I wrote an EEM script  to take care of that.

https://supportforums.cisco.com/message/4156766

Now you make the configuration of EZVPN through backup link, of which I am no expert.

-Vishesh

0 Helpful

salman abid
Level 1
Level 1
In response to Vishesh Verma

‎02-09-2014 01:36 AM

@Vishesh

Thanks for the rply

so in case of dialer1 interface below can be the configuration????

interface GigabitEthernet0/2

description *** CONNECTED TO 10Mbps link ***

no ip address

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1      <======   (do we need to keep it dial-pool-number 1  )

!

interface GigabitEthernet0/2

interface Dialer1

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1           <=====         (do we need to keep pool 1)

dialer-group 1          <=====         (do we need to keep group 1)

ppp authentication pap callin

ppp pap sent-username xxxx password 0 xxxxxx

crypto ipsec client ezvpn OCS_Deira

What about premption, i mean when the primary link will become up what will happen in that case.

For EZVPN we just need to put crypto command on Dialer1 interface same as i have given on Dialer0 interface.

0 Helpful

Ashish Arora
Level 1
Level 1
In response to salman abid

‎02-09-2014 08:55 AM

Salman ,

Here are the answers:-

interface GigabitEthernet0/2

description *** CONNECTED TO 10Mbps link ***

no ip address

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1      <======   (do we need to keep it dial-pool-number 1  )

Answer: This command helps to determine which dialer to bound with.

!

interface GigabitEthernet0/2

interface Dialer1

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1           <=====         (do we need to keep pool 1)

Answer: DIaler pool helps to understand which Fa/GE port are associated with it. numeric 1 identify it and the same number should be on the Ge/FE port.

dialer-group 1          <=====         (do we need to keep group 1)

Answer:- "Dialer group 1" helps to trigger the dialer when intresting traffic start flowing.

usually we put the following commnad under global configuration to make the above command to work.

dialer-list 1 protocol ip permit.

THis means that dialer 1 will be triggered and negotiate PPP when any ip traffic starts flowing.

ppp authentication pap callin

ppp pap sent-username xxxx password 0 xxxxxx

crypto ipsec client ezvpn OCS_Deira

0 Helpful

Vishesh Verma
Level 1
Level 1
In response to salman abid

‎02-09-2014 09:04 AM

Salman,

dialer-pool and dial-pool-number associates/binds the dialer interface with the physical interface, so i think they have to be different, then what we already use for our primary link. And dialer-group simply checking the dialer-list for intersting traffic (ip traffic in your case) so it can be same.

!

interface GigabitEthernet0/1

description *** CONNECTED TO 40Mbps link ***

pppoe enable group global

pppoe-client dial-pool-number 1

!

!

interface Dialer0

dialer pool 1

dialer-group 1

!

dialer-list 1 protocol ip permit

!

interface GigabitEthernet0/2

description *** CONNECTED TO 10Mbps link ***

pppoe enable group global

pppoe-client dial-pool-number 2

!

interface Dialer1

dialer pool 2

dialer-group 1

!

When fault in primary path is recovered, the track would come up hence the primary route would be installed in the routing table and the traffic would fall-back to the primary.

-Vishesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card