02-26-2015 07:09 PM - edited 03-05-2019 12:53 AM
Hi, I need configure a failover on cisco Router 2911 V.15.1 I have two carriers, how can enable this setup? this is my configuration:
ser Access Verification
Password:
Password:
RO1921#show run
Building configuration...
Current configuration : 1712 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RO1921
!
boot-start-marker
boot-end-marker
!
!
enable password
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FTX1626814X
!
!
username
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.50.82.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.14.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.14.1
ip route 10.50.82.0 255.255.255.0 192.168.14.1
ip route 192.168.11.0 255.255.255.0 192.168.14.1
ip route 192.168.12.0 255.255.255.0 192.168.14.1
ip route 192.168.14.0 255.255.255.0 192.168.14.1
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 30 0
privilege level 15
password
login
transport input telnet ssh
line vty 5 15
login
transport input telnet
!
scheduler allocate 20000 1000
end
RO1921
I really apreciate your support
Thanks
Alex
02-27-2015 11:25 AM
Hello.
Could you name what are the interfaces for - where is the first carrier, where is the second, where is LAN.
Do you want to access Internet or you need to build IPSec to any Hub?
03-02-2015 01:43 PM
Alex, the best config I have found for this is at the following link:
https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla
When I did this config I ran into a couple of problems; you will find the issues and solutions to my config at the below link:
https://supportforums.cisco.com/discussion/12400601/routing-issues-ip-sla
Hope this helps!
Regards,
Sam
03-05-2015 01:55 PM
ip sla , track to that ip sla . ip route trhough 1st ISP track # and ip route to second ISP ; dont forget ip nat inside and ip nat outside , u will have 2 ip nat outside int . ACL for allowed /denied to internet, u need for NAT .
pay attention to AD of the routes . track will control route if sla down then track will delete that route and router will install second route . u need to use route-map to do nat overload : ip nat inside route-map WAN1 int x/x overload ; ip nat inside route-map WAN2 int x/y overload
route-map :
match ip address ACL
match int x/x
show ip sla # ; show track # ; if u ping google what is popupalr u will need to make additional route for that ip route 8.8.8.8 destination x/x
if u have 1 isp as dhcp , make static ip from isp with higher priority .
have a fun dude ;)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide