03-21-2019 08:39 AM - edited 03-21-2019 08:46 AM
I have a router with a default route set to the first WAN. I want to set up a second WAN but can't remove the default route because the router is live. I have added an ip policy to the second WAN interface but it is being ignore and it uses the default route of the first WAN instead (I have confirmed using trace). Here's my config:
aaa new-model ! aaa authentication login default local ! ip dhcp excluded-address 10.10.10.1 10.10.10.10 ip dhcp excluded-address 10.10.20.1 10.10.20.10 ! ip dhcp pool Vlan10 network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server 8.8.8.8 8.8.4.4 ! ip dhcp pool Vlan20 network 10.10.20.0 255.255.255.0 default-router 10.10.20.1 dns-server 8.8.8.8 8.8.4.4 ! ip domain name test.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 ! interface FastEthernet0 switchport access vlan 2 ! interface FastEthernet1 switchport access vlan 3 ! interface Vlan1 shutdown ! interface Vlan2 description WAN-1 ip address 1.1.1.2 255.255.255.252 ip nat outside ip virtual-reassembly in ! interface Vlan3 description WAN-2 ip address 2.2.2.2 255.255.255.252
ip nat outside ip virtual-reassembly in ! interface Vlan10 description LAN-1 ip address 10.10.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Vlan20 description LAN-2 ip address 10.10.20.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR ! ip nat inside source list Vlan10 interface Vlan2 overload ip nat inside source list Vlan20 interface Vlan3 overload ip route 0.0.0.0 0.0.0.0 1.1.1.1 ! ip access-list extended Vlan10 permit ip 10.10.10.0 0.0.0.255 any ip access-list extended Vlan20 permit ip 10.10.20.0 0.0.0.255 any route-map PBR permit 10 match ip address Vlan20 set ip next-hop 2.2.2.1
This is a follow-up to this discussion:
https://community.cisco.com/t5/routing/two-active-wan-connections/m-p/3815883#M311082
Solved! Go to Solution.
03-21-2019 12:07 PM
Ok. I have found the issue. I was checking using traceroute and ping with source on the Cisco router itself and for some reason it never worked. I just connected a computer with the router and everything is working fine! I can use both ISPs.
03-21-2019 09:01 AM
Hello,
try 'clear ip route *'...
03-21-2019 09:16 AM
Thank you for responding. I tried that and it is still using the default route.
03-21-2019 09:08 AM
Can you post the output of show ip interface brief from the router?
Can you post the output of ipconfig and the tracert from the PC?
HTH
Rick
03-21-2019 10:22 AM
Here's the sh ip int brief output:
Interface IP-Address OK? Method Status Protocol ATM0 unassigned YES NVRAM administratively down down Ethernet0 unassigned YES NVRAM up down FastEthernet0 unassigned YES unset up up FastEthernet1 unassigned YES unset up up Vlan1 unassigned YES unset administratively down down Vlan2 1.1.1.2 YES NVRAM up up Vlan3 2.2.2.2 YES manual up up Vlan10 10.10.10.1 YES NVRAM up up Vlan20 10.10.20.1 YES NVRAM up up
Computer has an IP Address of 10.10.20.11
03-21-2019 10:32 AM
Thanks for the output of show ip interface brief. My reason for asking was to verify that the interface with the IP specified in the set command was up and operational. Your output shows that it is. What model of router is this running on? Is this live equipment or is this some simulation? Would you post the output of show ip policy?
HTH
Rick
03-21-2019 10:37 AM
Another question occurs to me. Your config and the output of show ip interface brief show that the router has 2 physical interfaces. Both of those interfaces are assigned to the WAN connections. So how are vlans 10 and 20 connected to this router?
HTH
Rick
03-21-2019 11:06 AM
I didn't include the trunk port. F3 is a trunk port that goes to a switch.
03-21-2019 11:23 AM - edited 03-21-2019 11:25 AM
This is live. I am using Cisco 880. I just changed the public IP address to 1.1.1.1 and 2.2.2.2 in the config I posted.
sh ip policy:
Interface Route map Vlan20 PBR
03-21-2019 11:04 AM - edited 03-21-2019 11:05 AM
Hi,
If I will consider your running config and this output.
FastEthernet0 unassigned YES unset up up FastEthernet1 unassigned YES unset up up Vlan1 unassigned YES unset administratively down down Vlan2 1.1.1.2 YES NVRAM up up Vlan3 2.2.2.2 YES manual up up Vlan10 10.10.10.1 YES NVRAM up up Vlan20 10.10.20.1 YES NVRAM up u
and
interface FastEthernet0 switchport access vlan 2 ! interface FastEthernet1 switchport access vlan 3
Where is your LAN physical Interface? And Same time your VLAN 10 and 20 are also showing up. what is happing?
Regards,
Deepak Kumar
03-21-2019 09:18 AM - edited 03-21-2019 09:19 AM
Hello @Frank Sinatra ,
try 'clear ip route *'... << if this not work as suggested by @Georg Pauwen
Try changes below;
aaa new-model ! aaa authentication login default local ! ip dhcp excluded-address 10.10.10.1 10.10.10.10 ip dhcp excluded-address 10.10.20.1 10.10.20.10 ! ip dhcp pool Vlan10 network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server 8.8.8.8 8.8.4.4 ! ip dhcp pool Vlan20 network 10.10.20.0 255.255.255.0 default-router 10.10.20.1 dns-server 8.8.8.8 8.8.4.4 ! ip domain name test.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 ! interface FastEthernet0 switchport access vlan 2 ! interface FastEthernet1 switchport access vlan 3 ! interface Vlan1 shutdown ! interface Vlan2 description WAN-1 ip address 1.1.1.2 255.255.255.252 ip nat outside ip virtual-reassembly in ! interface Vlan3 description WAN-2 ip address 2.2.2.2 255.255.255.252
ip nat outside ip virtual-reassembly in ! interface Vlan10 description LAN-1 ip address 10.10.10.1 255.255.255.0 ip nat inside
ip policy route-map PBR ip virtual-reassembly in ! interface Vlan20 description LAN-2 ip address 10.10.20.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR ! ip nat inside source list Vlan10 interface Vlan2 overload ip nat inside source list Vlan20 interface Vlan3 overload no ip route 0.0.0.0 0.0.0.0 1.1.1.1 ! ip access-list extended Vlan10 permit ip 10.10.10.0 0.0.0.255 any ip access-list extended Vlan20 permit ip 10.10.20.0 0.0.0.255 any route-map PBR permit 10 match ip address Vlan20 set ip default next-hop 2.2.2.1
route-map PBR permit 20
match ip address Vlan10
set ip default next-hop 1.1.1.1
03-21-2019 11:12 AM
I tried this and it's still not working. It doesn't work with one ISP either.
03-21-2019 09:19 AM - edited 03-21-2019 09:35 AM
Hello
ast this time looks like your pbr is correct however having dual isp suggest to use route-maps for nat
route-map isp1
match interface xx
match up address xxx
Route- map isp2
match interface
match ip address xxx
ip nat inside source route-map isp 1 interface isp1
etc,,,
03-21-2019 09:37 AM
Paul
As I read the original post I also thought about using route maps to control the address translation, since the route map allows you to match both the acl identifying traffic and match the interface. This is the common approach when doing address translation for dual ISP - especially when outgoing traffic might be on one interface or might be on the other interface (when doing load sharing or doing failover). But in this case one set of traffic should be going out only one interface and the other set of traffic should be going out only the other interface. In that case I believe that the original nat is ok
ip nat inside source list Vlan10 interface Vlan2 overload ip nat inside source list Vlan20 interface Vlan3 overload
I still would like to see the outputs that I identified and would add to that a request to post the output of show ip policy
HTH
Rick
03-21-2019 12:07 PM
Ok. I have found the issue. I was checking using traceroute and ping with source on the Cisco router itself and for some reason it never worked. I just connected a computer with the router and everything is working fine! I can use both ISPs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide