04-30-2013 08:03 AM - edited 03-04-2019 07:46 PM
I am trying to setup the following.
I want to have all Internet traffic to go through ISP2
All Corperate traffic to go through ISP1
If ISP1 fails I want the Corporate traffic to go through a VPN tunnel over ISP2
If ISP1 comes back up and after a couple hours that the circuit is stable, automatically go back to using ISP1 circuit for Corporate traffic.
If ISP2 fails I want all the Web traffic to go through ISP1
If ISP2 comes back up and after a couple hours that the circuit is stable, automatically go back to using ISP2 circuit for Web traffic.
I have included the Current config and below that what I think I need to configure (or at least a start) to make the above happen. I am looking for some guidance please. I have not worked with Frame-Relay in the real world......lucky me :-) and I have not done a whole lot with IP SLA.
******************************Current Config**********************
Router#show run
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging buffered 65536 debugging
enable secret 5 xxxxxxx
no aaa new-model
resource policy
clock timezone est -5
clock summer-time EDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
ip domain name yourdomain.com
ip sla monitor 1
type echo protocol ipIcmpEcho xxx.xxx.40.22
timeout 4000
frequency 10
ip sla monitor schedule 1 life forever start-time now
username xxxx password 7 xxxxxxxx
username xxxx password 7 xxxxxxxx
track 1 rtr 1 reachability
class-map match-any voice-signaling
match ip dscp af41
match protocol sip
class-map match-any voice-traffic
match access-group 101
match ip dscp ef
match protocol rtp
policy-map llq-policy
class voice-traffic
priority percent 75
set ip dscp ef
class voice-signaling
bandwidth percent 24
set ip dscp af41
class class-default
set ip dscp default
fair-queue
interface FastEthernet0/0
description LAN
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
description ISP 2 DSL
ip address 10.10.2.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
max-reserved-bandwidth 100
service-policy output llq-policy
interface Serial0/0/0.1 point-to-point
description => Internet via ISP 1
ip address xxx.xxx.183.141 255.255.255.252
no cdp enable
frame-relay interface-dlci 501 IETF
interface Serial0/0/0.2 point-to-point
description => MPLS VPN via ISP 1
ip address xxx.xxx.179.90 255.255.255.252
no cdp enable
frame-relay interface-dlci 502 IETF
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.179.89 track 1
ip route 0.0.0.0 0.0.0.0 10.10.2.2 10
ip route xxx.xxx.40.22 255.255.255.255 xxx.xxx.179.89
ip route xxx.xxx.208.4 255.255.255.255 10.10.2.2
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
access-list 101 permit ip host 192.168.2.244 any
control-plane
banner login ^C
xxxxxxxxxxxxxxxxxx
^C
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 xxxxxxx
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
ntp clock-period 17178656
ntp source FastEthernet0/0
ntp server 192.5.41.209
end
******************************* End of Current Config**************************
What I want to add/Change....
ip sla 100
icmp-echo xxx.xxx.xxx.xxx <--- main sites router setup IP SLA responder?
frequency 3
ip sla schedule 100 life forever start-time now
ip sla 200
icmp-echo xxx.xxx.xxx.xxx <--- ISP2 DNS
frequency 3
ip sla schedule 200 life forever start-time now
track 100 ip sla 100 reachability <--- ISP1
delay up xxx down xxx
track 200 ip sla 200 reachability <--- ISP2
delay up xxx down xxx
access-list 100 permit tcp ??????? <-- What would I put here? Normal everything but WWW, fail must include www
access-list 200 permit tcp any any eq www
route-map CORPTRAFFIC permit 100
match ip address 100
set ip next-hop verify-availability xxx.xxx.xxx.xxx 10 track 200 <--- ISP1
set ip next-hop verify-availability xxx.xxx.xxx.xxx 20 track 100 <--- ISP2
route-map WEBTRAFFIC permit 200
match ip address 200
set ip next-hop verify-availability xxx.xxx.xxx.xxx 10 track 100 <--- ISP2
set ip next-hop verify-availability xxx.xxx.xxx.xxx 20 track 200 <--- ISP1
interface Serial0/0/0
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
max-reserved-bandwidth 100
service-policy output llq-policy
ip policy route-map CORPTRAFFIC
interface Serial0/0/0.1 point-to-point
description => Internet via ISP1
ip address xxx.xxx.xxx.xxx 255.255.255.252
no cdp enable
frame-relay interface-dlci 501 IETF
interface Serial0/0/0.2 point-to-point
description => MPLS VPN via ISP1
ip address xxx.xxx.xxx.xxx 255.255.255.252
no cdp enable
frame-relay interface-dlci 502 IETF
Interface fa0/1
description ISP2 DSL
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip policy route-map WEBTRAFFIC
**********************************************************************
Mike
05-02-2013 05:16 AM
After looking further into this I am going with the following config.
Router#show run
Building configuration...
Current configuration : 3551 bytes
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging buffered 65536 debugging
enable secret 5 xxxxxxxxxx
no aaa new-model
resource policy
clock timezone est -5
clock summer-time EDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
ip domain name yourdomain.com
ip sla 1
IcmpEcho xxx.xxx.40.22
frequency 5
threshold 1000
timeout 1000
ip sla monitor schedule 1 life forever start-time now
ip sla 2
icmp-echo 4.2.2.2
frequency 5
threshold 1000
timeout 1000
ip sla schedule 2 life forever start-time now
username xxxx password 7 xxxxxxxxxxxxx
username xxxx password 7 xxxxxxxxxxxxx
track 1 ip sla 1 reachability
delay up 180 down 5
track 2 ip sla 2 reachability
delay up 180 down 5
class-map match-any voice-signaling
match ip dscp af41
match protocol sip
class-map match-any voice-traffic
match access-group 101
match ip dscp ef
match protocol rtp
policy-map llq-policy
class voice-traffic
priority percent 75
set ip dscp ef
class voice-signaling
bandwidth percent 24
set ip dscp af41
class class-default
set ip dscp default
fair-queue
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 192.168.2.1 255.255.255.0
ip policy route-map WEBTRAFFIC
duplex auto
speed auto
interface FastEthernet0/1
description ISP2
ip address 10.10.2.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
max-reserved-bandwidth 100
service-policy output llq-policy
interface Serial0/0/0.1 point-to-point
description => Internet via ISP1
ip address xxx.xxx.183.141 255.255.255.252
no cdp enable
frame-relay interface-dlci 501 IETF
interface Serial0/0/0.2 point-to-point
description => MPLS VPN via ISP1
ip address xxx.xxx.179.90 255.255.255.252
no cdp enable
frame-relay interface-dlci 502 IETF
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.179.89 track 1
ip route 0.0.0.0 0.0.0.0 10.10.2.2 200 track 2
ip route xxx.xxx.40.22 255.255.255.255 xxx.xxx.179.89 permanent
ip route xxx.xxx.208.4 255.255.255.255 10.10.2.2
ip route 4.2.2.2 255.255.255.255 10.10.2.2 permanent
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
access-list 100 permit tcp any any eq www
access-list 101 permit ip host 192.168.2.244 any
control-plane
route-map CORPTRAFFIC permit 10
match ip address 100
set ip next-hop verify-availability 10.10.2.2 10 track 2
banner login ^C
-----------------------------------------------------------------------
Banner here
-----------------------------------------------------------------------
^C
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 xxxxxxxxxx
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
ntp clock-period 17178656
ntp source FastEthernet0/0
ntp server 192.5.41.209
end
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide