Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
1
Replies

IP SLA and tracking and failover

burleyman
Level 8
Level 8

‎04-30-2013 08:03 AM - edited ‎03-04-2019 07:46 PM

I am trying to setup the following.

I want to have all Internet traffic to go through ISP2

All Corperate traffic to go through ISP1

If ISP1 fails I want the Corporate traffic to go through a VPN tunnel over ISP2

If ISP1 comes back up and after a couple hours that the circuit is stable, automatically go back to using ISP1 circuit for Corporate traffic.

If ISP2 fails I want all the Web traffic to go through ISP1

If ISP2 comes back up and after a couple hours that the circuit is stable, automatically go back to using ISP2 circuit for Web traffic.

I have included the Current config and below that what I think I need to configure (or at least a start) to make the above happen. I am looking for some guidance please. I have not worked with Frame-Relay in the real world......lucky me :-)  and I have not done a whole lot with IP SLA.

  

******************************Current Config**********************

Router#show run

version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption

hostname Router

boot-start-marker
boot-end-marker

logging buffered 65536 debugging
enable secret 5 xxxxxxx

no aaa new-model

resource policy

clock timezone est -5
clock summer-time EDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef


ip domain name yourdomain.com

ip sla monitor 1
type echo protocol ipIcmpEcho xxx.xxx.40.22
timeout 4000
frequency 10
ip sla monitor schedule 1 life forever start-time now


username xxxx password 7 xxxxxxxx
username xxxx password 7 xxxxxxxx


track 1 rtr 1 reachability

class-map match-any voice-signaling
match ip dscp af41
match protocol sip
class-map match-any voice-traffic
match access-group 101
match ip dscp ef
match protocol rtp


policy-map llq-policy
class voice-traffic
  priority percent 75
  set ip dscp ef
class voice-signaling
  bandwidth percent 24
  set ip dscp af41
class class-default
  set ip dscp default
  fair-queue


interface FastEthernet0/0
description LAN
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto

interface FastEthernet0/1
description ISP 2 DSL
ip address 10.10.2.1 255.255.255.0
duplex auto
speed auto

interface Serial0/0/0
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
max-reserved-bandwidth 100
service-policy output llq-policy

interface Serial0/0/0.1 point-to-point
description => Internet via ISP 1
ip address xxx.xxx.183.141 255.255.255.252
no cdp enable
frame-relay interface-dlci 501 IETF  

interface Serial0/0/0.2 point-to-point
description => MPLS VPN via ISP 1
ip address xxx.xxx.179.90 255.255.255.252
no cdp enable
frame-relay interface-dlci 502 IETF  

ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.179.89 track 1
ip route 0.0.0.0 0.0.0.0 10.10.2.2 10
ip route xxx.xxx.40.22 255.255.255.255 xxx.xxx.179.89
ip route xxx.xxx.208.4 255.255.255.255 10.10.2.2


ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000

access-list 101 permit ip host 192.168.2.244 any

control-plane


banner login ^C
xxxxxxxxxxxxxxxxxx
^C

line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 xxxxxxx
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet

ntp clock-period 17178656
ntp source FastEthernet0/0
ntp server 192.5.41.209
end

******************************* End of Current Config**************************

What I want to add/Change....

ip sla 100
  icmp-echo xxx.xxx.xxx.xxx  <--- main sites router setup IP SLA responder?
  frequency 3
ip sla schedule 100 life forever start-time now

ip sla 200
  icmp-echo xxx.xxx.xxx.xxx  <--- ISP2 DNS
  frequency 3
ip sla schedule 200 life forever start-time now


track 100 ip sla 100 reachability <--- ISP1
delay up xxx down xxx

track 200 ip sla 200 reachability <--- ISP2
delay up xxx down xxx

access-list 100 permit tcp ??????? <-- What would I put here? Normal everything but WWW, fail must include www
access-list 200 permit tcp any any eq www

route-map CORPTRAFFIC permit 100
match ip address 100
  set ip next-hop verify-availability xxx.xxx.xxx.xxx 10 track 200 <--- ISP1
  set ip next-hop verify-availability xxx.xxx.xxx.xxx 20 track 100 <--- ISP2


route-map WEBTRAFFIC permit 200
match ip address 200
  set ip next-hop verify-availability xxx.xxx.xxx.xxx 10 track 100 <--- ISP2
  set ip next-hop verify-availability xxx.xxx.xxx.xxx 20 track 200 <--- ISP1


interface Serial0/0/0
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
max-reserved-bandwidth 100
service-policy output llq-policy
ip policy route-map CORPTRAFFIC

interface Serial0/0/0.1 point-to-point
description => Internet via ISP1
ip address xxx.xxx.xxx.xxx 255.255.255.252
no cdp enable
frame-relay interface-dlci 501 IETF  

interface Serial0/0/0.2 point-to-point
description => MPLS VPN via ISP1
ip address xxx.xxx.xxx.xxx 255.255.255.252
no cdp enable
frame-relay interface-dlci 502 IETF  


Interface fa0/1
description ISP2 DSL
  ip address xxx.xxx.xxx.xxx 255.255.255.0
  ip policy route-map WEBTRAFFIC

**********************************************************************

Mike

Labels:
0 Helpful
1 Reply 1

burleyman
Level 8
Level 8

‎05-02-2013 05:16 AM

After looking further into this I am going with the following config.

Router#show run
Building configuration...

Current configuration : 3551 bytes

version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption

hostname Router

boot-start-marker
boot-end-marker

logging buffered 65536 debugging
enable secret 5 xxxxxxxxxx

no aaa new-model

resource policy

clock timezone est -5
clock summer-time EDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef


ip domain name yourdomain.com
ip sla  1
IcmpEcho xxx.xxx.40.22
frequency 5
threshold 1000
timeout 1000

ip sla monitor schedule 1 life forever start-time now

ip sla 2
icmp-echo 4.2.2.2 
frequency 5
threshold 1000
timeout 1000

ip sla schedule 2 life forever start-time now


username xxxx password 7 xxxxxxxxxxxxx
username xxxx password 7 xxxxxxxxxxxxx


track 1 ip sla 1 reachability
delay up 180 down 5

track 2 ip sla 2 reachability
delay up 180 down 5


class-map match-any voice-signaling
match ip dscp af41
match protocol sip
class-map match-any voice-traffic
match access-group 101
match ip dscp ef
match protocol rtp


policy-map llq-policy
class voice-traffic
  priority percent 75
  set ip dscp ef
class voice-signaling
  bandwidth percent 24
  set ip dscp af41
class class-default
  set ip dscp default
  fair-queue


interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 192.168.2.1 255.255.255.0
ip policy route-map WEBTRAFFIC
duplex auto
speed auto

interface FastEthernet0/1
description ISP2
ip address 10.10.2.1 255.255.255.0
duplex auto
speed auto

interface Serial0/0/0
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
max-reserved-bandwidth 100
service-policy output llq-policy

interface Serial0/0/0.1 point-to-point
description => Internet via ISP1
ip address xxx.xxx.183.141 255.255.255.252
no cdp enable
frame-relay interface-dlci 501 IETF  

interface Serial0/0/0.2 point-to-point
description => MPLS VPN via ISP1
ip address xxx.xxx.179.90 255.255.255.252
no cdp enable
frame-relay interface-dlci 502 IETF  

ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.179.89 track 1
ip route 0.0.0.0 0.0.0.0 10.10.2.2 200 track 2
ip route xxx.xxx.40.22 255.255.255.255 xxx.xxx.179.89 permanent
ip route xxx.xxx.208.4 255.255.255.255 10.10.2.2
ip route 4.2.2.2 255.255.255.255 10.10.2.2 permanent


ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000

access-list 100 permit tcp any any eq www

access-list 101 permit ip host 192.168.2.244 any


control-plane


route-map CORPTRAFFIC permit 10
match ip address 100
  set ip next-hop verify-availability 10.10.2.2 10 track 2


banner login ^C
-----------------------------------------------------------------------
Banner here
-----------------------------------------------------------------------
^C

line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 xxxxxxxxxx
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet

ntp clock-period 17178656
ntp source FastEthernet0/0
ntp server 192.5.41.209
end

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card