07-27-2012 09:55 AM - edited 03-04-2019 05:05 PM
hello,
I would like know, what license is necessary to employ a load-balance in a 2911 router. I have these licenses bellow, can i configure an load balance?In this cenario we have two links with an ISP.
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1)
Cisco CISCO2911/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FTX1613AH8D
1 FastEthernet interface
3 Gigabit Ethernet interfaces
1 terminal line
2 Channelized (E1 or T1)/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None
Thanks!
07-27-2012 10:00 AM
Hello Rodolfo,
load balancing traffic over multiple links does not require any special license you are covered by ipbasek9 license for this
It is part of CEF switching features the support for equal cost multi path (ECMP)
Hope to help
Giuseppe
07-27-2012 10:28 AM
Do you have any example or doc that refers it ?
I need this load balance with dynamic NAT and routes, because i'm behind of a cable- modem.
my topology is attached.
07-27-2012 10:36 AM
Hello Rodolfo,
read the following whitepaper about enterprise multihoming with NAT.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml
Hope to help
Giuseppe
07-27-2012 02:11 PM
Thanks for help!
I was checking this doc, but my problem is that the ISP is the cable-modem(illustrated as a wireless router) owner's, so my responsibility start in the router 2911, that receive two interfaces from ISP on it G0/1 and G0/2.
The ISP cale-modem does not support a dynamic protocol. Now i'm using a NAT and route with SLA and route-map. What dou you think about this configuration ? it usually works?
i'm having some problems with this topology.
07-31-2012 04:38 AM
Hello Rodolfo,
I understand you are behind the cable modems.
A configuration with NAT using route-maps and reliable static routing with IP SLA is probably the best you can do.
For reliable static routing follow
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html
the targets to be used for IP SLA should be well known IP addresses so that the IP SLA failure can be seen as a failure of the service on that specific cable modem line,
Feel free to describe your issues and/or to attach your configurations ( after having removed username/pwd pairs and changed public IP addresses for your safety).
Hope to help
Giuseppe
08-01-2012 12:13 PM
Hello,
There is my configuration.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.26 16:57:33 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 10493 bytes
!
! Last configuration change at 11:28:55 UTC Thu Jul 26 2012 by teleinfo
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
logging buffered 51200 warnings
enable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
!
!
no ipv6 cef
--More-- ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 172.27.50.30
ip dhcp excluded-address 172.27.50.65
ip dhcp excluded-address 172.27.50.94
ip dhcp excluded-address 172.27.50.97
ip dhcp excluded-address 172.27.50.126
ip dhcp excluded-address 172.27.50.190
ip dhcp excluded-address 10.0.0.1 10.0.0.99
ip dhcp excluded-address 172.27.50.33
ip dhcp excluded-address 172.27.50.35
ip dhcp excluded-address 172.27.50.5
!
ip dhcp pool WORKSTATIONS
import all
network 172.27.50.0 255.255.255.224
default-router 172.27.50.30
dns-server 200.189.88.39
lease 20
!
--More-- ip dhcp pool WLAN-CORP
import all
network 172.27.50.64 255.255.255.224
default-router 172.27.50.94
option 43 ip 172.27.50.35
dns-server 200.189.88.39
lease 20
!
ip dhcp pool VOZ
import all
network 172.27.50.160 255.255.255.224
default-router 172.27.50.190
option 150 ip 172.27.50.190
dns-server 200.189.88.39
lease 20
!
ip dhcp pool GERENCIA
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 200.189.88.39
lease 20
!
--More-- !
ip domain name XXXXXXXXXXXXX
ip cef
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3279805705
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3279805705
revocation-check none
rsakeypair TP-self-signed-3279805705
!
!
crypto pki certificate chain TP-self-signed-3279805705
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
--More-- 69666963 6174652D 33323739 38303537 3035301E 170D3132 30333236 31363035
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32373938
30353730 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008739 CAC54128 77B5D838 3D7985E5 78D5E398 987B0A39 E3CC7D54 F01C042B
4095ACB7 AC72493F 716D8DC9 00918136 73CBB954 A604868E A161E5AA DF2C5351
6BF24FA8 9C4FFDE3 26F38EB4 E1CB8106 C3784FB5 8CADC4B1 F3D69085 5A1B847C
BB0AFEEB AF2A854D C446FFA1 C8D3CA06 20179095 3687C534 72EC600F 94B76210
E5230203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 145AC4FE F418A5F0 5A2BB0E3 5C18C96A 33BF9673 83301D06
03551D0E 04160414 5AC4FEF4 18A5F05A 2BB0E35C 18C96A33 BF967383 300D0609
2A864886 F70D0101 05050003 81810066 404C4ADF E7E2FABE A60C7987 39BFCCEA
635EC88A 927E0045 FDA0D3DE D68B5031 565ECBB9 C1350CD6 5400004A 44B6C8BE
AA4052F1 54D681B1 2C7D1B85 84DA6E84 12A91E7A 01C124BF A2B6BCD5 6EFBE403
E5EFF3B9 DC5CD7AC 31D5C26D 8D24D5D2 4CCBC3DD 3BFE23E5 0B149969 58C8B92E
1DB75CFD E9219687 C173DAD5 915703
quit
voice-card 0
!
!
!
!
!
--More-- !
!
!
license udi pid CISCO2911/K9 sn FTX1613AH8D
license accept end user agreement
license boot module c2900 technology-package securityk9
hw-module pvdm 0/0
!
!
!
object-group network Redes_QoS
description Redes que utilizam as Policies de QoS-MS_Lync
172.27.50.0 255.255.255.224
172.27.50.64 255.255.255.224
!
object-group service Servicos_MS-Lync
description Servios do MS Lync
udp eq 3478
tcp eq 3478
tcp range 50000 59999
udp range 50000 59999
tcp range 5061 5062
udp range 5061 5062
--More-- tcp eq 8057
udp eq 8057
!
username XXXXXX privilege 15 password 7 XXXXXXXXXXXXXX
!
redundancy
!
!
!
!
!
!
track 10 ip sla 1 reachability
delay down 1 up 1
!
track 20 ip sla 2 reachability
delay down 1 up 1
!
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
--More-- class-map match-any CCP-Voice-1
match dscp ef
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
class-map match-any MS-Lyncc
match dscp 29
match access-group name Rule_QoS_MS-Lync
!
!
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 1
class CCP-Signaling-1
bandwidth percent 1
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
--More-- class CCP-Transactional-1
bandwidth percent 5
class MS-Lyncc
priority percent 33
class class-default
fair-queue
random-detect
policy-map sdm-qos-test-123
class class-default
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
--More-- interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description DEFAULT
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.255.255.0
!
interface GigabitEthernet0/0.10
description WORKSTATIONS
encapsulation dot1Q 10
ip address 172.27.50.30 255.255.255.224
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/0.11
description SERVIDORES
encapsulation dot1Q 11
ip address 172.27.50.62 255.255.255.224
--More-- ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/0.12
description WLAN-CORP
encapsulation dot1Q 12
ip address 172.27.50.94 255.255.255.224
ip nat inside
no ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/0.13
description WLAN-GUEST
encapsulation dot1Q 13
ip virtual-reassembly in
!
interface GigabitEthernet0/0.14
description CFTV
encapsulation dot1Q 14
ip nat inside
ip virtual-reassembly in
!
--More-- interface GigabitEthernet0/0.15
description VOZ
encapsulation dot1Q 15
ip address 172.27.50.190 255.255.255.224
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/0.16
description TV-IMPRESSAO
encapsulation dot1Q 16
ip address 172.27.50.222 255.255.255.224
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/1
description OPERADORA NET-01
ip address 192.168.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
--More-- service-policy output CCP-QoS-Policy-1
!
interface GigabitEthernet0/2
description OPERADORA NET-02
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output CCP-QoS-Policy-1
!
interface FastEthernet0/1/0
description INATIVA
no ip address
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
--More-- !
ip nat translation port-timeout tcp 443 32400
ip nat inside source route-map ISP1 interface GigabitEthernet0/1 overload
ip nat inside source route-map ISP2 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 10
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 20
!
ip access-list extended Regra_QoS_MS_Lync
remark Regra de acesso para QoS
remark CCP_ACL Category=256
permit tcp object-group Redes_QoS any eq pop3
!
ip sla 1
icmp-echo 192.168.0.1
threshold 40
timeout 500
frequency 1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.1.1
threshold 40
timeout 500
frequency 1
--More-- ip sla schedule 2 life forever start-time now
access-list 10 permit 172.27.50.0 0.0.0.31
access-list 10 permit 172.27.50.32 0.0.0.31
access-list 10 permit 172.27.50.64 0.0.0.31
access-list 10 permit 172.27.50.160 0.0.0.31
access-list 10 permit 172.27.50.192 0.0.0.31
access-list 11 permit 172.27.50.96 0.0.0.31
access-list 100 permit tcp 172.27.50.0 0.0.0.31 any eq telnet
access-list 100 permit tcp 172.27.50.0 0.0.0.31 any eq www
access-list 100 permit tcp 172.27.50.0 0.0.0.31 any eq 443
access-list 100 permit tcp 172.27.50.32 0.0.0.31 any eq telnet
access-list 100 permit tcp 172.27.50.32 0.0.0.31 any eq www
access-list 100 permit tcp 172.27.50.32 0.0.0.31 any eq 443
access-list 100 permit tcp 172.27.50.64 0.0.0.31 any eq telnet
access-list 100 permit tcp 172.27.50.64 0.0.0.31 any eq www
access-list 100 permit tcp 172.27.50.64 0.0.0.31 any eq 443
access-list 100 permit tcp 172.27.50.160 0.0.0.31 any eq telnet
access-list 100 permit tcp 172.27.50.160 0.0.0.31 any eq www
access-list 100 permit tcp 172.27.50.160 0.0.0.31 any eq 443
access-list 100 permit tcp 172.27.50.192 0.0.0.31 any eq telnet
access-list 100 permit tcp 172.27.50.192 0.0.0.31 any eq www
access-list 100 permit tcp 172.27.50.192 0.0.0.31 any eq 443
access-list 101 permit ip 172.27.50.0 0.0.0.31 any
--More-- access-list 101 permit ip 172.27.50.32 0.0.0.31 any
access-list 101 permit ip 172.27.50.64 0.0.0.31 any
access-list 101 permit ip 172.27.50.160 0.0.0.31 any
access-list 101 permit ip 172.27.50.192 0.0.0.31 any
access-list 105 permit ip 172.27.50.0 0.0.0.255 172.27.50.0 0.0.0.255
!
route-map PBR permit 5
match ip address 105
!
route-map PBR permit 10
match ip address 100
set ip next-hop verify-availability 192.168.1.1 1 track 20
!
route-map PBR permit 30
match ip address 101
set ip next-hop verify-availability 192.168.0.1 2 track 10
!
route-map ISP2 permit 10
match ip address 10
match interface GigabitEthernet0/2
!
route-map ISP1 permit 10
match ip address 10
--More-- match interface GigabitEthernet0/1
!
!
snmp-server community public RW
snmp-server enable traps entity-sensor threshold
!
control-plane
!
!
!
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
--More-- !
telephony-service
max-ephones 58
max-dn 58
ip source-address 172.27.50.190 port 2000
auto assign 1 to 1
time-zone 17
time-format 24
date-format dd-mm-yy
max-conferences 4 gain -6
transfer-system full-consult
transfer-pattern .T
transfer-pattern 0.T
!
!
ephone-dn 1
number 2000
pickup-group 2
label teste
name teste
!
!
ephone 1
--More-- device-security-mode none
!
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
length 0
transport input ssh
!
scheduler allocate 20000 1000
!
--More-- end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide