Load balancing on a Cisco c1111

InSysProllc · ‎01-22-2024

Hello,

I have setup a cisco c1118p and I'm having some difficulty with the load balancing. My setup is with 2 WAN connections. WAN1 is from an ISP (Comcast) and provides a public IP address. WAN2 (AT&T) and is behind a modem. The issue is that the tracks are being recognized as far as up/down status, the ip routes are being adjusted when it senses the primary WAN drop, but it will not recognize the WAN 2 route (ie, Comcast WAN1 drops, it should failover to the AT&T WAN2 connection). It does fall back to the primary WAN when the connection is restored.

For my config I have:

track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability

!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description COMCAST
ip address X.X.X.X 255.255.255.248
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description ATT
ip address 192.168.1.250
ip nat outside
media-type rj45
negotiation auto
!

ip nat inside source list NAT_ACL_WAN1 interface GigabitEthernet0/0/0 overload
ip nat inside source list NAT_ACL_WAN2 interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 (Public GW Address) track 1
ip route 0.0.0.0 0.0.0.0 (Public GW Address)
ip route 0.0.0.0 0.0.0.0 192.168.1.254 10
!
!
ip access-list standard NAT_ACL_WAN1
10 permit 10.1.1.0 0.0.0.255
20 permit 10.12.1.192 0.0.0.15
30 permit 10.12.1.0 0.0.0.15
40 permit 10.12.1.16 0.0.0.15
50 permit 10.12.1.32 0.0.0.15
60 permit 10.12.2.0 0.0.0.255
70 permit 10.12.3.0 0.0.0.255
80 permit 10.12.4.0 0.0.0.255
90 permit 10.12.5.0 0.0.0.255
ip access-list standard NAT_ACL_WAN2
10 permit 10.1.1.0 0.0.0.255
20 permit 10.12.1.192 0.0.0.15
30 permit 10.12.1.0 0.0.0.15
40 permit 10.12.1.16 0.0.0.15
50 permit 10.12.1.32 0.0.0.15
60 permit 10.12.2.0 0.0.0.255
70 permit 10.12.3.0 0.0.0.255
80 permit 10.12.4.0 0.0.0.255
90 permit 10.12.5.0 0.0.0.255

ip sla 1
icmp-echo 8.8.8.8 source-ip (Router Public IP)
threshold 2
timeout 2000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
threshold 2
timeout 2000
frequency 10
ip sla schedule 2 life forever start-time now

I am able to reach the outside from the router outside interface on WAN2 but I cannot reach any address from any of the inside networks.

The sla's appear to recognize both routes

#sho ip sla statistics

IPSLAs Latest Operation Statistics IPSLA operation id: 1 Latest RTT: NoConnection/Busy/Timeout Latest operation start time: 23:39:56 UTC Sun Jan 21 2024 Latest operation return code: Timeout Number of successes: 0 Number of failures: 70 Operation time to live: Forever IPSLA operation id: 2 Latest RTT: 4 milliseconds Latest operation start time: 23:40:03 UTC Sun Jan 21 2024 Latest operation return code: Over threshold Number of successes: 52 Number of failures: 9 Operation time to live: Forever

It seems also that the statement ip route 0.0.0.0 0.0.0.0 (Public GW Address) track 1 does not allow routing to the outside by itself so I added the ip route 0.0.0.0 0.0.0.0 (Public GW Address) get to the outside.

Any suggestions would be greatly appreciated.

Thanks to all!!

balaji.bandi · ‎01-22-2024

If you like to use both ISP and Failover to other if one of the ISP fails check below configuration example :

https://www.balajibandi.com/?p=1643

https://www.balajibandi.com/?p=1982

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help