Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


Manual Failover to 2 separate Internet services using 1 L3 port

Hi everyone,


I have a customer insisting on a manual failover (2 internet links) using a Cisco 1941 using only 1 WAN port, ie Gigabit Ethernet 0/1 (GE0/0 = LAN)

Before he purchases an extra EHWIC for the 1941 to give him another L3 port he wants to manually take the Ethernet cable out of the primary NTD/NTU (fiber/Ethernet link) and plug the gig0/1 into the secondary NTU/NTD from the 2nd ISP.

When he purchases extra EHWIC for 1941 I will failover using standard IP SLA way but for now, I don't think using a ip address xxxx secondary command on Gig0/1 and a second default route using a higher metric will be enough


Is this possible and how?


Primary ISP WAN IP = / Default gateway =   /30

Secondary ISP WAN IP = / Default GW =     /30



ip address

ip nat outside



ip address

ip nat inside


ip nat inside source list 22 interface gigabitethernet0/1 overload

access-list 22 permit


ip route


Using this basic NAT/PAT config , how can I have it so he take out connection 1 and plugs in connection 2 (ie and everything keeps on working.


Is this kind of lazy method even feasible?


Please help, I am completely stuck for ideas.





Everyone's tags (1)

Hello.It's possible.Please


It's possible.

Please read first.


Here is an example for your case:

int G0/1
 ip add
ip add secondary
 ip nat outside

!ISP1 -; my address
!ISP2 -; my address


!configure your SLAs (really up to you what destinations are); make sure you use correct source-ip

ip sla 1
 icmp-echo source-ip
 timeout 200
 threshold 150
 frequency 10

ip sla 2
 icmp-echo source-ip
 timeout 200
 threshold 150
 frequency 10

ip access-list extended SLA1
 permit icmp host host echo
ip access-list extended SLA2
 permit icmp host host echo

route-map LOCAL_SLA permit 10
 match ip address SLA1
 set ip next-hop
 !set interface G0/1 Null0 !might be useful, but not mandatory

route-map LOCAL_SLA permit 20
 match ip address SLA2
 set ip next-hop
 !set interface G0/1 Null0 !might be useful, but not mandatory

ip local policy route-map LOCAL_SLA

ip sla group schedule 1 1-2 schedule-period 10 start-time now life forever

track 1 rtr 1 reachability
 delay down 1 up 1
track 2 rtr 2 reachability
 delay down 1 up 1

! Backup route with AD=10
 ip route track 1
 ip route 10 track 2

!What traffic is subject to NAT
ip access-list extended NAT_ALL
 deny   ip
 permit ip any

!Define our next-hops for NAT route-map
access-list 1 permit
access-list 2 permit

route-map NAT1 permit 10
 match ip address NAT_ALL
 match ip next-hop 1

route-map NAT2 permit 10
 match ip address NAT_ALL
 match ip next-hop 2

!define pool for PAT
ip nat pool POOL10 netmask
ip nat pool POOL20 netmask

!configure PAT
ip nat inside source route-map NAT1 pool POOL10 overload
ip nat inside source route-map NAT2 pool POOL20 overload

You also may use PBR on NAT inside interface to load balance in case when both ISPs are up.

Best regards.


Thanks for the quick feedback

Thanks for the quick feedback! I was thinking along those line but unsure if the Secondary IP address on Gig0/1 was a valid option.


I will try this shortly

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here