09-06-2018 08:35 AM
Hi everyone!
I got an issue with the configuration on Cisco 1841. I have two pppoe WAN, and config IPSLA to run failover. But when the ISP-1 down, I can't connect to the internet through ISP-2. Here is my full configuration:
Building configuration...
Current configuration : 3179 bytes
!
! Last configuration change at 15:00:09 UTC Thu Sep 6 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.5
ip dhcp excluded-address 192.168.10.1 192.168.10.5
!
ip dhcp pool vlan1
network 192.168.10.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.220.220 208.67.222.222
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.220.220 208.67.222.222
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FHK144573U8
!
redundancy
!
!
!
track 10 ip sla 1 reachability
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1/0
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
!
interface FastEthernet0/1/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface FastEthernet0/0/0
no ip address
!
interface FastEthernet0/0/1
no ip address
!
interface FastEthernet0/0/2
no ip address
!
interface FastEthernet0/0/3
no ip address
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip mtu 1454
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxxxxxxx
ppp chap password 0 xxxxxxx
ppp pap sent-username xxxxxxxxx password 0 xxxxxxxxx
no cdp enable
!
interface Dialer2
ip address negotiated
ip mtu 1454
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 2
dialer-group 2
ppp authentication pap chap callin
ppp chap hostname xxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxxxx
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map FPT interface Dialer2 overload
ip nat inside source route-map VNPT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 2
!
ip sla 1
icmp-echo 208.67.222.222 source-interface Dialer1
threshold 500
frequency 10
ip sla schedule 1 life forever start-time now
access-list 1 permit any
!
!
!
!
route-map VNPT permit 1
match ip address 100
match interface Dialer1
!
route-map FPT permit 1
match ip address 100
match interface Dialer2
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
Please advice me in this case.
Thanks all for the helps!
Solved! Go to Solution.
09-06-2018 08:40 AM
Hello,
looks like a simple typo:
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 2
needs to be:
ip route 0.0.0.0 0.0.0.0 Dialer1 track 10
ip route 0.0.0.0 0.0.0.0 Dialer2 2
09-06-2018 08:51 AM
09-06-2018 08:52 AM
Hello,
in addition, add the EEM script below, otherwise your NAT entries will have to timeout before the failover:
event manager applet CLEAR_NAT
event track 10 state any
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”
09-06-2018 08:56 AM
Your access list is incorrect. Use the config below:
access-list 1 permit 192.168.10.0 0.0.0.255
!
route-map VNPT permit 1
match ip address 1
match interface Dialer1
!
route-map FPT permit 1
match ip address 1
match interface Dialer2
09-06-2018 09:14 AM
09-06-2018 08:40 AM
Hello,
looks like a simple typo:
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 2
needs to be:
ip route 0.0.0.0 0.0.0.0 Dialer1 track 10
ip route 0.0.0.0 0.0.0.0 Dialer2 2
09-06-2018 08:51 AM
09-06-2018 08:56 AM
Your access list is incorrect. Use the config below:
access-list 1 permit 192.168.10.0 0.0.0.255
!
route-map VNPT permit 1
match ip address 1
match interface Dialer1
!
route-map FPT permit 1
match ip address 1
match interface Dialer2
09-06-2018 08:52 AM
Hello,
in addition, add the EEM script below, otherwise your NAT entries will have to timeout before the failover:
event manager applet CLEAR_NAT
event track 10 state any
action 1.0 cli command “enable”
action 2.0 cli command “clear ip nat translation *”
09-06-2018 09:14 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide