Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1593
Views
0
Helpful
2
Replies

Cisco 1721, multiple wan failover not working when first ISP cable is pulled out

popescu.mircea
Level 1
Level 1

‎04-30-2012 07:21 AM - edited ‎03-07-2019 06:25 AM

                   Hi,

I have the following curious situation:

on a cisco 1721, I have 2 ISP (ISP1 and ISP2). The router is configured to automatically use ISP2 if ISP1 goes down (see bellow for the config).

.... and it does in the following situations:

1. If the fa0.3 is disabled (# no interface fa0.3)

2. if the ip of ISP1 is changed with a random ip that is not accepted by the provider

     conf t

     interface fa0.3

     ip address zz.zz.zz.zz

BUT, this failover config, DOES NOT WORK when I, phisically, pull out the cable of ISP1

This is so weird

Can anyone help?

Thanks

_________________________________________________________________

Building configuration...

Current configuration : 2529 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxx_CORE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
!
!
!
!
username netmaster privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxx
!
!
track timer interface 5
!
!
!
!
interface Ethernet0
no ip address
ip virtual-reassembly
shutdown
half-duplex
!
interface FastEthernet0
no ip address
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
speed auto
full-duplex
no keepalive
!
interface FastEthernet0.2
description ISP2
encapsulation dot1Q 2
ip address xx.xx.xx.xx 255.255.255.252
ip nat outside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0.3
description ISP1
encapsulation dot1Q 3
ip address yy.yy.yy.yy 255.255.255.0
ip nat outside
ip virtual-reassembly
no ip route-cache
!

interface FastEthernet0.6
description Subinterfata pentru VLAN-ttttttt
encapsulation dot1Q 6
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
ip policy route-map NOFAILOVER
!
interface FastEthernet0.7
description Subinterfata pentru VLAN-zzzzzzz
encapsulation dot1Q 7
ip address 10.0.1.1 255.255.255.0
no ip route-cache
!
interface FastEthernet0.11
description "vlan NATIV. Nu se foloseste"
encapsulation dot1Q 11 native
no ip route-cache
!
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.1 10
ip route 0.0.0.0 0.0.0.0 yy.yy.yy.241 20
!
no ip http server
no ip http secure-server
ip nat log translations syslog
ip nat inside source route-map ISP1 interface FastEthernet0.2 overload
ip nat inside source route-map ISP2 interface FastEthernet0.3 overload
ip nat inside source route-map NOFAILOVER interface FastEthernet0.2 overload
!
access-list 101 permit ip 10.0.0.128 0.0.0.15 any
access-list 101 permit ip host 10.0.0.17 any
access-list 102 permit ip host 10.0.0.84 any
route-map NOFAILOVER permit 10
match ip address 102
set ip next-hop yy.yy.yy.241
!
route-map ISP2 permit 10
match ip address 101
match interface FastEthernet0.3
!
route-map ISP1 permit 10
match ip address 101
match interface FastEthernet0.2
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input ssh
!
end

Labels:
0 Helpful
2 Replies 2

Andrew Cink
Level 1
Level 1

‎04-30-2012 09:41 PM

The problem is, the router can tell if your next hop device is responding, but not farther than that. So for example, if your DSL modem is pingable, but the DSL to the internet is down, as long as the DSL modem's ethernet interface is working, the router thinks it's working.

You need something to track an IP out on the internet, so it can tell if the entire path is up. Try this for example...

http://www.youtube.com/watch?v=1TivtZcZHEQ

Andy

0 Helpful

chad patterson
Level 1
Level 1

‎03-15-2013 08:42 AM

The problem actually is that you are not using a Service Level Agreement to track the state of the interfaces. You seem to have everything else right though. The follwing statements wil set your router as an OER (Optimized Edge Router). If it's too much there is a simpler way just using IP SLA. Try adding this:

!

ip sla 1

icmp-echo xx.xx.xx.xx source-interface FastEthernet0.2

timeout 1000

threshold 40

frequency 3

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo yy.yy.yy.yy source-interface FastEthernet0.3

timeout 1000

threshold 40

frequency 3

ip sla schedule 2 life forever start-time now

!

!

key chain OER

key 1  

  key-string oerkey

!       

!       

oer master

max-range-utilization percent 88

!

!

border 1.1.1.1 key-chain OER

  interface FastEthernet0.2 external

   max-xmit-utilization absolute 8000

  interface FastEthernet0.3 external

   max-xmit-utilization absolute 8000

  interface FastEthernet0/0 internal

!      

learn  

  throughput

  periodic-interval 88

  aggregation-type prefix-length 32

mode route control

mode select-exit best

resolve range priority 1

resolve utilization priority 2 variance 1

!       

oer border

local Loopback0

master 1.1.1.1 key-chain OER

!

!

track timer interface 5

!       

track 100 interface FastEthernet0.2 ip routing

delay down 15 up 10

!       

track 200 interface FastEthernet0.3 ip routing

delay down 15 up 10

!

!

!       

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!     

no ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0.2 track 100

ip route 0.0.0.0 0.0.0.0 FastEthernet0.3 track 200

You might be better off to replace the interface name with the static ip address in the ip route command. If you do not, your memory will fragment quickly, to which the solution is:

ip nat translation tcp-timeout 3600

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card