Solved: Many thanks. Its a lot of

ald14win001 · ‎06-29-2016

Hello Everyone,

Just wanna ask if, what will I do to configure the following:

I HAVE 2 ISP's WHICH IS CONNECTED TO MY CISCO ROUTER

ISP 1 (IP: 58.58.58.58/27)>>>>Cisco Router<<<<ISP 2 (IP: 59.59.59.59/30)

ROUTER 2951

Gi0/0 ====>>>>> ISP Modem (IP Address: 58.58.58.58/27)

Gi0/1 ====>>>>> ISP Modem (IP Address: 59.59.59.59/30)

Gi0/2 ====>>>>> LAN (IP: 10.0.10.0/23)

THANKS!!!

Richard Bradfield · ‎06-29-2016

If you use SLA and tracking, then you know when the Internet is down thru that interface, but because the interface to Gi0/0 is still up nothing changes, so you need some EEM script to change the routing at the very least.

View solution in original post

Richard Bradfield · ‎06-30-2016

each route has equal cost, so would change the route to secondary to

ip route 0.0.0.0 0.0.0.0 158.71.72.173 100 track 20,

or perhaps not even bother to track it, as you are really only interested if the Prime access goes down.

View solution in original post

Reza Sharifi · ‎06-29-2016

Hi,

Not clear what you asking. Are you asking how to configure the IPs on your interfaces? If yes, here is an example:

config t

inter g0/0

ip address 58.58.58.58 255.255.255.224

no sh

The same way for the interface. You also need to work with your ISP regarding routing.

HTH

ald14win001 · ‎06-29-2016

Hello Reza,

Thanks for your Reply.

I already configured the IP of the interface and the NAT and IP Route.

I just want to ask if how can I configure Failover with just configuring our Router because we do not have access to the ISP Routers.

I read some Threads about NAT Fail-over and SLA Objects.

Thank You

Richard Bradfield · ‎06-29-2016

you say without SLA or BGP, so you don't want to use SLA ot BGP? I assume you only use one ISP at a time the other is backup. Can you share existing router configuration,

SLA is the obvious way to go ping something on the Internet thru the active interface, if it fails use EEM scripts to change to the other Interface and modify your NAT statements.

ald14win001 · ‎06-29-2016

Hello, This is my Current config, but the auto-failover doesnt work.

I also read about SLA Objects which is capable of Auto-Failover. Can you Please Help me.

We are using Cisco 2951 and we have 2 ISPs with separate modem each.

IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4

interface GigabitEthernet0/0
description ===ISP 1===
ip address 100.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description ===ISP 2===
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description ===LAN===
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled

ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 100.125.86.193
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100

route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1

access-list 103 permit ip 10.0.10.0 0.0.1.255 any

Thank You!!!

Richard Bradfield · ‎06-29-2016

this is what my config would be using SLA and EEM scripts

step 1 normalise config to use one interface only;-

no ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload

no ip route 0.0.0.0 0.0.0.0 158.71.72.173 100

no route-map PLDT permit 10

interface GigabitEthernet0/1
no crypto map CMAP

route-map CONVERGE permit 10
no match interface GigabitEthernet0/0

Step 2 setup SLA and tracking

ip sla 1
icmp-echo 8.8.8.8 source-interface gi 0/0
threshold 3000
frequency 30
ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability
delay down 8 up 10
!

Step 3 setup EEM scripts

event manager applet Prime-Internet-down
event track 1 state down
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "ip route 0.0.0.0 0.0.0.0 158.71.72.173"
action 1.3 cli command "no ip route 0.0.0.0 0.0.0.0 100.125.86.193"
action 1.4 cli command "no ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload"
action 1.5 cli command "ip nat inside source route-map CONVERGE interface GigabitEthernet0/1 overload"
action 1.6 cli command "int gi 0/0"
action 1.7 cli command "no crypto map CMAP"
action 1.8 cli command "int gi 0/1"
action 1.9 cli command "crypto map CMAP"
action 1.91 syslog msg "Internet down through gi 0/0"

event manager applet Prime-Internet-Up
event track 1 state up
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "no ip route 0.0.0.0 0.0.0.0 158.71.72.173"
action 1.3 cli command "ip route 0.0.0.0 0.0.0.0 100.125.86.193"
action 1.4 cli command "no ip nat inside source route-map CONVERGE interface GigabitEthernet0/1 overload"
action 1.5 cli command "ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload"
action 1.6 cli command "int gi 0/1"
action 1.7 cli command "no crypto map CMAP"
action 1.8 cli command "int gi 0/0"
action 1.9 cli command "crypto map CMAP"

Step 4 Test

ca test by removing internet connection on primary modem, and see what happens.

The only thing I am not sure of is changing the NAT translation you might have to put in a clear IP nat translation command

give it a go Richard

ald14win001 · ‎06-29-2016

Hello. Thanks for the commands. I will give it a try. Later when I get to office.

Do we have another option? Or Do we have a more simpler one? Like simple SLA Tracking without eem?

I tried before but its not working. I track the ip route of ISP1. Putting a higher AD also did not work.

Thanks again.

Richard Bradfield · ‎06-29-2016

If you use SLA and tracking, then you know when the Internet is down thru that interface, but because the interface to Gi0/0 is still up nothing changes, so you need some EEM script to change the routing at the very least.

ald14win001 · ‎06-30-2016

Hello.

So this one will not work?

ip sla 1
icmp-echo 8.8.8.8 source-interface gi 0/0
threshold 3000
frequency 30
ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability
delay down 8 up 10

ip route 0.0.0.0 0.0.0.0 158.71.72.173 track 1

Thanks

Richard Bradfield · ‎06-30-2016

sorry yes that should

ald14win001 · ‎06-30-2016

Okay, I understand.

I was planning to make this config but it will not work, Right?

====================================================

IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4

interface GigabitEthernet0/0
description ===ISP 1===
ip address 100.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description ===ISP 2===
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description ===LAN===
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled

ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload

route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1

access-list 103 permit ip 10.0.10.0 0.0.1.255 any

!

ip sla 1
icmp-echo 8.8.8.8 source-interface gi 0/0
threshold 3000
frequency 10
ip sla schedule 2 life forever start-time now

ip sla 2
icmp-echo 8.8.8.8 source-interface gi 0/1
threshold 3000
frequency 10
ip sla schedule 2 life forever start-time now

!

track 10 ip sla 1 reachability
delay down 8 up 10

track 20 ip sla 2 reachability
delay down 8 up 10

!

ip route 0.0.0.0 0.0.0.0 100.125.86.193 track 10

ip route 0.0.0.0 0.0.0.0 158.71.72.173 track 20

Thanks

Richard Bradfield · ‎06-30-2016

each route has equal cost, so would change the route to secondary to

ip route 0.0.0.0 0.0.0.0 158.71.72.173 100 track 20,

or perhaps not even bother to track it, as you are really only interested if the Prime access goes down.

ald14win001 · ‎06-30-2016

Many thanks. Its a lot of help.

More power to you.

ald14win001 · ‎07-02-2016

Hello Richard,

My configuration was like this:

=============================================================

PHABSRO01#sh run
Building configuration...

Current configuration : 5191 bytes
!
! Last configuration change at 11:27:13 GMT Sat Jul 2 2016 by altec
!
version 15.4
!
track 10 ip sla 1 reachability
delay down 1 up 10
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ===ConvergeWAN===
ip address 11.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description <<<<<PLDTWAN>>>>>
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description LAN
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 11.125.86.193 track 10
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100
!
ip access-list extended Five9-List
permit ip 10.0.10.0 0.0.1.255 138.107.71.0 0.0.0.255
permit ip 10.0.10.0 0.0.1.255 205.200.0.0 0.0.0.255
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
threshold 3000
frequency 5
ip sla schedule 1 life forever start-time now
!
route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1
!
!
snmp-server community public RO
access-list 103 permit ip 10.0.10.0 0.0.1.255 any
!

scheduler allocate 20000 1000
event manager applet check-isp
event track 1 state any
action 1.0 cli command "enable"
action 1.5 cli command "clear ip nat trans *"
action 2.0 syslog priority notifications msg "Nat translation cleared!"
!
end

=============================================================

The Automatic Fail-Over is working already, Thanks to you.

I have one more problem.

Why is it that when I shutdown the backup ISP Interface, my Ping to google.com gives me Time-Out? And does not went up again. But I am still connected to the internet.

But when I try to shutdown the Primary ISP, it doesn't give me Time-Out because the backup kicks in.

Why is it like that? I disabled just the backup.

Thanks and Regards,

Richard Bradfield · ‎07-02-2016

that seems a bit weird, which interface does it go out if you do a 'trace 8.8.8.8'

under normal conditions

Cisco 2951 Dual-ISP Fail-over Without SLA or BGP