06-29-2016 10:46 AM - edited 03-08-2019 06:25 AM
Hello Everyone,
Just wanna ask if, what will I do to configure the following:
I HAVE 2 ISP's WHICH IS CONNECTED TO MY CISCO ROUTER
ISP 1 (IP: 58.58.58.58/27)>>>>Cisco Router<<<<ISP 2 (IP: 59.59.59.59/30)
ROUTER 2951
Gi0/0 ====>>>>> ISP Modem (IP Address: 58.58.58.58/27)
Gi0/1 ====>>>>> ISP Modem (IP Address: 59.59.59.59/30)
Gi0/2 ====>>>>> LAN (IP: 10.0.10.0/23)
THANKS!!!
Solved! Go to Solution.
06-29-2016 11:12 PM
If you use SLA and tracking, then you know when the Internet is down thru that interface, but because the interface to Gi0/0 is still up nothing changes, so you need some EEM script to change the routing at the very least.
06-30-2016 04:03 PM
each route has equal cost, so would change the route to secondary to
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100 track 20,
or perhaps not even bother to track it, as you are really only interested if the Prime access goes down.
06-29-2016 02:26 PM
Hi,
Not clear what you asking. Are you asking how to configure the IPs on your interfaces? If yes, here is an example:
config t
inter g0/0
ip address 58.58.58.58 255.255.255.224
no sh
The same way for the interface. You also need to work with your ISP regarding routing.
HTH
06-29-2016 04:31 PM
Hello Reza,
Thanks for your Reply.
I already configured the IP of the interface and the NAT and IP Route.
I just want to ask if how can I configure Failover with just configuring our Router because we do not have access to the ISP Routers.
I read some Threads about NAT Fail-over and SLA Objects.
Thank You
06-29-2016 05:58 PM
you say without SLA or BGP, so you don't want to use SLA ot BGP? I assume you only use one ISP at a time the other is backup. Can you share existing router configuration,
SLA is the obvious way to go ping something on the Internet thru the active interface, if it fails use EEM scripts to change to the other Interface and modify your NAT statements.
06-29-2016 07:02 PM
Hello, This is my Current config, but the auto-failover doesnt work.
I also read about SLA Objects which is capable of Auto-Failover. Can you Please Help me.
We are using Cisco 2951 and we have 2 ISPs with separate modem each.
IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4
interface GigabitEthernet0/0
description ===ISP 1===
ip address 100.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description ===ISP 2===
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description ===LAN===
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 100.125.86.193
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100
route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1
access-list 103 permit ip 10.0.10.0 0.0.1.255 any
Thank You!!!
06-29-2016 09:25 PM
this is what my config would be using SLA and EEM scripts
step 1 normalise config to use one interface only;-
no ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
no ip route 0.0.0.0 0.0.0.0 158.71.72.173 100
no route-map PLDT permit 10
interface GigabitEthernet0/1
no crypto map CMAP
route-map CONVERGE permit 10
no match interface GigabitEthernet0/0
Step 2 setup SLA and tracking
ip sla 1
icmp-echo 8.8.8.8 source-interface gi 0/0
threshold 3000
frequency 30
ip sla schedule 2 life forever start-time now
track 1 ip sla 1 reachability
delay down 8 up 10
!
Step 3 setup EEM scripts
event manager applet Prime-Internet-down
event track 1 state down
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "ip route 0.0.0.0 0.0.0.0 158.71.72.173"
action 1.3 cli command "no ip route 0.0.0.0 0.0.0.0 100.125.86.193"
action 1.4 cli command "no ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload"
action 1.5 cli command "ip nat inside source route-map CONVERGE interface GigabitEthernet0/1 overload"
action 1.6 cli command "int gi 0/0"
action 1.7 cli command "no crypto map CMAP"
action 1.8 cli command "int gi 0/1"
action 1.9 cli command "crypto map CMAP"
action 1.91 syslog msg "Internet down through gi 0/0"
event manager applet Prime-Internet-Up
event track 1 state up
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "no ip route 0.0.0.0 0.0.0.0 158.71.72.173"
action 1.3 cli command "ip route 0.0.0.0 0.0.0.0 100.125.86.193"
action 1.4 cli command "no ip nat inside source route-map CONVERGE interface GigabitEthernet0/1 overload"
action 1.5 cli command "ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload"
action 1.6 cli command "int gi 0/1"
action 1.7 cli command "no crypto map CMAP"
action 1.8 cli command "int gi 0/0"
action 1.9 cli command "crypto map CMAP"
Step 4 Test
ca test by removing internet connection on primary modem, and see what happens.
The only thing I am not sure of is changing the NAT translation you might have to put in a clear IP nat translation command
give it a go Richard
06-29-2016 10:44 PM
Hello. Thanks for the commands. I will give it a try. Later when I get to office.
Do we have another option? Or Do we have a more simpler one? Like simple SLA Tracking without eem?
I tried before but its not working. I track the ip route of ISP1. Putting a higher AD also did not work.
Thanks again.
06-29-2016 11:12 PM
If you use SLA and tracking, then you know when the Internet is down thru that interface, but because the interface to Gi0/0 is still up nothing changes, so you need some EEM script to change the routing at the very least.
06-30-2016 03:14 AM
Hello.
So this one will not work?
ip sla 1
icmp-echo 8.8.8.8 source-interface gi 0/0
threshold 3000
frequency 30
ip sla schedule 2 life forever start-time now
track 1 ip sla 1 reachability
delay down 8 up 10
ip route 0.0.0.0 0.0.0.0 158.71.72.173 track 1
Thanks
06-30-2016 06:04 AM
sorry yes that should
06-30-2016 07:32 AM
Okay, I understand.
I was planning to make this config but it will not work, Right?
====================================================
IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4
IOS 15.4
interface GigabitEthernet0/0
description ===ISP 1===
ip address 100.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description ===ISP 2===
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description ===LAN===
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1
access-list 103 permit ip 10.0.10.0 0.0.1.255 any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface gi 0/0
threshold 3000
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface gi 0/1
threshold 3000
frequency 10
ip sla schedule 2 life forever start-time now
!
track 10 ip sla 1 reachability
delay down 8 up 10
track 20 ip sla 2 reachability
delay down 8 up 10
!
ip route 0.0.0.0 0.0.0.0 100.125.86.193 track 10
ip route 0.0.0.0 0.0.0.0 158.71.72.173 track 20
Thanks
06-30-2016 04:03 PM
each route has equal cost, so would change the route to secondary to
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100 track 20,
or perhaps not even bother to track it, as you are really only interested if the Prime access goes down.
06-30-2016 05:11 PM
Many thanks. Its a lot of help.
More power to you.
07-02-2016 10:40 AM
Hello Richard,
My configuration was like this:
=============================================================
PHABSRO01#sh run
Building configuration...
Current configuration : 5191 bytes
!
! Last configuration change at 11:27:13 GMT Sat Jul 2 2016 by altec
!
version 15.4
!
track 10 ip sla 1 reachability
delay down 1 up 10
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ===ConvergeWAN===
ip address 11.125.86.194 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/1
description <<<<<PLDTWAN>>>>>
ip address 158.71.72.174 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map CMAP
!
interface GigabitEthernet0/2
description LAN
ip address 10.0.10.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map CONVERGE interface GigabitEthernet0/0 overload
ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 11.125.86.193 track 10
ip route 0.0.0.0 0.0.0.0 158.71.72.173 100
!
ip access-list extended Five9-List
permit ip 10.0.10.0 0.0.1.255 138.107.71.0 0.0.0.255
permit ip 10.0.10.0 0.0.1.255 205.200.0.0 0.0.0.255
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
threshold 3000
frequency 5
ip sla schedule 1 life forever start-time now
!
route-map CONVERGE permit 10
match ip address 103
match interface GigabitEthernet0/0
!
route-map PLDT permit 10
match ip address 103
match interface GigabitEthernet0/1
!
!
snmp-server community public RO
access-list 103 permit ip 10.0.10.0 0.0.1.255 any
!
scheduler allocate 20000 1000
event manager applet check-isp
event track 1 state any
action 1.0 cli command "enable"
action 1.5 cli command "clear ip nat trans *"
action 2.0 syslog priority notifications msg "Nat translation cleared!"
!
end
=============================================================
The Automatic Fail-Over is working already, Thanks to you.
I have one more problem.
Why is it that when I shutdown the backup ISP Interface, my Ping to google.com gives me Time-Out? And does not went up again. But I am still connected to the internet.
But when I try to shutdown the Primary ISP, it doesn't give me Time-Out because the backup kicks in.
Why is it like that? I disabled just the backup.
Thanks and Regards,
07-02-2016 03:32 PM
that seems a bit weird, which interface does it go out if you do a 'trace 8.8.8.8'
under normal conditions
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide