07-02-2014 04:10 PM - edited 03-07-2019 07:54 PM
I work for a non-for-profit, and we have a Cisco 2911 that is having some major redundancy issues. We have Frontier Fiber over Ethernet and as a backup Frontier DSL. The Frontier Fiber is the primary, and should be working all the time.
The HSRP is switching to the DSL all the time and is never using the fiber connection. I have connected the fiber connection to my MacBook and have verified that there is no connection issue with the Fiber Internet.
I am not even sure where to start to troubleshoot this issue. Can anyone provide some assistance? I am unable to post my configuration on this board, but will be more than happy to share it with anyone who may be able to help as it is dropping our connection multiple times a day.
07-03-2014 05:10 AM
Hi,
You do have two routers, right? Otherwise HSRP cannot help. You should share the relevant parts of the config so that other users of this community may benefit from the provided solution.
Thanks, kind regards
Eduard Gheorghiu
07-03-2014 05:37 AM
This is our configuration as of right now:
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Lolly-2811
!
boot-start-marker
boot system disk0:/c2800nm-adventerprisek9-mz.124-20.T6.bin
boot system flash:/c2800nm-adventerprisek9-mz.124-20.T6.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 16384
!
no aaa new-model
clock timezone EST -5
clock summer-time SUM recurring
!
!
!
dot11 syslog
ip source-route
!
ip cef
!
ip domain name net.lollypop.org
ip name-server 184.9.51.33
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
archive
log config
hidekeys
!
ip ssh logging events
!
track 10 ip sla 10 reachability
!
track 20 ip sla 20 reachability
!
interface FastEthernet0/0
description Uplink to Frontier Fiber - 184.9.51.32/30
ip address 184.9.51.34 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Lollypop LAN
ip address 172.16.20.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/2/0
description Uplink to Frontier DSL - 50.122.220.240/29
ip address 50.122.220.242 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
network 66.0.0.0
network 172.16.0.0
network 184.9.0.0
network 192.168.50.0
neighbor 172.16.20.1
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 184.9.51.33 track 10
ip route 0.0.0.0 0.0.0.0 50.122.220.241 20
ip route 4.2.2.1 255.255.255.255 50.122.220.241 permanent
ip route 4.2.2.2 255.255.255.255 184.9.51.33 permanent
ip route 10.0.0.0 255.255.255.0 172.16.20.1
ip route 172.16.45.0 255.255.255.0 192.168.50.101
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source route-map NAT-PRIMARY interface FastEthernet0/0 overload
ip nat inside source route-map NAT-SECONDARY interface FastEthernet0/2/0 overload
ip nat inside source static tcp 192.168.50.101 1194 66.155.174.30 1194 extendable
ip nat inside source static udp 192.168.50.101 1194 66.155.174.30 1194 extendable
ip nat inside source static tcp 192.168.50.1 443 66.155.174.30 8002 extendable
ip nat inside source static tcp 192.168.50.101 443 66.155.174.30 8004 extendable
ip nat inside source static tcp 192.168.50.101 22 66.155.174.30 8010 extendable
ip nat inside source static tcp 10.0.0.254 143 184.9.51.34 143 extendable
ip nat inside source static tcp 172.16.20.1 443 184.9.51.34 443 extendable
ip nat inside source static tcp 192.168.50.12 554 184.9.51.34 554 extendable
ip nat inside source static tcp 192.168.50.101 1194 184.9.51.34 1194 extendable
ip nat inside source static udp 192.168.50.101 1194 184.9.51.34 1194 extendable
ip nat inside source static udp 10.0.0.254 2080 184.9.51.34 2080 extendable
ip nat inside source static udp 10.0.0.254 2088 184.9.51.34 2088 extendable
ip nat inside source static tcp 10.0.0.254 5060 184.9.51.34 5060 extendable
ip nat inside source static udp 10.0.0.254 5060 184.9.51.34 5060 extendable
ip nat inside source static tcp 192.168.50.1 443 184.9.51.34 8002 extendable
ip nat inside source static tcp 192.168.50.101 443 184.9.51.34 8004 extendable
ip nat inside source static tcp 192.168.50.101 22 184.9.51.34 8010 extendable
ip nat inside source static tcp 192.168.50.12 8080 184.9.51.34 8080 extendable
ip nat inside source static tcp 10.0.0.254 8081 184.9.51.34 8081 extendable
ip nat inside source static udp 10.0.0.254 15000 184.9.51.34 15000 extendable
ip nat inside source static udp 10.0.0.254 15001 184.9.51.34 15001 extendable
ip nat inside source static udp 10.0.0.254 15002 184.9.51.34 15002 extendable
ip nat inside source static udp 10.0.0.254 15003 184.9.51.34 15003 extendable
ip nat inside source static udp 10.0.0.254 15004 184.9.51.34 15004 extendable
ip nat inside source static udp 10.0.0.254 15005 184.9.51.34 15005 extendable
ip nat inside source static udp 10.0.0.254 15006 184.9.51.34 15006 extendable
ip nat inside source static udp 10.0.0.254 15007 184.9.51.34 15007 extendable
ip nat inside source static udp 10.0.0.254 15008 184.9.51.34 15008 extendable
ip nat inside source static udp 10.0.0.254 15009 184.9.51.34 15009 extendable
ip nat inside source static udp 10.0.0.254 15010 184.9.51.34 15010 extendable
ip nat inside source static udp 10.0.0.254 15011 184.9.51.34 15011 extendable
ip nat inside source static tcp 172.16.20.1 50443 184.9.51.34 50443 extendable
!
ip sla 10
icmp-echo 4.2.2.2 source-interface FastEthernet0/0
timeout 10000
frequency 30
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 4.2.2.1 source-interface FastEthernet0/2/0
timeout 2000
frequency 6
ip sla schedule 20 life forever start-time now
logging 192.168.50.150
access-list 101 permit ip 172.16.31.0 0.0.0.255 any
access-list 199 permit ip 172.16.0.0 0.0.255.255 any
access-list 199 permit ip 192.168.50.0 0.0.0.255 any
access-list 199 permit ip 10.0.0.0 0.0.0.255 any
!
route-map NAT-SECONDARY permit 10
match ip address 199
match interface FastEthernet0/2/0
!
route-map NAT-PRIMARY permit 10
match ip address 199
match interface FastEthernet0/0
!
route-map PBR permit 10
match ip address 101 12
set ip next-hop verify-availability 50.122.220.241 1 track 1
!
control-plane
!
line con 0
logging synchronous
login local
line aux 0
privilege level 15
login local
line vty 0 4
exec-timeout 60 0
privilege level 15
login local
transport input ssh
line vty 5 15
exec-timeout 60 0
privilege level 15
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp server 192.168.50.5
ntp server 130.207.244.240
07-03-2014 06:32 AM
It looks like a valid config. The main route depends on the result of the IP SLA connectivity test as configured bellow:
ip sla 10
icmp-echo 4.2.2.2 source-interface FastEthernet0/0
timeout 10000
frequency 30
ip route 0.0.0.0 0.0.0.0 184.9.51.33 track 10
track 10 ip sla 10 reachability
You basically send a ping every 30 seconds to 4.2.2.2. Is this reachable from your location?
Please include the outputs for:
show track 10
show ip sla 10 statis
Thanks,
Eduard
07-03-2014 07:28 AM
We are unable to access the fiber connection, we are only currently working off of the 5M DSL Connection in a building with 150 people.
Lolly-2811#sho track 10
Track 10
IP SLA 10 reachability
Reachability is Down
2 changes, last change 02:19:25
Latest operation return code: Timeout
Tracked by:
STATIC-IP-ROUTING 0
show ip sla 10 statis is not coming up with anything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide