cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
747
Views
5
Helpful
58
Replies
Highlighted
Beginner

No Internet access from second provider ISP

Hello,

I have 3 days in this and I need some help of you.

 

I have 2 layer 3 switch doing standby. This is working. But, I have a second ISP for Internet. I have done all the static route but it doesn't working when I down the interface of my principal isp for Internet; it must enter the second layer 3 switch by standby protocol as active to start using the Internet of my second ISP2.

 

I put a static route in the layer 3 switch connect with the router of my ISP-2. The speed is sum together. But no Internet access if I down the interface of my principal ISP-1.

 

Router of my second ISP-2 is a ZTE. But router of my principal ISP-1 is a Cisco 800, both layer 3 switch are Cisco 3760.

58 REPLIES 58
Highlighted
VIP Expert

Hello,

 

post the configs of both your L3 switches...

Highlighted

Layer 3 switch connect to ISP-1)

spanning-tree vlan 100 priority 24576
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
description Link to SW-PRINCIPAL
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
description HRSP-PROTOCOL
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt delay minimum 240 reload 300
standby 1 track 1 decrement 50
!
interface Vlan199
ip address 190.191.199.10 255.255.255.0
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts

 

(Layer 3 switch connect to ISP-2)

spanning-tree vlan 100 priority 28672
!
vlan internal allocation policy ascending
!
!
class-map match-any P2P-PROTOCOL
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
!
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 8000 exceed-action drop
!
interface GigabitEthernet2/0/1
description Link-To-ISP2-Delancer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 2
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,196-199,204-208,211-213,215
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.108 255.255.255.0
!
interface Vlan100
description HSRP-PROTOCOL
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
standby 1 preempt
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101
ip route 0.0.0.0 0.0.0.0 190.191.192.102
!
ip access-list extended ANY-TRAFFIC
permit ip any any
!
access-list 101 deny tcp any any eq www
access-list 101 deny tcp any any eq telnet
!
end

 

Config static route of modern/router ZTE:

190.191.197.0/30 via 190.191.100.1 dev br0 onlink
190.191.206.0/29 via 190.191.100.1 dev br0 onlink
190.191.208.0/28 via 190.191.100.1 dev br0 onlink
190.191.192.0/24 dev br0 proto kernel scope link src 190.191.192.102

 

Thanks,

Highlighted

Hello,

Layer 3 switch connect to ISP-1

spanning-tree vlan 100 priority 24576
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
description Link to SW-PRINCIPAL
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
description HRSP-PROTOCOL
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt delay minimum 240 reload 300
standby 1 track 1 decrement 50
!
interface Vlan199
ip address 190.191.199.10 255.255.255.0
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts

 

Layer 3 switch connect to ISP-2

spanning-tree vlan 100 priority 28672
!
vlan internal allocation policy ascending
!
!
class-map match-any P2P-PROTOCOL
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
!
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 8000 exceed-action drop
!
interface GigabitEthernet2/0/1
description Link-To-ISP2-Delancer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 2
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,196-199,204-208,211-213,215
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.108 255.255.255.0
!
interface Vlan100
description HSRP-PROTOCOL
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
standby 1 preempt
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101
ip route 0.0.0.0 0.0.0.0 190.191.192.102
!
ip access-list extended ANY-TRAFFIC
permit ip any any
!
access-list 101 deny tcp any any eq www
access-list 101 deny tcp any any eq telnet
!
end

 

Config modern/router ZTE (static route)

190.191.197.0/30 via 190.191.100.1 dev br0 onlink
190.191.206.0/29 via 190.191.100.1 dev br0 onlink
190.191.208.0/28 via 190.191.100.1 dev br0 onlink
190.191.192.0/24 dev br0 proto kernel scope link src 190.191.192.102

Highlighted

Your Zyxel is using the internal standby IP as the next hop. Provide a schematic drawing of your physical and logical setup so we can figure out what is connected to what...

Highlighted

Hello,

 

try and configure the IP SLA on both switches as below (marked in bold):

 

Layer 3 switch connect to ISP-1)

 

spanning-tree vlan 100 priority 24576
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
description Link to SW-PRINCIPAL
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
description HRSP-PROTOCOL
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt delay minimum 240 reload 300
standby 1 track 1 decrement 50
!
interface Vlan199
ip address 190.191.199.10 255.255.255.0
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.102 250
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts

 

(Layer 3 switch connect to ISP-2)

 

spanning-tree vlan 100 priority 28672
!
track 1 ip sla 1 reachability
!
vlan internal allocation policy ascending
!
class-map match-any P2P-PROTOCOL
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
!
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 8000 exceed-action drop
!
interface GigabitEthernet2/0/1
description Link-To-ISP2-Delancer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 2
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,196-199,204-208,211-213,215
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.108 255.255.255.0
!
interface Vlan100
description HSRP-PROTOCOL
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
standby 1 preempt
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101 250
ip route 0.0.0.0 0.0.0.0 190.191.192.102 track 1
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
ip access-list extended ANY-TRAFFIC
permit ip any any
!
access-list 101 deny tcp any any eq www
access-list 101 deny tcp any any eq telnet
!
end

 

Config static route of modern/router ZTE:

190.191.197.0/30 via 190.191.100.1 dev br0 onlink
190.191.206.0/29 via 190.191.100.1 dev br0 onlink
190.191.208.0/28 via 190.191.100.1 dev br0 onlink
190.191.192.0/24 dev br0 proto kernel scope link src 190.191.192.102

Highlighted

Hello,

I tested what you said but it didn't work. If I down ISP-1 interface from the switch layer 3, ip sla continue working, a mean:

SW-ISP-1#sh track
Track 1
IP SLA 1 reachability
Reachability is Up
276 changes, last change 00:03:04
Latest operation return code: OK
Latest RTT (millisecs) 58
Tracked by:
HSRP Vlan100 1

 

I put you the config of my PRINCIPAL switch layer 3. This switch has all the interface vlan and the dhcp for vlan.

 

Check the config:

ISP-1 connect to switch:

track 1 ip sla 1 reachability
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
description Link to SW-PRINCIPAL
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
description HRSP-PROTOCOL
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt delay minimum 240 reload 300
standby 1 track 1 decrement 50
!
interface Vlan199
ip address 190.191.199.10 255.255.255.0
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.102 250
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
end

 

ISP-2 connect to other switch layer 3:

track 1 ip sla 1 reachability
!
!
class-map match-any P2P-PROTOCOL
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
!
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 8000 exceed-action drop
!
interface GigabitEthernet2/0/1
description Link-To-ISP2-Delancer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 2
!
interface GigabitEthernet2/0/25
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,197,199,204,207,208,213
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,196-199,204-208,211-213,215
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.108 255.255.255.0
!
interface Vlan100
description HSRP-PROTOCOL
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
standby 1 preempt
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.102 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.101 250
!
ip access-list extended ANY-TRAFFIC
permit ip any any
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!

 

SW-PRINCIPAL:

ip dhcp pool 208
network 190.191.208.0 255.255.255.240
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 206
network 190.191.206.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 215
network 190.191.215.0 255.255.255.224
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
!
power redundancy-mode redundant
spanning-tree mode pvst
spanning-tree extend system-id
!
interface GigabitEthernet1/5
description Link to Layer-3-Switch as ISP1
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface GigabitEthernet1/6
description Link to SW-CAJAS-INTERNET P13
switchport trunk allowed vlan 1,101,213,217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/7
description Link to SW-CAJAS P9
switchport trunk allowed vlan 1,101,195,202
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/9
description Link to SW-USUARIOS P13
switchport trunk allowed vlan 1,101,196,197,207,208,210-212,215-217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/11
description Link to SW-CONTAB P1
switchport trunk allowed vlan 1,100-102,195-199,202-208,211-213,215-217
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
ip address 190.191.192.107 255.255.255.0
!
interface Vlan206
description RED-AD
ip address 190.191.206.1 255.255.255.248
!
!
interface Vlan208
description VLAN-USUARIOS CON INTERNET
ip address 190.191.208.1 255.255.255.240
!
!
router eigrp 1
network 0.0.0.0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 190.191.192.105 (To switch layer 3 ISP-1)
ip route 0.0.0.0 0.0.0.0 190.191.192.108 (To Switch layer 3 ISP-2)

 

Thanks,

Highlighted

That would mean that the switch still can ping 8.8.8.8. You can place a static route to 8.8.8.8 out SP1 to resolve the issue. You may even have to have a secondary null route when the SP1 interface is down.

 

Please rate helpful posts.

Highlighted

I don't understand: "You can place a static route to 8.8.8.8 out SP1 to resolve the issue".
Highlighted

Post a drawing of your network that shows how everyting is connected...

Highlighted

Hello,

I attached a drawing of my network:

ISP-1-Router To SW-ISP-1 (Here is the HRSP as ACTIVE and ip sla)

SW-ISP-1 To SW-Principal (Here is all the inerface vlans, etc)

SW-Principal To SW-CONTAB

SW-CONTAB To SW-ISP-2

 

ISP-2-ZTE-Router To SW-ISP-2 (HRSP as standby and ip sla)

SW-ISP-2 To others SWs by fiber.

 

Thanks,

Highlighted

Ip route 8.8.8.8 255.255.255.255 ISP1IPAddressHere
Ip route 8.8.8.8 255.255.255.255 null0 250
Please rate helpful posts.
Highlighted

Hello,

 

on your SW-Principal, when the ICMP fails, you need to point the static route to the Vlan 1 interface of the other switch:

 

ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.108 50

 

Since you are using EIGRP, I changed the admin dstance on the secon default route to 50...

Highlighted

I tested and the speed of my two ISP is not sum. That's good. But I continue without Internet when I down the interface on my ISP-1. From SW-Principal, ICMP continues fails.

 

Those are the route on my SW-Principal:

 

ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.105 (If I delete this route, I don't have Internet)
ip route 0.0.0.0 0.0.0.0 190.191.192.108 50

 

Thanks,

 

Highlighted

Hello,

 

where in your drawing is 101, 105, and 108 ?

Content for Community-Ad