Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3459
Views
5
Helpful
58
Replies

No Internet access from second provider ISP

reynosoalmonte
Level 1
Level 1

‎09-05-2018 12:38 PM - edited ‎03-08-2019 04:05 PM

Hello,

I have 3 days in this and I need some help of you.

 

I have 2 layer 3 switch doing standby. This is working. But, I have a second ISP for Internet. I have done all the static route but it doesn't working when I down the interface of my principal isp for Internet; it must enter the second layer 3 switch by standby protocol as active to start using the Internet of my second ISP2.

 

I put a static route in the layer 3 switch connect with the router of my ISP-2. The speed is sum together. But no Internet access if I down the interface of my principal ISP-1.

 

Router of my second ISP-2 is a ZTE. But router of my principal ISP-1 is a Cisco 800, both layer 3 switch are Cisco 3760.

Labels:
0 Helpful
58 Replies 58

reynosoalmonte
Level 1
Level 1
In response to Georg Pauwen

‎09-07-2018 08:39 AM - edited ‎09-07-2018 08:40 AM

Do I need to put hsrp in SW-Principal or in SW-ISP-1? Because on switch-Principal I have all the interface vlan.

0 Helpful

Georg Pauwen
VIP
VIP
In response to reynosoalmonte

‎09-07-2018 08:42 AM

You need to copy the setup you have used for Vlan 100. That means you need to configure it in SW-1 and SW-2.

0 Helpful

Georg Pauwen
VIP
VIP
In response to reynosoalmonte

‎09-07-2018 08:54 AM

Why is Vlan 100 on SW-1 and not on Principal ? Is that by design ?

 

Didn't you say that the other switch was an SG-200 ?

0 Helpful

reynosoalmonte
Level 1
Level 1
In response to Georg Pauwen

‎09-07-2018 08:58 AM

I putted vlan 100 on SW-1 to separate hsrp from the others vlan in SW-PRINCIPAL.

 

SG-200 not, SG-300. This is the SW-CONTAB

 

SW-PRINCIPAL is Cisco 4948

SW-ISP-1 is Cisco 3750

SW-ISP-2 is CIsco 3750

 

On the SW-PRINCIPAL I have all the interface vlan, a mean, vlan 206, 208, 215, etc., on SW-ISP-1 I have just vlan100 with hsrp.

 

So, Do I need to move all my interface vlan from SW-PRINCIPAL to SW-ISP-1 to make hsrp work?

0 Helpful

Georg Pauwen
VIP
VIP
In response to reynosoalmonte

‎09-07-2018 09:02 AM

The SG300 can't do HSRP. So your only option is to move all HSRP configs for all Vlans to SW-1 and SW-2...

0 Helpful

reynosoalmonte
Level 1
Level 1
In response to Georg Pauwen

‎09-07-2018 11:35 AM

Ok, here is what I don't why is not working if I change the vlan, ex., vlan 208 I change to SW-ISP-1 and did hsrp. The same in SW-ISP-2.

 

Now, what wrong?

this is the hsrp for vlan 208:

 

SW-ISP-1

interface Vlan208
description Vlan Internet-Personal
ip address 190.191.208.2 255.255.255.240
standby 2 ip 190.191.208.1
standby 2 priority 150
standby 2 preempt delay minimum 240 reload 300
standby 2 track 1 decrement 50
!

 

SW-ISP-2

interface Vlan208
description Vlan Internet-Personal
ip address 190.191.208.5 255.255.255.240
standby 2 ip 190.191.208.1
standby 2 priority 110
standby 2 preempt
!

 

When I down interface for isp-1, I just ping 8.8.8.8 success from vlan 208, but not Internet.

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to reynosoalmonte

‎09-07-2018 12:46 PM

Did you delete interface Vlan208 from SW-PRINCIPAL ?

0 Helpful

reynosoalmonte
Level 1
Level 1
In response to Georg Pauwen

‎09-07-2018 12:54 PM

Yes, I have deleted it.

It seems standby for vlan 208 is fine:

 

SW-ISP-1:

Vlan208 - Group 2
State is Active
22 state changes, last state change 00:14:04
Virtual IP address is 190.191.208.1
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.416 secs
Preemption enabled, delay min 240 secs, reload 300 secs
Active router is local
Standby router is 190.191.208.5, priority 110 (expires in 11.024 sec)
Priority 150 (configured 150)
Track object 1 state Up decrement 50
Group name is "hsrp-Vl208-2" (default)

 

SW-ISP-2:

Vlan208 - Group 2
State is Standby
20 state changes, last state change 00:14:29
Virtual IP address is 190.191.208.1
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.208 secs
Preemption enabled
Active router is 190.191.208.2, priority 150 (expires in 9.984 sec)
Standby router is local
Priority 110 (configured 110)
Group name is "hsrp-Vl208-2" (default)

0 Helpful

Georg Pauwen
VIP
VIP
In response to reynosoalmonte

‎09-07-2018 01:33 PM

Hello,

 

do you have access to the ISP router ? It might be a case of having to clear the existing NAT translations on the ISP-1 router...

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎09-07-2018 01:40 PM

How do your Vlan 100 clients get their IP addresses ? When you delete Vlan 208 on SW-PRINCIPAL, your clients don't get a default gateway anymore, so you will have to define the DHCP pool on SW-1 as well as on SW-2. You need to split the pool in order to avoid DHCP overlapping address conflicts.

 

That said, is this a live network ? If so, I would go back to the drawing board first. The SG300 is a small business device and not really meant in a larger network. What are the other devices ? It would be a lot easier to configure the network with just two switches, run HSRP for each VLAN between just those two switches...

0 Helpful

reynosoalmonte
Level 1
Level 1
In response to Georg Pauwen

‎09-07-2018 02:00 PM

Yes, I put the DHCP in SW-1 too and I am doing ip dhcp except.

 

Now, explain me. Now vlan 208 works with hsrp. What I do? I just change the DNS 200.88.127.22 200.88.127.23 for DNS 8.8.8.8 and it works. ISP-1 is down and traffic was going thought SW-2. It works now.

 

Why is not working with the dns 200.88.127.22 ... etc.,

 

 

0 Helpful

paul driver
VIP
VIP

‎09-07-2018 01:59 PM - edited ‎09-07-2018 02:02 PM

Hello
Just to confirm -

1) two external paths to the internet via two isp connections ( are these different providers)

2) static routing and ip sla towards each isp

3) eigrp with hrsp running internally between the l3 core/distribution

 

Just glancing over this it seems most probable reason why your losing internet connectivity is that when the connection to ISP1 is lost even though ip sla tracking initiates and hrsp failsover ,Eigrp isn't aware of this change and is blackholing the traffic.

 

It doesn't seem your statics are being conditionally advertised in eigrp?

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

reynosoalmonte
Level 1
Level 1
In response to paul driver

‎09-07-2018 02:03 PM

Hi Paul,

1) Yes, there are different isp

2) Yes

3) eigrp is running in both layer 3 switch, also in the sw where is connect servers and others switches as cisco sg300, cisco sf300, etc.

0 Helpful

Georg Pauwen
VIP
VIP
In response to reynosoalmonte

‎09-07-2018 02:19 PM

Hello,

 

Paul has a good point: the SG300 doesn't support EIGRP (or any dynamic routing protocol), just static routes. 32 is the maximum. It is going to be extremely difficult to configure a mix of EIGRP, static routes, HSRP, and IP SLA failover. That is why I asked if you can get rid of the SG300 and use a device similar to the one you use as SW-PRINCIPAL.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card