No Internet access from second provider ISP - Page 2

reynosoalmonte · ‎09-05-2018

Hello,

I have 3 days in this and I need some help of you.

I have 2 layer 3 switch doing standby. This is working. But, I have a second ISP for Internet. I have done all the static route but it doesn't working when I down the interface of my principal isp for Internet; it must enter the second layer 3 switch by standby protocol as active to start using the Internet of my second ISP2.

I put a static route in the layer 3 switch connect with the router of my ISP-2. The speed is sum together. But no Internet access if I down the interface of my principal ISP-1.

Router of my second ISP-2 is a ZTE. But router of my principal ISP-1 is a Cisco 800, both layer 3 switch are Cisco 3760.

reynosoalmonte · ‎09-06-2018

Hello,

101 is the router ISP-1 with access to Internet. This is working now.
105 is the SW connecting to the router ISP-1. This SW is doing the HRSP protocol and ip sla.
108 is the SW connecting to the router ZTE-ISP-2. This is not working when the interface of ISP-1 is down.
102 is the Router ZTE-ISP-2.

Thanks,

Georg Pauwen · ‎09-06-2018

Hello,

I do not see IP address 190.191.192.105 anywhere on an HSRP enabled switch. Update your drawing with the actual IP addresses

ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.105 (If I delete this route, I don't have Internet) --> You say you are using 101 ?
ip route 0.0.0.0 0.0.0.0 190.191.192.108 50

reynosoalmonte · ‎09-06-2018

I attached an picture update with the IP on each SW and Router

HRSP in on a vlan. Vlan 100. It has the interface vlan 100 on SW-Principal with mask /28.

Standby IP is: 190.191.100.1 as gateway.

SW-ISP-1 connecting to Router ISP-1 has the IP on the HRSP: 190.191.100.3

SW-ISP-2 connecting to Router ISP-2 has the IP on the HRSP: 190.191.100.2

190.191.192.101 -> VLAN 1, Router Internet ISP-1

190.191.192.105 -> VLAN 1, SW connect to ISP-1

190.191.192.108 -> VLAN 1, SW-Principal

190.191.192.102 -> VLAN 1, SW-ISP-2

190.191.192.107 -> VLAN 1, Router ZTE-ISP-2

Thanks,

Georg Pauwen · ‎09-06-2018

Hello,

looking at your picture it appears that the Vlan 1 IP address on your other switch is 190.191.192.127. This needs to be the next hop for the secondary default route:

ip route 0.0.0.0 0.0.0.0 190.191.192.105 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.127 2

reynosoalmonte · ‎09-06-2018

I putted this on SW-Principal, but with ip route 0.0.0.0 0.0.0.0 190.191.192.105 track 1 I don't have Internet from any ISP. I delete track 1 and I have Internet from ISP-1, but no Internet from ISP-2 yet.

Thanks,

Georg Pauwen · ‎09-06-2018

This is getting really confusing: on which switches are you running HSRP ? Post the full configs of all 4 switches (full config starting with the hostname, so we know which running config we are looking at)...

Georg Pauwen · ‎09-06-2018

Hello,

try:

ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.127 2

reynosoalmonte · ‎09-06-2018

Les't see: Here is the configs

SW-ISP-1 layer 3 (Connect To Router ISP-1 on the drawing)

hostname SW-ISP-1
!
boot-start-marker
boot-end-marker

!
switch 3 provision ws-c3750g-24ps
system mtu routing 1500
ip routing
no ip cef optimize neighbor resolution
no ip domain-lookup
!
!
!
!
crypto pki trustpoint TP-self-signed-720932736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-720932736
revocation-check none
rsakeypair TP-self-signed-720932736
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 100 priority 24576
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
description Link to SW-PRINCIPAL
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface GigabitEthernet3/0/5
shutdown
!
interface GigabitEthernet3/0/6
shutdown
!
interface GigabitEthernet3/0/7
shutdown
!
interface GigabitEthernet3/0/8
shutdown
!
interface GigabitEthernet3/0/9
shutdown
!
interface GigabitEthernet3/0/10
shutdown
!
interface GigabitEthernet3/0/11
shutdown
!
interface GigabitEthernet3/0/12
shutdown
!
interface GigabitEthernet3/0/13
shutdown
!
interface GigabitEthernet3/0/14
shutdown
!
interface GigabitEthernet3/0/15
shutdown
!
interface GigabitEthernet3/0/16
shutdown
!
interface GigabitEthernet3/0/17
shutdown
!
interface GigabitEthernet3/0/18
shutdown
!
interface GigabitEthernet3/0/19
shutdown
!
interface GigabitEthernet3/0/20
shutdown
!
interface GigabitEthernet3/0/21
shutdown
!
interface GigabitEthernet3/0/22
shutdown
!
interface GigabitEthernet3/0/23
shutdown
!
interface GigabitEthernet3/0/24
shutdown
!
interface GigabitEthernet3/0/25
!
interface GigabitEthernet3/0/26
!
interface GigabitEthernet3/0/27
!
interface GigabitEthernet3/0/28
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
description HRSP-PROTOCOL
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt delay minimum 240 reload 300
standby 1 track 1 decrement 50
!
!
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.102 250
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts

SW-Principal Layer 3 (Here are all interfaces vlan, dhcp, etc)

hostname SW-PRINCIPAL
!
boot-start-marker
boot system flash cat4500e-entservicesk9-mz.152-2.E8.bin
boot system flash bootflash:cat4500e-entservicesk9-mz.152-2.E8.bin
boot-end-marker
!
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$SMzc$/3uRRdaqbDUDYj6YbrxHy.
!
!
!
!
!
!
no ip domain-lookup
!
ip dhcp pool 205
network 190.191.205.0 255.255.255.224
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 204
network 190.191.204.0 255.255.255.248
default-router 190.191.204.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 208
network 190.191.208.0 255.255.255.240
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 211
network 190.191.211.0 255.255.255.240
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 206
network 190.191.206.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 202
network 190.191.202.0 255.255.255.240
default-router 190.191.202.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 215
network 190.191.215.0 255.255.255.224
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 203
network 190.191.203.0 255.255.255.224
default-router 190.191.203.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 217
network 190.191.217.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 210
network 190.191.210.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
!
!
!
!
power redundancy-mode redundant
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface GigabitEthernet1/1
shutdown
!
interface GigabitEthernet1/2
shutdown
!
interface GigabitEthernet1/3
shutdown
!
interface GigabitEthernet1/4
shutdown
!
interface GigabitEthernet1/5
description Link to Layer-3-Switch connect to ISP-1
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface GigabitEthernet1/6
description Link to SW-CAJAS-INTERNET P13
switchport trunk allowed vlan 1,101,213,217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/7
description Link to SW-CAJAS P9
switchport trunk allowed vlan 1,101,195,202
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/8
description Link to SW-CENTRAL-IP P3
switchport trunk allowed vlan 1,101,196,199,215,216
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/9
description Link to SW-USUARIOS P13
switchport trunk allowed vlan 1,101,196,197,207,208,210-212,215-217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/10
description Link to SW-MISC P10
switchport trunk allowed vlan 1,101,195,196,202,203
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/11
description Link to SW-CONTAB P1
switchport trunk allowed vlan 1,100-102,195-199,202-208,211-213,215-217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/12
description Link to SW-PAS-15 P7
switchport trunk allowed vlan 1,101,102,196,203,205,206,208
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface TenGigabitEthernet1/49
!
interface TenGigabitEthernet1/50
!
interface TenGigabitEthernet1/51
!
interface TenGigabitEthernet1/52
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.107 255.255.255.0
!
interface Vlan195
description VLAN-CAJAS-To-SERVIDOR
ip address 190.191.195.1 255.255.255.252
!
interface Vlan196
description SERVER-1(DATABASE-USUARIOS)
ip address 190.191.196.1 255.255.255.252
!
interface Vlan197
description Link-To-SERVER-2(PL-USERS)
ip address 190.191.197.1 255.255.255.252
!
interface Vlan198
description SERVER-3 LABEL ELECT
ip address 190.191.198.1 255.255.255.252
!
interface Vlan202
description VLAN-CAJAS
ip address 190.191.202.1 255.255.255.240
!
interface Vlan203
description NETWORK-VERIFICADORES
ip address 190.191.203.1 255.255.255.224
!
interface Vlan204
description AP-RECIBIDORES
ip address 190.191.204.1 255.255.255.248
!
interface Vlan205
description AP-ALM-USUARIOS
ip address 190.191.205.1 255.255.255.224
!
interface Vlan206
description RED-ADMINISTRADOR
ip address 190.191.206.1 255.255.255.248
!
interface Vlan207
description PERSONAL-NI
ip address 190.191.207.1 255.255.255.240
!
interface Vlan208
description VLAN-USUARIOS CON INTERNET
ip address 190.191.208.1 255.255.255.240
!
interface Vlan210
description RENSA-PANELES-SOLARES
ip address 190.191.210.1 255.255.255.248
!
interface Vlan211
description INTERNET-CAFETERIA-AP
ip address 190.191.211.1 255.255.255.240
!
interface Vlan212
description RED-PC-CAFETERIA
ip address 190.191.212.1 255.255.255.252
!
interface Vlan213
description SV-COMPRAS
ip address 190.191.213.1 255.255.255.252
!
interface Vlan215
description CONTROL-INTERNET-PERSONAL
ip address 190.191.215.1 255.255.255.224
!
interface Vlan216
description CONTROL-HORARIO-PERSONAL
ip address 190.191.216.1 255.255.255.248
!
interface Vlan217
description VLAN-MAQUINAS-RECARGAS
ip address 190.191.217.1 255.255.255.248
!
!
router eigrp 1
network 0.0.0.0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 190.191.192.105
ip route 0.0.0.0 0.0.0.0 190.191.192.127 2
!
ip access-list extended LIMITAR-ANCHO-BANDA
permit ip any any
!
!
!

SW-CONTAB(Connect to SW-PRINCIPAL and connect to SW-ISP-2 layer 3 by fiber)

hostname SW-CONTAB
!
interface vlan 1
ip address 190.191.192.127 255.255.255.0
no ip address dhcp
!
interface vlan 571
name DEFAULT-VLAN-SG300
ip address 190.191.254.5 255.255.255.240
!
interface gigabitethernet1
Link to SW-PRINCIPAL
switchport trunk allowed vlan add 100-102,195-199,202-208,211-213
switchport trunk allowed vlan add 215-217
!
interface gigabitethernet2
!
interface gigabitethernet3
!
interface gigabitethernet4
!
interface gigabitethernet5
!
interface gigabitethernet6
!
interface gigabitethernet7
!
interface gigabitethernet8
!
interface gigabitethernet9
switchport trunk allowed vlan add 100-101,195-199,202-208,211,213
switchport trunk allowed vlan add 215-217
!
interface gigabitethernet10
Link to SW-ISP-1
switchport trunk allowed vlan add 100-101,196-199,203-208,211-213,215
!
exit

SW-ISP-2(Connect to ZTE Router )

hostname SW-COMPUTOS-ISP-2
!
boot-start-marker
boot-end-marker
!
switch 2 provision ws-c3750g-24ps
system mtu routing 1500
ip routing
!
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-2419020416
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2419020416
revocation-check none
rsakeypair TP-self-signed-2419020416
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 100 priority 28672
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
class-map match-any P2P-PROTOCOL
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
!
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 8000 exceed-action drop
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet2/0/1
description Link-To-ISP2-Delancer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 2
!
interface GigabitEthernet2/0/2
switchport access vlan 208
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 50.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/3
switchport access vlan 213
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 50.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/4
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/5
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/6
switchport access vlan 207
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/7
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 35
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/8
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 35
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/9
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 15
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/10
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/11
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/12
switchport access vlan 207
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/13
description PC-JONATHAN-ISAIAS
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 15
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/14
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/15
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/16
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 100
srr-queue bandwidth limit 15
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/17
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/18
switchport access vlan 207
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/19
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
Link to AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,102,197,204-206,208,213
switchport mode trunk
switchport port-security maximum 2
!
interface GigabitEthernet2/0/21
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/22
switchport mode access
switchport port-security maximum 2
shutdown
!
interface GigabitEthernet2/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,208
switchport mode trunk
shutdown
!
interface GigabitEthernet2/0/24
shutdown
!
interface GigabitEthernet2/0/25
Link to SW-ALM3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,197,199,204,207,208,213
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/26
Link to SW-CONTAB
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,196-199,204-208,211-213,215
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.108 255.255.255.0
!
interface Vlan100
description HSRP-PROTOCOL
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
standby 1 preempt
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.102 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.101 250
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
vstack
!
end

Georg Pauwen · ‎09-06-2018

Hello,

your SW-PRINCIPAL switch is a layer 3 switch, but SW-CONTAB is not ? If not, you cannot use any IP address on SW-CONTAB as a next hop for any static route.

I have amended your configs, try those below:

SW-ISP-1 layer 3 (Connect To Router ISP-1 on the drawing)

hostname SW-ISP-1
!
boot-start-marker
boot-end-marker
!
switch 3 provision ws-c3750g-24ps
system mtu routing 1500
ip routing
no ip cef optimize neighbor resolution
no ip domain-lookup
!
crypto pki trustpoint TP-self-signed-720932736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-720932736
revocation-check none
rsakeypair TP-self-signed-720932736
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 100 priority 24576
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet3/0/1
shutdown
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
description Link to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/4
description Link to SW-PRINCIPAL
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface GigabitEthernet3/0/5
shutdown
!
interface GigabitEthernet3/0/6
shutdown
!
interface GigabitEthernet3/0/7
shutdown
!
interface GigabitEthernet3/0/8
shutdown
!
interface GigabitEthernet3/0/9
shutdown
!
interface GigabitEthernet3/0/10
shutdown
!
interface GigabitEthernet3/0/11
shutdown
!
interface GigabitEthernet3/0/12
shutdown
!
interface GigabitEthernet3/0/13
shutdown
!
interface GigabitEthernet3/0/14
shutdown
!
interface GigabitEthernet3/0/15
shutdown
!
interface GigabitEthernet3/0/16
shutdown
!
interface GigabitEthernet3/0/17
shutdown
!
interface GigabitEthernet3/0/18
shutdown
!
interface GigabitEthernet3/0/19
shutdown
!
interface GigabitEthernet3/0/20
shutdown
!
interface GigabitEthernet3/0/21
shutdown
!
interface GigabitEthernet3/0/22
shutdown
!
interface GigabitEthernet3/0/23
shutdown
!
interface GigabitEthernet3/0/24
shutdown
!
interface GigabitEthernet3/0/25
!
interface GigabitEthernet3/0/26
!
interface GigabitEthernet3/0/27
!
interface GigabitEthernet3/0/28
!
interface Vlan1
ip address 190.191.192.105 255.255.255.0
!
interface Vlan100
description HRSP-PROTOCOL
ip address 190.191.100.3 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 150
standby 1 preempt delay minimum 240 reload 300
standby 1 track 1 decrement 50
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.108 2
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts

SW-Principal Layer 3 (Here are all interfaces vlan, dhcp, etc)

hostname SW-PRINCIPAL
!
boot-start-marker
boot system flash cat4500e-entservicesk9-mz.152-2.E8.bin
boot system flash bootflash:cat4500e-entservicesk9-mz.152-2.E8.bin
boot-end-marker
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$SMzc$/3uRRdaqbDUDYj6YbrxHy.
!
no ip domain-lookup
!
ip dhcp pool 205
network 190.191.205.0 255.255.255.224
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 204
network 190.191.204.0 255.255.255.248
default-router 190.191.204.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 208
network 190.191.208.0 255.255.255.240
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 211
network 190.191.211.0 255.255.255.240
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 206
network 190.191.206.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 202
network 190.191.202.0 255.255.255.240
default-router 190.191.202.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 215
network 190.191.215.0 255.255.255.224
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 203
network 190.191.203.0 255.255.255.224
default-router 190.191.203.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 217
network 190.191.217.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
ip dhcp pool 210
network 190.191.210.0 255.255.255.248
default-router 190.191.100.1
dns-server 200.88.127.22 200.88.127.23
!
power redundancy-mode redundant
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface GigabitEthernet1/1
shutdown
!
interface GigabitEthernet1/2
shutdown
!
interface GigabitEthernet1/3
shutdown
!
interface GigabitEthernet1/4
shutdown
!
interface GigabitEthernet1/5
description Link to Layer-3-Switch connect to ISP-1
switchport trunk allowed vlan 1,100,101,199,208
switchport mode trunk
!
interface GigabitEthernet1/6
description Link to SW-CAJAS-INTERNET P13
switchport trunk allowed vlan 1,101,213,217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/7
description Link to SW-CAJAS P9
switchport trunk allowed vlan 1,101,195,202
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/8
description Link to SW-CENTRAL-IP P3
switchport trunk allowed vlan 1,101,196,199,215,216
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/9
description Link to SW-USUARIOS P13
switchport trunk allowed vlan 1,101,196,197,207,208,210-212,215-217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/10
description Link to SW-MISC P10
switchport trunk allowed vlan 1,101,195,196,202,203
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/11
description Link to SW-CONTAB P1
switchport trunk allowed vlan 1,100-102,195-199,202-208,211-213,215-217
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/12
description Link to SW-PAS-15 P7
switchport trunk allowed vlan 1,101,102,196,203,205,206,208
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface TenGigabitEthernet1/49
!
interface TenGigabitEthernet1/50
!
interface TenGigabitEthernet1/51
!
interface TenGigabitEthernet1/52
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.107 255.255.255.0
!
interface Vlan195
description VLAN-CAJAS-To-SERVIDOR
ip address 190.191.195.1 255.255.255.252
!
interface Vlan196
description SERVER-1(DATABASE-USUARIOS)
ip address 190.191.196.1 255.255.255.252
!
interface Vlan197
description Link-To-SERVER-2(PL-USERS)
ip address 190.191.197.1 255.255.255.252
!
interface Vlan198
description SERVER-3 LABEL ELECT
ip address 190.191.198.1 255.255.255.252
!
interface Vlan202
description VLAN-CAJAS
ip address 190.191.202.1 255.255.255.240
!
interface Vlan203
description NETWORK-VERIFICADORES
ip address 190.191.203.1 255.255.255.224
!
interface Vlan204
description AP-RECIBIDORES
ip address 190.191.204.1 255.255.255.248
!
interface Vlan205
description AP-ALM-USUARIOS
ip address 190.191.205.1 255.255.255.224
!
interface Vlan206
description RED-ADMINISTRADOR
ip address 190.191.206.1 255.255.255.248
!
interface Vlan207
description PERSONAL-NI
ip address 190.191.207.1 255.255.255.240
!
interface Vlan208
description VLAN-USUARIOS CON INTERNET
ip address 190.191.208.1 255.255.255.240
!
interface Vlan210
description RENSA-PANELES-SOLARES
ip address 190.191.210.1 255.255.255.248
!
interface Vlan211
description INTERNET-CAFETERIA-AP
ip address 190.191.211.1 255.255.255.240
!
interface Vlan212
description RED-PC-CAFETERIA
ip address 190.191.212.1 255.255.255.252
!
interface Vlan213
description SV-COMPRAS
ip address 190.191.213.1 255.255.255.252
!
interface Vlan215
description CONTROL-INTERNET-PERSONAL
ip address 190.191.215.1 255.255.255.224
!
interface Vlan216
description CONTROL-HORARIO-PERSONAL
ip address 190.191.216.1 255.255.255.248
!
interface Vlan217
description VLAN-MAQUINAS-RECARGAS
ip address 190.191.217.1 255.255.255.248
!
!
router eigrp 1
network 0.0.0.0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 190.191.192.105
ip route 0.0.0.0 0.0.0.0 190.191.192.127 2
!
ip access-list extended LIMITAR-ANCHO-BANDA
permit ip any any
!
SW-CONTAB(Connect to SW-PRINCIPAL and connect to SW-ISP-2 layer 3 by fiber)

hostname SW-CONTAB
!
interface vlan 1
ip address 190.191.192.127 255.255.255.0
no ip address dhcp
!
interface vlan 571
name DEFAULT-VLAN-SG300
ip address 190.191.254.5 255.255.255.240
!
interface gigabitethernet1
Link to SW-PRINCIPAL
switchport trunk allowed vlan add 100-102,195-199,202-208,211-213
switchport trunk allowed vlan add 215-217
!
interface gigabitethernet2
!
interface gigabitethernet3
!
interface gigabitethernet4
!
interface gigabitethernet5
!
interface gigabitethernet6
!
interface gigabitethernet7
!
interface gigabitethernet8
!
interface gigabitethernet9
switchport trunk allowed vlan add 100-101,195-199,202-208,211,213
switchport trunk allowed vlan add 215-217
!
interface gigabitethernet10
Link to SW-ISP-1
switchport trunk allowed vlan add 100-101,196-199,203-208,211-213,215
!
exit

SW-ISP-2(Connect to ZTE Router )

hostname SW-COMPUTOS-ISP-2
!
boot-start-marker
boot-end-marker
!
switch 2 provision ws-c3750g-24ps
system mtu routing 1500
ip routing
!
mls qos
!
crypto pki trustpoint TP-self-signed-2419020416
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2419020416
revocation-check none
rsakeypair TP-self-signed-2419020416
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 100 priority 28672
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
class-map match-any P2P-PROTOCOL
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
!
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 8000 exceed-action drop
!
interface GigabitEthernet2/0/1
description Link-To-ISP2-Delancer
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 2
!
interface GigabitEthernet2/0/2
switchport access vlan 208
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 50.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/3
switchport access vlan 213
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 50.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/4
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/5
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/6
switchport access vlan 207
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/7
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 35
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/8
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 35
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/9
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 15
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/10
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/11
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/12
switchport access vlan 207
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/13
description PC-JONATHAN-ISAIAS
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 10
srr-queue bandwidth limit 15
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/14
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/15
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/16
switchport access vlan 215
switchport mode access
switchport port-security maximum 2
speed 100
srr-queue bandwidth limit 15
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/17
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/18
switchport access vlan 207
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/19
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
Link to AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,102,197,204-206,208,213
switchport mode trunk
switchport port-security maximum 2
!
interface GigabitEthernet2/0/21
switchport access vlan 199
switchport mode access
switchport port-security maximum 2
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/22
switchport mode access
switchport port-security maximum 2
shutdown
!
interface GigabitEthernet2/0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,208
switchport mode trunk
shutdown
!
interface GigabitEthernet2/0/24
shutdown
!
interface GigabitEthernet2/0/25
Link to SW-ALM3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,101,197,199,204,207,208,213
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/26
Link to SW-CONTAB
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,101,196-199,204-208,211-213,215
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
description ACCESS-INTERNET
ip address 190.191.192.108 255.255.255.0
!
interface Vlan100
description HSRP-PROTOCOL
ip address 190.191.100.2 255.255.255.240
standby 1 ip 190.191.100.1
standby 1 priority 110
standby 1 preempt
!
router eigrp 1
network 0.0.0.0
eigrp stub connected summary
!
no ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 190.191.192.102 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.107 2
!
ip sla 1
icmp-echo 8.8.8.8
timeout 9000
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
vstack
!
end

reynosoalmonte · ‎09-06-2018

Hello,
SW-CONTAB is a layer 3 switch but I don't have many option because it is a cisco sg-300.

I have changed what you said but it continues without Internet from ISP-2.

I checked the ip sla from both switch when I down the interface in router ISP-1 and ip sla in SW-ISP-1 was down, but in about 2 minutes will go again up ping 8.8.8.8 successfull. In SW-ISP-2 connect to ZTE, put ACTIVE and it kept always ping 8.8.8.8 in ip sla.

This is the ISP-2 layer 3 switch:
Vlan100 - Group 1
State is Active
882 state changes, last state change 00:07:49
Virtual IP address is 190.191.100.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.016 secs
Preemption enabled
Active router is local
Standby router is 190.191.100.3, priority 150 (expires in 10.208 sec)
Priority 110 (configured 110)
Group name is "hsrp-Vl100-1" (default)
SW-ISP-2#sh track
Track 1
IP SLA 1 reachability
Reachability is Up
27 changes, last change 02:52:50
Latest operation return code: OK
Latest RTT (millisecs) 42
Tracked by:
STATIC-IP-ROUTINGTrack-list 0
SW-ISP-2#sh ip sla sum
SW-ISP-2#sh ip sla summary

IPSLAs Latest Operation Summary
ID Type Destination Stats Return Last
(ms) Code Run
----------- ---------- --------------- ------ ---------- -----------------
*1 icmp-echo 8.8.8.8 RTT=40 OK 1 second ago

SW-ISP-1-connect to router CISCO
Vlan100 - Group 1
State is Standby
612 state changes, last state change 00:03:11
Virtual IP address is 190.191.100.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.248 secs
Preemption enabled, delay min 240 secs (222 remaining), reload 300 secs
Active router is 190.191.100.2, priority 110 (expires in 9.568 sec)
Standby router is local
Priority 150 (configured 150)
Track object 1 state Up decrement 50
Group name is "hsrp-Vl100-1" (default)
SW-ISP-1#sh track
Track 1
IP SLA 1 reachability
Reachability is Up
344 changes, last change 00:00:22
Latest operation return code: OK
Latest RTT (millisecs) 59
Tracked by:
HSRP Vlan100 1
STATIC-IP-ROUTINGTrack-list 0
SW-ISP-1#
SW-ISP-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW-ISP-1(config)#int gi3/0/3
SW-ISP-1(config-if)#sh
SW-ISP-1(config-if)#shutdown
SW-ISP-1(config-if)#exit
SW-ISP-1(config)#exit
SW-ISP-1#sh track
Track 1
IP SLA 1 reachability
Reachability is Down
347 changes, last change 00:00:04
Latest operation return code: Timeout
Tracked by:
HSRP Vlan100 1
STATIC-IP-ROUTINGTrack-list 0
SW-ISP-1#sh ip sla sum
SW-ISP-1#sh ip sla summary

IPSLAs Latest Operation Summary
ID Type Destination Stats Return Last
(ms) Code Run
----------- ---------- --------------- ------ ---------- -----------------
*1 icmp-echo 8.8.8.8 RTT=42 OK 3 seconds ago

reynosoalmonte · ‎09-06-2018

Now, the ip sla is working, because I put this route as the user Alex said.

ip route 0.0.0.0 0.0.0.0 190.191.192.101 track 1
ip route 0.0.0.0 0.0.0.0 190.191.192.108 2
ip route 8.8.8.8 255.255.255.255 190.191.192.101
ip route 8.8.8.8 255.255.255.255 Null0 2

When interface router isp-1 is down, the layer 3 switch is not ping to 8.8.8.8. It is ok. But, I am continue without Internet from ISP-2.

Also, I did a tracerote from ISP-2 layer 3 switch and it has Internet:

SW-COMPUTOS-ISP-2#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)
VRF info: (vrf in name/id, vrf out name/id)
1 xzy1.zte.com.xz (190.191.192.102) 0 msec 0 msec 8 msec
2 internet-246-1.com (45.65.246.1) 0 msec 0 msec 8 msec
3 190.232.162.250 0 msec 8 msec 0 msec
4 63.245.79.132 42 msec 42 msec 42 msec
5 63.245.6.182 42 msec 42 msec 25 msec
6 * * *
7 216.239.59.60 42 msec
216.239.59.70 42 msec
216.239.57.168 59 msec
8 216.239.57.105 42 msec 34 msec
108.170.226.75 42 msec
9 google-public-dns-a.google.com (8.8.8.8) 58 msec 59 msec 42 msec

It works fine, but when I did the tracerote from SW-Principal:

VRF info: (vrf in name/id, vrf out name/id)
1 190.191.192.105 0 msec 4 msec 0 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *

It tries to go thought route 190.191.192.105 and not from the route 190.191.192.108.

Thanks,

reynosoalmonte · ‎09-06-2018

I attache the routing table from ZTE modern/router...

If I use Internet from ZTE modern, with any of this network, it works. Also, I did a tracerote from the SW-ISP-2 and the way that it takes is the ZTE route.

Georg Pauwen · ‎09-06-2018

The problem is likely with the EIGRP you have configured. Instead of network 0.0.0.0 (which means all networks) try and announce only the downstream interface, that is, the interfaces on your LAN side.

reynosoalmonte · ‎09-06-2018

Are you saying make for all my network the ip route ir doing eigrp on all (sw-principa, isp-1 switch, isp-2 switch) switches?

reynosoalmonte · ‎09-06-2018

I did what you suggest with eigrp but I didn't no success yet. Got a headache already.