02-04-2018 01:51 AM - edited 03-08-2019 01:42 PM
Hi,
I am using cisco 891 router for my office with two ISP. Both the ISP I am using for fail over or redundant. Two LAN separately is being used accordingly with two ISP. But the problem is when one ISP connection has goes down then another ISP does not worked. If I disconnect the cable of the down cable from router then another ISP works fine. I can't understand the problem. I already attached the configuration file below. Please suggest what will be solution?
02-04-2018 03:00 AM
Hi,
when you say "the first ISP goes down" what do you mean by that? Is it the physical link or ISP network? If it is the latter, then the problem that you have is that ISP router is still active and the route on your 891 is sending traffic there. When you physically disconnect that interface goes down and the router reroutes the traffic.
Use policy based routing with IP SLA for tracking. Track 8.8.8.8 or similar, when it is not reachable, configure the router to reroute to the active interface.
Check the below example for more details
regards,
mg
02-04-2018 03:24 AM
Thank you M.G.
the first ISP goes down means ISP link down. But I use two LAN for two ISP. If one is down then another will work. but after one down another ISP connection does not work.
Did you check the configuration file?
02-04-2018 03:25 AM
Hello
can you post tha configuration of the rtr
res
paul
02-04-2018 04:46 AM
02-04-2018 08:44 AM
Hello,
I have made some changes to your configuration (relevant parts in bold). See if you can implement this and get it to work: The WAN IP addresses are (obviously) arbitrary, replace those with yours.
boot-start-marker
boot-end-marker
!
enable secret 5 $1$04u5$RNzJZLXMil1tLt2iJeR4B0
!
aaa new-model
!
aaa session-id common
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.10.1
!
ip dhcp pool pool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server x.x.x.x 8.8.8.8
!
ip dhcp pool pool2
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server x.x.x.x 8.8.8.8
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
track 1 ip sla 1 reachability
!
multilink bundle-name authenticated
license udi pid C881G-U-K9 sn FGL184923HC
!
controller Cellular 0
!
ip ssh version 1
!
interface FastEthernet0
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,20,30,1002-1005
switchport mode trunk
no ip address
!
interface FastEthernet1
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 20
no ip address
!
interface FastEthernet3
switchport access vlan 100
no ip address
spanning-tree portfast
!
interface FastEthernet4
description ISP1
ip address 1.1.1.1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 172.16.1.1 255.255.255.0
!
interface Vlan20
description lan side for WLAN1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan30
description lan side for WLAN2
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan100
description vlan for ISP2
ip address 2.2.2.1 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT_ISP1 interface FastEthernet4 overload
ip nat inside source route-map NAT_ISP2 interface Vlan100 overload
!
ip route 0.0.0.0 0.0.0.0 1.1.1.2 track 1
ip route 0.0.0.0 0.0.0.0 2.2.2.2 10
!
ip sla 1
icmp-echo 1.1.1.2 source-ip 1.1.1.1
ip sla schedule 1 life forever start-time now
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
!
route-map NAT_ISP1 permit 10
match ip address 101
match interface FastEthernet4
!
route-map NAT_ISP2 permit 10
match ip address 101
match interface Vlan100
!
event manager applet CLEAR_NAT
event track 1 state any
action 1.0 cli command "enable"
action 2.0 cli command "clear ip nat trans forced"
!
control-plane
!
line con 0
no modem enable
line aux 0
line 3
no exec
line vty 0 4
exec-timeout 60 0
password 7 107D100A0B12065A5E570A
transport input all
line vty 5 15
transport input all
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide