WAN redundancy using PBR with 2 PPPoE dialer interface
I have a network topology with 2 PPPoE dialer interface from 2 different ISP's and both are pro actively monitored by IP SLA's. Implementing Policy Based routing, LAN 1 uplink use ISP1 gateway and the latter uses ISP 2 gateway. However, I am trying to improve the set up where I want to have a dual redundancy on each LAN networks.
Example Scenario For LAN 1:
- LAN 1 networks primary uplink is ISP1 gateway then will switch to ISP2 as ISP 1 gateway becomes unreachable via IP-SLA tracking. As ISP 1 goes back up, then will switch back again to its primary uplink.
- LAN 2 network uses ISP 2 gateway as its primary link and switchover to ISP 1 as the primary link goes down.
ISP1 gateway: XXX.XXX.XXX.XXX/32
ISP2 IP gateway: YYY.YYY.YYY.YYY/32
LAN1 Network: 10.4.3.0/24 (gateway: 10.4.3.253)
LAN2 Network: 10.0.0.0/24 (gateway: 10.0.0.253)
My problem is that I am having trouble with NAT as I am using both dialer (dialer 1 and 2) interfaces for each networks.
Your inputs will be greatly appreciated. Thanks!
multilink bundle-name authenticated ! ! ! ! redundancy ! ! ! ! ! controller VDSL 0/0/0 ! track 1 ip sla 1 reachability delay down 10 up 1 ! track 2 ip sla 2 reachability delay down 10 up 1 ! ! !
interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description WAN 1 - CAT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface GigabitEthernet0/1 description WAN 2 - ToT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 2 no cdp enable !
! note: for testing purposes, i change Gi0/2 interface based on LAN1 or LAN 2 testing though I have L3 switch from downstream network to cater both LAN networks.
interface GigabitEthernet0/2 description LAN INTERFACE ip address 10.0.0.253 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR-TO-INTERNET duplex auto speed auto ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0/0/0 no ip address shutdown ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication chap callin ppp chap hostname <ISP1@hostname.com> ppp chap password 0 <ISP1passw0rd> no cdp enable ! interface Dialer2 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 2 ppp authentication chap callin ppp chap hostname <ISP2@hostname.com> ppp chap password 0 <ISP2passw0rd> no cdp enable ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source route-map NAT-TO-ISP1 interface Dialer1 overload ip nat inside source route-map NAT-TO-ISP2 interface Dialer2 overload ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX track 1 ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.YYY 200 ! ip access-list extended HQ-NETWORK-TO-INTERNET permit ip 10.4.3.0 0.0.0.255 any ip access-list extended MANSION-NETWORK-TO-INTERNET permit ip 10.0.0.0 0.0.0.255 any ! ip sla auto discovery ip sla 1 icmp-echo XXX.XXX.XXX.XXX source-interface Dialer1 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo YYY.YYY.YYY.YYY source-interface Dialer2 ip sla schedule 2 life forever start-time now ! route-map NAT-TO-ISP2 permit 10 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer2 !
route-map NAT-TO-ISP2 permit 20 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer2
! route-map NAT-TO-ISP1 permit 10 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer1 !
route-map NAT-TO-ISP1 permit 20 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer1
! route-map PBR-TO-INTERNET permit 10 match ip address HQ-NETWORK-TO-INTERNET set ip next-hop verify-availability XXX.XXX.XXX.XXX 10 track 1
set interface Dialer1 Null0 ! route-map PBR-TO-INTERNET permit 20 match ip address MANSION-NETWORK-TO-INTERNET set ip next-hop verify-availability YYY.YYY.YYY.YYY 10 track 2 set interface Dialer2 Null0
Hi!Need to find network devices but not want to open SSH and do show cdp nei, show lldp nei and then need to sh cdp nei gig0/1 det and more.... ?Now You can do from PowerShell.\cdplldp.exe -v v3 -u <SNMPv3 user> -a SHA -w <SNMPv3 authkey> -pp ...
Community Live slides- Getting to know Cisco SD-WAN
(Live event - formerly known as Webcast- Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event had place on Wednesday 11th, December 2019 at 10hrs PDT
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about the Cisco Software-Defined WAN (SD-WAN) solution, its historical roo...
Starting from NFVIS 3.12 versions, the deploy option does not depict all the SR-IOV VFs(Virtual Functions) available in a physical interface. This change is introduced as (i) the number of VFs of ENCS platform on LANs side is increased to 24 and (ii) the...