WAN redundancy using PBR with 2 PPPoE dialer interface
I have a network topology with 2 PPPoE dialer interface from 2 different ISP's and both are pro actively monitored by IP SLA's. Implementing Policy Based routing, LAN 1 uplink use ISP1 gateway and the latter uses ISP 2 gateway. However, I am trying to improve the set up where I want to have a dual redundancy on each LAN networks.
Example Scenario For LAN 1:
- LAN 1 networks primary uplink is ISP1 gateway then will switch to ISP2 as ISP 1 gateway becomes unreachable via IP-SLA tracking. As ISP 1 goes back up, then will switch back again to its primary uplink.
- LAN 2 network uses ISP 2 gateway as its primary link and switchover to ISP 1 as the primary link goes down.
ISP1 gateway: XXX.XXX.XXX.XXX/32
ISP2 IP gateway: YYY.YYY.YYY.YYY/32
LAN1 Network: 10.4.3.0/24 (gateway: 10.4.3.253)
LAN2 Network: 10.0.0.0/24 (gateway: 10.0.0.253)
My problem is that I am having trouble with NAT as I am using both dialer (dialer 1 and 2) interfaces for each networks.
Your inputs will be greatly appreciated. Thanks!
multilink bundle-name authenticated ! ! ! ! redundancy ! ! ! ! ! controller VDSL 0/0/0 ! track 1 ip sla 1 reachability delay down 10 up 1 ! track 2 ip sla 2 reachability delay down 10 up 1 ! ! !
interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description WAN 1 - CAT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface GigabitEthernet0/1 description WAN 2 - ToT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 2 no cdp enable !
! note: for testing purposes, i change Gi0/2 interface based on LAN1 or LAN 2 testing though I have L3 switch from downstream network to cater both LAN networks.
interface GigabitEthernet0/2 description LAN INTERFACE ip address 10.0.0.253 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR-TO-INTERNET duplex auto speed auto ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0/0/0 no ip address shutdown ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication chap callin ppp chap hostname <ISP1@hostname.com> ppp chap password 0 <ISP1passw0rd> no cdp enable ! interface Dialer2 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 2 ppp authentication chap callin ppp chap hostname <ISP2@hostname.com> ppp chap password 0 <ISP2passw0rd> no cdp enable ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source route-map NAT-TO-ISP1 interface Dialer1 overload ip nat inside source route-map NAT-TO-ISP2 interface Dialer2 overload ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX track 1 ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.YYY 200 ! ip access-list extended HQ-NETWORK-TO-INTERNET permit ip 10.4.3.0 0.0.0.255 any ip access-list extended MANSION-NETWORK-TO-INTERNET permit ip 10.0.0.0 0.0.0.255 any ! ip sla auto discovery ip sla 1 icmp-echo XXX.XXX.XXX.XXX source-interface Dialer1 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo YYY.YYY.YYY.YYY source-interface Dialer2 ip sla schedule 2 life forever start-time now ! route-map NAT-TO-ISP2 permit 10 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer2 !
route-map NAT-TO-ISP2 permit 20 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer2
! route-map NAT-TO-ISP1 permit 10 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer1 !
route-map NAT-TO-ISP1 permit 20 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer1
! route-map PBR-TO-INTERNET permit 10 match ip address HQ-NETWORK-TO-INTERNET set ip next-hop verify-availability XXX.XXX.XXX.XXX 10 track 1
set interface Dialer1 Null0 ! route-map PBR-TO-INTERNET permit 20 match ip address MANSION-NETWORK-TO-INTERNET set ip next-hop verify-availability YYY.YYY.YYY.YYY 10 track 2 set interface Dialer2 Null0
Hi to all,i would like to send the output of a single command to an email address so i have created a simple script you can see below.The email is successfully sent to the recipient with the correct subject but the body is empty without the output of the ...
To participate in this event, please use the button to ask your questions
* Note: The link to join the discussion will be activated on March 8
All the knowledge of these four experts at your disposal!
Cisco Software-Defined Wide Area Network (SD-WAN...
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture
(Live event - Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&...
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience.
Learn more about how these w...
(view in My Videos)
Community Live- New Additions to the Catalyst 8000 Family
(Live event - Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT...