05-04-2011 10:26 AM - edited 03-21-2019 04:02 AM
I am trying to set up a dual WAN configuration on a UC540 and have followed Marcos Hernandez's DOC-1620 (which isn't 1620, there are a lot of bad links in these forums). I haven't had any success.
I can ping the primary ISP gateway but I can't ping the secondary ISP gateway (I can ping the secondary IP address assigned to the WAN port). I have verified that if connected directly, the secondary ISP gateway will respond to pings.
I have reloaded the default config, run the telephony setup wizard, turned off the firewall.... Nothing seems to work.
Was wondering if someone might look through my config and see if there is something I am missing.
Thanks,
Brett.
Solved! Go to Solution.
05-05-2011 04:45 PM
Brett, If you ping the second ISP from the UC it should work, if you ping it from internal (if it's the next hop in line it should work) if it's past the next hop it shouldn't. Why do you need to ping it if the IP SLA works as normal?
Anyway I saw the trunk configuration, but I am very leary of getting any support on this configuration from Cisco; I do need to do something like this, but if the customer is calling for support and they see this and say "no joy" then we (I) am in trouble.
I'm still trying to figure out a solution that will be supported, but the customer doesn't have to buy another firewall.
Cheers,
Bob
05-04-2011 04:22 PM
Brett,
Thanks, regardig you config, start with redundancy and get rid of track 2. Change the admin distance to your second default route ISP to be 200, Then when ISP 1 goes down it will remove the default route from the table and the seconds default router will kick in with a metric of 200.
When the primary comes back that default will be preferred and it will be back in place.
If I've confused you let me know e.g.
interface FastEthernet0/0
bandwidth 512
ip address 208.123.194.253 255.255.255.0 secondary
ip address 216.236.103.115 255.255.255.248
ip sla 1
icmp-echo 216.236.103.113
timeout 10000
threshold 2
frequency 10
ip sla schedule 1 life forever start-time now
ip route 0.0.0.0 0.0.0.0 216.236.103.113 track 1
ip route 0.0.0.0 0.0.0.0 208.123.194.1 200
Let me know
Bob
05-05-2011 03:54 PM
Bob,
Finally got a chance to get out and test this. That config does resolve the default route issue. When the cable is pulled from the primary ISP, the default route switches over to the backup. However, it still doesn't allow me to ping the gateway of the secondary ISP.
In the interests of moving forward, I moved on to the third suggestion in Marcos's document and set up sub interfaces on the WAN port with a switch trunking the two VLANs to the individual ISPs. I got this working meaning the with both ISP connections connected, I was able to ping both gateways and the internet from the router. However, it doesn't work from my laptop, probably a NAT issue but I found this:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml
and tomorrow I'll attack that and maybe finally get this project moving.
Brett.
05-05-2011 04:45 PM
Brett, If you ping the second ISP from the UC it should work, if you ping it from internal (if it's the next hop in line it should work) if it's past the next hop it shouldn't. Why do you need to ping it if the IP SLA works as normal?
Anyway I saw the trunk configuration, but I am very leary of getting any support on this configuration from Cisco; I do need to do something like this, but if the customer is calling for support and they see this and say "no joy" then we (I) am in trouble.
I'm still trying to figure out a solution that will be supported, but the customer doesn't have to buy another firewall.
Cheers,
Bob
05-09-2011 08:30 AM
Bob,
Late Friday evening, I finally had some success. I've attached the config but the relevant portions are:
track 1 ip sla 1 reachability
interface FastEthernet0/0
bandwidth 512
no ip address
load-interval 30
duplex auto
speed auto
!
service-policy output shape
!
interface FastEthernet0/0.11
encapsulation dot1Q 11
ip address 216.236.XXX.XXX 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ip address 208.123.XXX.XXX 255.255.255.0
ip nat outside
ip virtual-reassembly
ip nat inside source route-map WAN1 interface FastEthernet0/0.11 overload
ip nat inside source route-map WAN2 interface FastEthernet0/0.12 overload
ip route 0.0.0.0 0.0.0.0 216.236.XXX.XXX track 1
ip route 0.0.0.0 0.0.0.0 208.123.XXX.XXX 20
ip sla 1
icmp-echo 216.236.XXX.XXX
timeout 10000
threshold 2
frequency 10
ip sla schedule 1 life forever start-time now
route-map WAN1 permit 10
match ip address 1
match interface FastEthernet0/0.11
!
route-map WAN2 permit 10
match ip address 1
match interface FastEthernet0/0.12
The physical connections are:
UC540 WAN Port -> Dell switch Port 9 (Trunk VLANS 11 and 12) -> Dell Port 11 (VLAN11) -> ISP 1
|
-> Dell Port 12 (VLAN12) -> ISP 2
So, so basically, it doesn't require another firewall, but rather a switch that supports VLANs.
When you pull the ISP 1 cable, the UC540 automatically switches over to ISP 2 and the SIP trunk re-registers with the new IP address (Excellent). However, when you plug ISP 1 back in, the UC540 is reverting to the primary ISP but is not re-registering on the original ISP (Bad). Even pulling the ISP 2 cable is not correcting the SIP registration. Haven't figured that one out yet, but I am making progress.
Brett.
05-04-2011 10:31 PM
Hi Brett,
Sorry for the bad links. I have been trying to correct them.
The correct link for Marcos Hernandez DOC-1620 is https://supportforums.cisco.com/docs/DOC-9423 and I have changed all the DOC-1620 links to the new one.
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide