cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

8128
Views
0
Helpful
26
Replies
Highlighted
Beginner

Change Lan IP Network

Oh I see so yur configuring the ip on the vlan interface not the fast ethernet port. Would this still work going out to the isp if the fast ethernet port is tagging itself with vlan x frames?

Also how would this work out in relation to a dual wan setup with sla monitoring? My concern is having two interfaces that go to both of my isp's which are on NAT outside. this would load balance traffic, which I don't want. I want a failover scenario using ip sla monitoring.

thanks Marcos

Highlighted
Collaborator

Change Lan IP Network

The switchport would still be an access port, so no tagging.

Take a look at an article I wrote a while back for ideas on how to configure redundancy vs. load balancing:

https://supportforums.cisco.com/docs/DOC-9423

Glad to help! Let me know.

Marcos

Highlighted
Beginner

Change Lan IP Network

Funny, I thought you would mention that article. my questions are stemming from reading through your suggesstions and seeing what would fit in my scenario. Yes you address the ip sla monitoring which is great and I will use that. My other main concern is how the uc520 will handle a dual "NAT outside" situation on both interfaces. If I apply nat outside to each interface and make my nat overload statements for each interface along with all the sla configuration, how will the uc520 only leave one link "active" and working? I know that the sla monitoring will keep only one default gateway active but won't it still try to nat out the other "inactive" interface causing problems?

thanks

Highlighted
Collaborator

Change Lan IP Network

Routing would fix this. I mean, a routing decision (outbound interface) is made prior to NAT'ing. Static route preference would be the way to go, or policy based routing, which is a little more complicated. Try to experiment with this and let me know if you need help.

Highlighted
Beginner

Re: Change Lan IP Network

Hmmm... routing decision before the nat occurs is good. With static route preference do you mean administrative distance? never done policy based routing. I thought with ip sla this is being done in terms of removing the routes. not sure where to go with this one.

ip route 0.0.0.0 0.0.0.0 [ISP 1 GATEWAY] 1

ip route 0.0.0.0 0.0.0.0 [ISP 1 GATEWAY] 10

Highlighted
Collaborator

Re: Change Lan IP Network

Give the primary route a lower administrative disctane than teh backup route. Remember to use SLA tracking to detect when the first interface becomes unavailable.

Thanks,

Marcos

Highlighted
Beginner

Re: Change Lan IP Network

that is how I planned on doing it but I didn't know that would affect the nat choice and figured the uc520 would still try to nat on both interfaces. so does the natting occur before the route selection and the natting checks to see which route is active?

Highlighted
Collaborator

Re: Change Lan IP Network

No. The router decides on which interface to put the packet for outbound transmission and then NAT kicks in.

Highlighted
Beginner

Re: Change Lan IP Network

so when it decides which interface it looks at the route with lowest AD in order to make that decision?

Highlighted
Beginner

Re: Change Lan IP Network

Well I implemented the following config and things work but users are saying that they will get disconnected and then reconnected at random times. When I checked the statistics it doesn't show that the ip sla is failing over. I'm wondering if it's a nat issue. what do you think or recommend?

interface FastEthernet0/0

description PRIMARY COX INTERFACE

ip address X.X.X.X 255.255.255.240

ip access-group 104 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map mymap

interface FastEthernet0/1/0

description INTEGRA BACKUP T1 WAN

switchport access vlan 2

spanning-tree portfast

interface Vlan2

description INTEGRA BACKUP WAN

ip address X.X.X.X 255.255.255.248

ip access-group 104 in

ip nat outside

no ip virtual-reassembly

crypto map mymap

ip nat inside source route-map COX_PRIMARY interface FastEthernet0/0 overload

ip nat inside source route-map INTEGRA_BACKUP interface Vlan2 overload

route-map INTEGRA_BACKUP permit 10

match ip address 110

match interface Vlan2

!

route-map COX_PRIMARY permit 10

match ip address 110

match interface FastEthernet0/0

ip sla 1

icmp-echo 8.8.8.8

timeout 500

threshold 2

frequency 30

ip sla schedule 1 life forever start-time now

!

ip sla 2

icmp-echo 8.8.8.8

timeout 500

threshold 2

frequency 30

ip sla schedule 2 life forever start-time now

!

track ip sla 1 reachability

!

track ip sla 2 reachability

!

ip route 0.0.0.0 0.0.0.0 ** COX PRIMARY GATEWAY ** track 1

!

ip route 0.0.0.0 0.0.0.0 ** INTEGRA BACKUP GATEWAY **  track 2 200

Highlighted
Collaborator

Re: Change Lan IP Network

The "match interface" under the route-maps are not required. In fact, you can use just an "ip nat inside" statement and point it to acces list 110. Also, under "ip sla" I would track the reachability of the default gateway for that connected interface.

Marcos

Highlighted
Beginner

Re: Change Lan IP Network

So something like this is what you would do? Would this address my random internet drops?

Here is the article I followed prior to get the dual ISP NAT working

http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example

interface FastEthernet0/0

description PRIMARY COX INTERFACE

ip address X.X.X.X 255.255.255.240

ip access-group 104 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map mymap

interface FastEthernet0/1/0

description INTEGRA BACKUP T1 WAN

switchport access vlan 2

spanning-tree portfast

interface Vlan2

description INTEGRA BACKUP WAN

ip address X.X.X.X 255.255.255.248

ip access-group 104 in

ip nat outside

no ip virtual-reassembly

crypto map mymap

!

!

ip nat inside source list 110 interface FastEthernet0/0 overload

ip nat inside source list 110 interface Vlan2 overload

!

!

ip sla 1

icmp-echo ** COX PRIMARY GATEWAY **

timeout 500

threshold 2

frequency 30

ip sla schedule 1 life forever start-time now

!

ip sla 2

icmp-echo ** INTEGRA BACKUP GATEWAY **

timeout 500

threshold 2

frequency 30

ip sla schedule 2 life forever start-time now

!

track ip sla 1 reachability

!

track ip sla 2 reachability

!

ip route 0.0.0.0 0.0.0.0 ** COX PRIMARY GATEWAY ** track 1

!

ip route 0.0.0.0 0.0.0.0 ** INTEGRA BACKUP GATEWAY **  track 2 200