cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1532
Views
0
Helpful
5
Replies

UC540 Dual WAN - Again

bbbowden1013
Level 1
Level 1

I am trying to set up a dual WAN configuration on a UC540 and have followed Marcos Hernandez's DOC-1620 (which isn't 1620, there are a lot of bad links in these forums).  I haven't had any success.

I can ping the primary ISP gateway but I can't ping the secondary ISP gateway (I can ping the secondary IP address assigned to the WAN port).  I have verified that if connected directly, the secondary ISP gateway will respond to pings.

I have reloaded the default config, run the telephony setup wizard, turned off the firewall....  Nothing seems to work.

Was wondering if someone might look through my config and see if there is something I am missing.

Thanks,

Brett.

1 Accepted Solution

Accepted Solutions

Brett, If you ping the second ISP from the UC it should work, if you ping it from internal (if it's the next hop in line it should work) if it's past the next hop it shouldn't. Why do you need to ping it if the IP SLA works as normal?

Anyway I saw the trunk configuration, but I am very leary of getting any support on this configuration from Cisco; I do need to do something like this, but if the customer is calling for support and they see this and say "no joy" then we (I) am in trouble.

I'm still trying to figure out a solution that will be supported, but the customer doesn't have to buy another firewall.

Cheers,

Bob

View solution in original post

5 Replies 5

bjames
Level 5
Level 5

Brett,

Thanks, regardig you config, start with redundancy and get rid of track 2. Change the admin distance to your second default route ISP to be 200, Then when ISP 1 goes down it will remove the default route from the table and the seconds default router will kick in with a metric of 200.

When the primary comes back that default will be preferred and it will be back in place.

If I've confused you let me know e.g.

interface FastEthernet0/0
bandwidth 512
ip address 208.123.194.253 255.255.255.0 secondary
ip address 216.236.103.115 255.255.255.248

ip sla 1
icmp-echo 216.236.103.113
timeout 10000
threshold 2
frequency 10
ip sla schedule 1 life forever start-time now

ip route 0.0.0.0 0.0.0.0 216.236.103.113 track 1

ip route 0.0.0.0 0.0.0.0 208.123.194.1 200

Let me know

Bob

Bob,

Finally got a chance to get out and test this.  That config does resolve the default route issue.  When the cable is pulled from the primary ISP, the default route switches over to the backup.  However, it still doesn't allow me to ping the gateway of the secondary ISP.

In the interests of moving forward, I moved on to the third suggestion in Marcos's document and set up sub interfaces on the WAN port with a switch trunking the two VLANs to the individual ISPs.  I got this working meaning the with both ISP connections connected, I was able to ping both gateways and the internet from the router.  However, it doesn't work from my laptop, probably a NAT issue but I found this:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml

and tomorrow I'll attack that and maybe finally get this project moving.

Brett.

Brett, If you ping the second ISP from the UC it should work, if you ping it from internal (if it's the next hop in line it should work) if it's past the next hop it shouldn't. Why do you need to ping it if the IP SLA works as normal?

Anyway I saw the trunk configuration, but I am very leary of getting any support on this configuration from Cisco; I do need to do something like this, but if the customer is calling for support and they see this and say "no joy" then we (I) am in trouble.

I'm still trying to figure out a solution that will be supported, but the customer doesn't have to buy another firewall.

Cheers,

Bob

Bob,

Late Friday evening, I finally had some success.  I've attached the config but the relevant portions are:

track 1 ip sla 1 reachability

interface FastEthernet0/0
bandwidth 512
no ip address
load-interval 30
duplex auto
speed auto
!
service-policy output shape
!
interface FastEthernet0/0.11
encapsulation dot1Q 11
ip address 216.236.XXX.XXX 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ip address 208.123.XXX.XXX 255.255.255.0
ip nat outside
ip virtual-reassembly

ip nat inside source route-map WAN1 interface FastEthernet0/0.11 overload
ip nat inside source route-map WAN2 interface FastEthernet0/0.12 overload
ip route 0.0.0.0 0.0.0.0 216.236.XXX.XXX track 1
ip route 0.0.0.0 0.0.0.0 208.123.XXX.XXX 20

ip sla 1
icmp-echo 216.236.XXX.XXX
timeout 10000
threshold 2
frequency 10
ip sla schedule 1 life forever start-time now

route-map WAN1 permit 10
match ip address 1
match interface FastEthernet0/0.11
!
route-map WAN2 permit 10
match ip address 1
match interface FastEthernet0/0.12

The physical connections are:

UC540 WAN Port -> Dell switch Port 9 (Trunk VLANS 11 and 12) -> Dell Port 11 (VLAN11) -> ISP 1

                                                                                               |

                                                                                               -> Dell Port 12 (VLAN12) -> ISP 2

So, so basically, it doesn't require another firewall, but rather a switch that supports VLANs.

When you pull the ISP 1 cable, the UC540 automatically switches over to ISP 2 and the SIP trunk re-registers with the new IP address (Excellent).  However, when you plug ISP 1 back in, the UC540 is reverting to the primary ISP but is not re-registering on the original ISP (Bad).  Even pulling the ISP 2 cable is not correcting the SIP registration.  Haven't figured that one out yet, but I am making progress.

Brett.

cindy toy
Level 7
Level 7

Hi Brett,

Sorry for the bad links. I have been trying to correct them.

The correct link for Marcos Hernandez DOC-1620 is https://supportforums.cisco.com/docs/DOC-9423 and I have changed all the DOC-1620 links to the new one.

Regards,

Cindy Toy

Cisco Small Business Community Manager

for Cisco Small Business Products

www.cisco.com/go/smallbizsupport

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: