?
Solved

Cisco Router Object Tracking

Posted on 2006-07-08
10
Medium Priority
?
3,054 Views
Last Modified: 2008-01-09
Hi
I have configured a cisco 1721 for reliable static routing using oject tracking. The primary route is to a leased line connection on another router, and the secondary route is out through an adsl interface card on the 1721.

When all the equipment is plugged in, the track table shows as up and the primary route is to the leased line router. After unplugging the leased line router the track table shows down and the default route points to the dialer interface - great! The problem that I am having is that after plugging the leased line router back in the default route will not change back and sticks as the dialer interface.

If i change the seconday route to another device and specifiy a next hop as opposed to the dialer interface, the primary route comes back fine.

Do you know what could be causing this problem?

Thanks
0
Comment
Question by:willwetherman
  • 6
  • 4
10 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17064863
Did you follow the guidelines here:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html
Where only the primary route is monitored and using a floating static default with higher metric?

0
 

Author Comment

by:willwetherman
ID: 17066377
I did yes. Here is a copy of my config

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Failover
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
no ip cef
no ip domain lookup
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600

ip sla monitor 1
 type echo protocol ipIcmpEcho (Removed)
 timeout 1000
 frequency 5
ip sla monitor schedule 1 life forever start-time now
!
!
!
track 123 rtr 1 reachability
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip redirects
 ip virtual-reassembly
 speed auto
!
interface Dialer0
 ip address (Removed)
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname (Removed)
 ppp chap password 0 (Removed)
!
ip local policy route-map MY_LOCAL_POLICY
ip route 0.0.0.0 0.0.0.0 192.168.1.101 track 123
ip route 0.0.0.0 0.0.0.0 Dialer0 254
no ip http server
no ip http secure-server
!
ip nat pool branch (Removed) netmask 255.255.255.248
ip nat inside source list 102 pool branch overload
!
!
access-list 101 permit icmp any host (Removed)
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map MY_LOCAL_POLICY permit 10
 match ip address 101
 set interface Null0
 set ip next-hop 192.168.1.101
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4

!
end
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17066438
I don't see a threshold setting under your sla monitor

ip sla monitor 1
 type echo protocol ipIcmpEcho (Removed)
 timeout 1000
 frequency 5
 threshold 2 <==



0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:willwetherman
ID: 17067345
I did try that to start with and have since changed the config to try and get it to work. I will try it again tomorrow though and let you know. Thanks
0
 

Author Comment

by:willwetherman
ID: 17075149
No this didnt work. I did notice that I can ping the tracked IP address before I unplug the main router, when unplugged the track is down and the default route points to 0.0.0.0 0.0.0.0 dialer0. When I plug the main router back in I can no longer ping the tracked IP address. If i remove the local policy statement and then put it back in and remove 'ip route 0.0.0.0 0.0.0.0 dialer 0 254' it will start working again. I have double checked the route-map to ensure that the next hop is pointing to the main router.

Any more Ideas? Thanks
0
 

Author Comment

by:willwetherman
ID: 17075254
Just looked again and all I have to do is delete' ip route 0.0.0.0 0.0.0.0 dialer 0 254' for the track and primary route to come back up.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17076672
How long do you wait? It might take a couple of minutes which can seem like a very long time in Internet time where we expect stuff to happen almost instantaneously.
Else I would open a TAC case and get Cisco on the hook to help out. I just don't see anthing else at all...
0
 

Author Comment

by:willwetherman
ID: 17077413
I have stripped down my config and it seems as if the problem could be with the route map.

Interface fa0
ip address 192.168.1.1 255.255.255.0

ip local policy route-map MY_LOCAL_POLICY

access-list 101 permit icmp any host 82.0.0.1

route-map MY_LOCAL_POLICY permit 10
match ip address 101
set interface null0
set ip next-hop 192.168.1.101

If i enter the above basic config i can ping 82.0.0.1 without any problems. If i add a default route of 'ip route 0.0.0.0 0.0.0.0 192.168.1.110' i can still ping 82.0.0.1

If I delete the above default route and add 'ip route 0.0.0.0 0.0.0.0 dialer0' I can no longer ping 82.0.0.1.

Is this expected behavior?

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 750 total points
ID: 17077602
What the route-map is doing is making sure that the ping to the host identified in the sla monitor configuration only goes out the designated interface and all other traffic takes the proper route. That's the whole idea is that only if the primary route is available will you be able to ping that host.
If dialer0 is the prefered default route then the route-map will prevent icmp to that host from going out that way. It wouldn't do any good if you could ping that host  no matter which way is the default route.

You  might be able to refine acl 101:
 access-list 101 permit icmp host 192.168.1.1 host 82.0.0.1
This acl uses the router's own interface IP as the source and will not affect any other hosts icmp traffic.
One issue may be the next hop router @.101
This router looks like a 'router on a stick' so to speak
If this is the LAN default gateway and it redirects hosts to another router on the same LAN, then it's not really routing but rather sending those hosts icmp redirects to use the other gateway. It's just not quite the same.
0
 

Author Comment

by:willwetherman
ID: 17077733
I understand that I dont want the ICMP packets generated by the router to go out any other interface other then to the next hop 192.168.1.101. What i was saying is that the pings stop even though the route specified in the route-map is still up.

I have just setup a lab where a PC is 82.0.0.1 with ethereal installed. With the basic config above I am receiving packets but as soon as I add the default route to the dialer interface they stop??

I think I am getting myself confused now but its kinda trying to simulate the situation that when the track goes down and the dialer interface becomes the primary route, that ICMP packets from the router completly stop to the next hop of 192.168.1.101 even though it is still up. It like it takes over as the default route for everything on the router.

I think the only work around to doing this is to install a basic adsl modem with an ip address within the 192.168.1.0 subnet and use that as the backup route

Thanks for your help, Definatley got me pulling my hair out :)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question