How to configure Cisco HSRP ISDN Dialup Failover using two 2811 Routers
Hi,
We currently have 2 x Cisco 2811 Routers on a point-to-point link using ISDN - the one at our Main Office dials our remote office when there is a problem at the remote office. The ISDN line is always connected at the Main Office but the line is physically disconnected at the remote end unless it is needed. Simple, and it works.
However, I now need to setup a failover system at the Main Office in case the Main Office router goes down - it has to be 'automatic' (no one physically plugging up a 'spare router') I have another router here at the Main Office to configure.
I have established:
1: I Need 2 Routers at the Main Office
2: I need more ISDN lines as both routers will need permanent ISDN connectivity
3: I need to run HSRP
The questions are:
1: Can each of the two routers at the main office have an identical config on them (apart from E0/0 - which I assume will need to be different!) i.e. can hostname be the same etc. But I need to be able to telnet to each of the individual physical routers while at the remote site myself - so I assume they will need different loopback addresses. (Yes I know telnet is bad)
2: Or do I need a different hostname, loopback and physical IP address for each router? I know the standby Virtual IP will be identical on each. We re using simple static routes, no routing protocols for simplicity.
3: With HSRP does the inactive router lie totally dormant? i.e. So can I put identical dialer strings in both routers at my Main Office without causing any problems as one is always dormant? i.e. I don't want two router trying to dial my reote office at the same time!
4: How will HSRP behave when the link to the remote site is down (as it is most of the time) - will the two routers continually flip back and forth trying to be the Active HSRP router if neither router has a route/ISDN link to the remote office? Or will they 'give-up' after each fails once?
5: I assume my firewall will need to be configured to now allow 3 addresses through as opposed to the existing one. i.e. a virtual and two physical?
Any help or pointers would be greatly appreciated,
Mike
We currently have 2 x Cisco 2811 Routers on a point-to-point link using ISDN - the one at our Main Office dials our remote office when there is a problem at the remote office. The ISDN line is always connected at the Main Office but the line is physically disconnected at the remote end unless it is needed. Simple, and it works.
However, I now need to setup a failover system at the Main Office in case the Main Office router goes down - it has to be 'automatic' (no one physically plugging up a 'spare router') I have another router here at the Main Office to configure.
I have established:
1: I Need 2 Routers at the Main Office
2: I need more ISDN lines as both routers will need permanent ISDN connectivity
3: I need to run HSRP
The questions are:
1: Can each of the two routers at the main office have an identical config on them (apart from E0/0 - which I assume will need to be different!) i.e. can hostname be the same etc. But I need to be able to telnet to each of the individual physical routers while at the remote site myself - so I assume they will need different loopback addresses. (Yes I know telnet is bad)
2: Or do I need a different hostname, loopback and physical IP address for each router? I know the standby Virtual IP will be identical on each. We re using simple static routes, no routing protocols for simplicity.
3: With HSRP does the inactive router lie totally dormant? i.e. So can I put identical dialer strings in both routers at my Main Office without causing any problems as one is always dormant? i.e. I don't want two router trying to dial my reote office at the same time!
4: How will HSRP behave when the link to the remote site is down (as it is most of the time) - will the two routers continually flip back and forth trying to be the Active HSRP router if neither router has a route/ISDN link to the remote office? Or will they 'give-up' after each fails once?
5: I assume my firewall will need to be configured to now allow 3 addresses through as opposed to the existing one. i.e. a virtual and two physical?
Any help or pointers would be greatly appreciated,
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks once again for your help. It's sounding good and viable then - I can't test this until Thursday as I am not in work tomorrow.
As for the Loopback interfaces, it's a case of inheriting them in a config that's been working for years that was configured by my predecessor.
We ping the Loopback interface on the Main Office router from the Remote Office to bring the ISDN line up.
Main Office Has: ip route 10.99.99.10 255.255.255.255 Dialer1
Remote Office Has: ip route 10.99.99.11 255.255.255.255 Dialer1
So I am quite keen to keep the line in the two Main Office routers for simplicity as (the remote office is the reverse, but you knew that anyway!):
!
interface Loopback0
ip address 10.99.99.11 255.255.255.255
!
ip route 10.99.99.10 255.255.255.255 Dialer1
But I am genuinely interested in your workaround if you believe me having Loopback0 as 10.99.99.11 configured on both HSRP1 and HSRP2 will be problematic - I assumed if one router was in standby / dormant then it would never respond to pings on its Loopback interface and the fact there was IP duplication on a Loopback address (not a physical one) on two physical routers then that wouldn't cause an issue?
I really am very appreciative of your help.
Kind Regards,
Mike
As for the Loopback interfaces, it's a case of inheriting them in a config that's been working for years that was configured by my predecessor.
We ping the Loopback interface on the Main Office router from the Remote Office to bring the ISDN line up.
Main Office Has: ip route 10.99.99.10 255.255.255.255 Dialer1
Remote Office Has: ip route 10.99.99.11 255.255.255.255 Dialer1
So I am quite keen to keep the line in the two Main Office routers for simplicity as (the remote office is the reverse, but you knew that anyway!):
!
interface Loopback0
ip address 10.99.99.11 255.255.255.255
!
ip route 10.99.99.10 255.255.255.255 Dialer1
But I am genuinely interested in your workaround if you believe me having Loopback0 as 10.99.99.11 configured on both HSRP1 and HSRP2 will be problematic - I assumed if one router was in standby / dormant then it would never respond to pings on its Loopback interface and the fact there was IP duplication on a Loopback address (not a physical one) on two physical routers then that wouldn't cause an issue?
I really am very appreciative of your help.
Kind Regards,
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Aha, thanks for that - I will set this up on Thursday and give it a whirl. I will let you know how I go.
I am intrigued by your comment about the Loopback address as currently I can ping the Loopback address of 10.99.99.11 from the remote site to bring Dialer1 up, but I can't ping it's real Ethernet address to bring the ISDN line up, but that is probably due to there not being a static route for that in the config associated with Dialer1 and the firewall blocking it. Unfortunately I have no access to the firewall, it's controlled by a 3rd Party and request changes take ages so I'm not in a position to check it.
Now you have answered my questions, I am much more confident tackling this config, thank you.
I am intrigued by your comment about the Loopback address as currently I can ping the Loopback address of 10.99.99.11 from the remote site to bring Dialer1 up, but I can't ping it's real Ethernet address to bring the ISDN line up, but that is probably due to there not being a static route for that in the config associated with Dialer1 and the firewall blocking it. Unfortunately I have no access to the firewall, it's controlled by a 3rd Party and request changes take ages so I'm not in a position to check it.
Now you have answered my questions, I am much more confident tackling this config, thank you.
ASKER
Well it works, well sort of! :-)
HSRP works in as much as when the main router is physically switched off or ALL cables, ISDN and Ethernet are pulled, then the Standby Router detects this and brings up it's Dialers and connects to the remote site - from lost connection to a resumed connection takes 45 seconds, which I think is respectable for a dial-up connection - as the ISDN numbers are different for each of the two routers, the remote site seems to take a while to accept incoming calls from a different number before it lets go of the dialer.
What doesn't work so well is when the original Active router comes back online, since the ISDN lines are active on calls and the remote site is unaware of another Active router trying to dial-in. The lines are engaged and the original router cannot resume a connection to the remote site. Turning off the now active router fixes this - the original resumes its role. So I am able to cover the eventuality of one failed router, but unable to flip-flop back to the original without rebooting the now active one.
The same happens if it's all up and I lose just the ethernet link off the primary router, the router is still alive and calling the remote site and the remote site will not allow another router to call it. So HSRP is only going to help me if I:
1. Totally lose my active router (losing just E0/0 it doesn't switch to the standby)
2. When I have fixed my primary router, I need to reboot my now active router to disconnect the lines for the original to resume it's routing role.
Neither of these problems are massive, but does anyone know of any way to get around these problems with ISDN and dialer strings?
HSRP works in as much as when the main router is physically switched off or ALL cables, ISDN and Ethernet are pulled, then the Standby Router detects this and brings up it's Dialers and connects to the remote site - from lost connection to a resumed connection takes 45 seconds, which I think is respectable for a dial-up connection - as the ISDN numbers are different for each of the two routers, the remote site seems to take a while to accept incoming calls from a different number before it lets go of the dialer.
What doesn't work so well is when the original Active router comes back online, since the ISDN lines are active on calls and the remote site is unaware of another Active router trying to dial-in. The lines are engaged and the original router cannot resume a connection to the remote site. Turning off the now active router fixes this - the original resumes its role. So I am able to cover the eventuality of one failed router, but unable to flip-flop back to the original without rebooting the now active one.
The same happens if it's all up and I lose just the ethernet link off the primary router, the router is still alive and calling the remote site and the remote site will not allow another router to call it. So HSRP is only going to help me if I:
1. Totally lose my active router (losing just E0/0 it doesn't switch to the standby)
2. When I have fixed my primary router, I need to reboot my now active router to disconnect the lines for the original to resume it's routing role.
Neither of these problems are massive, but does anyone know of any way to get around these problems with ISDN and dialer strings?
The following configuration will monitor ip connectivity to the remote site.
hostname RouterA
!
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 160
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
interface Loopback0
ip address 10.99.99.11 255.255.255.255
!
hostname RouterB
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 150
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
hostname RouterA
!
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 160
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
interface Loopback0
ip address 10.99.99.11 255.255.255.255
!
hostname RouterB
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 150
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fantastic! Thank you so much for all your help, it really is so much appreciated. I will do some more reading on Tunnels - that may well be the way to go.
ASKER
Thank you very much for your very prompt and detailed answer. I am amazed how helpful people are sometimes! :-)
OK, so if I understand this correctly, I can copy the existing config off my Main Office Router onto an identical router.
I have to change the physical E0/0 IP Addresses to two new ones, configure my Standby IP as my existing IP address, thereby making it virtual. Then copy the existing firewall rule and apply the same rule to my two new E0/0 interfaces.
If I use the preempt and priority commands then I can make the HSRP routers fail-over correctly?
1: I should really have two different hostnames for the two routers really?
2: Can the two 'real' routers both have the same Loopback0 IP Address?
3: I do indeed have a firewall at both ends.
4: I like the idea of telnetting to the virtual address thereby connecting to the active router, but I will need to connect to the standby router too to configure the dialer strings as my remote office is mobile, and the ISDN numbers change each week!!
I am thinking something as simple as this:
hostname RouterA
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 110
standby 1 authentication cisco
standby 1 timers 5 15
!
interface Loopback0
ip address 10.99.99.11 255.255.255.255
!
hostname RouterB
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 110
standby 1 authentication cisco
standby 1 timers 5 15
!
interface Loopback0
ip address 10.99.99.11 255.255.255.255
!
Is this good to go as long as there are rules in for 1.0.0.1, 1.0.0.2 and 1.0.0.3?
So when I ping the Loopback0 address only the active router responds and brings up the ISDN line?
Your help is much appreciated
Cheers,
Mike