Solved

How to configure Cisco HSRP ISDN Dialup Failover using two 2811 Routers

Posted on 2009-05-12
10
1,647 Views
Last Modified: 2012-05-06
Hi,

We currently have 2 x Cisco 2811 Routers on a point-to-point link using ISDN - the one at our Main Office dials our remote office when there is a problem at the remote office. The ISDN line is always connected at the Main Office but the line is physically disconnected at the remote end unless it is needed. Simple, and it works.

However, I now need to setup a failover system at the Main Office in case the Main Office router goes down - it has to be 'automatic' (no one physically plugging up a 'spare router') I have another router here at the Main Office to configure.

I have established:

1: I Need 2 Routers at the Main Office
2: I need more ISDN lines as both routers will need permanent ISDN connectivity
3: I need to run HSRP

The questions are:

1: Can each of the two routers at the main office have an identical config on them (apart from E0/0 - which I assume will need to be different!) i.e. can hostname be the same etc. But I need to be able to telnet to each of the individual physical routers while at the remote site myself - so I assume they will need different loopback addresses. (Yes I know telnet is bad)

2: Or do I need a different hostname, loopback and physical IP address for each router? I know the standby Virtual IP will be identical on each. We re using simple static routes, no routing protocols for simplicity.

3: With HSRP does the inactive router lie totally dormant? i.e. So can I put identical dialer strings in both routers at my Main Office without causing any problems as one is always dormant? i.e. I don't want two router trying to dial my reote office at the same time!

4: How will HSRP behave when the link to the remote site is down (as it is most of the time) - will the two routers continually flip back and forth trying to be the Active HSRP router if neither router has a route/ISDN link to the remote office? Or will they 'give-up' after each fails once?

5: I assume my firewall will need to be configured to now allow 3 addresses through as opposed to the existing one. i.e. a virtual and two physical?

Any help or pointers would be greatly appreciated,

Mike
0
Comment
Question by:itsystemsgroup
  • 5
  • 5
10 Comments
 
LVL 5

Assisted Solution

by:ksims1129
ksims1129 earned 500 total points
ID: 24366852
This is a lot
1. Yes and no. They can have the same static routes configure and vpn information if any. Like you mentioned they will need their own IP addresses. HSRP shares a IP address but the routers still have their own independent IP addresses which you can ping and telnet to. If you telnet to the HSRP address it will take you to which ever router is active.

2.you can use the same hostname that references the one router now and just make sure that hostnames resolves to the new HSRP address

3. The second router will do whatever you want. you can have the primary router monitor the ISDN link and it fails to faioover to the second router. If you have two  connections to the remote location you can use GLBP to route packets through each router to aggregate bandwidth.

4.Answered in #3

5. yes it does. is the firewall at the main location or at the remote site or both?
0
 

Author Comment

by:itsystemsgroup
ID: 24367793
Hi ksims1129,

Thank you very much for your very prompt and detailed answer. I am amazed how helpful people are sometimes! :-)

OK, so if I understand this correctly, I can copy the existing config off my Main Office Router onto an identical router.
I have to change the physical E0/0 IP Addresses to two new ones, configure my Standby IP as my existing IP address, thereby making it virtual. Then copy the existing firewall rule and apply the same rule to my two new E0/0 interfaces.

If I use the preempt and priority commands then I can make the HSRP routers fail-over correctly?

1: I should really have two different hostnames for the two routers really?
2: Can the two 'real' routers both have the same Loopback0 IP Address?
3: I do indeed have a firewall at both ends.
4: I like the idea of telnetting to the virtual address thereby connecting to the active router, but I will need to connect to the standby router too to configure the dialer strings as my remote office is mobile, and the ISDN numbers change each week!!

I am thinking something as simple as this:

hostname RouterA
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 110
standby 1 authentication cisco
standby 1 timers 5 15
!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!



hostname RouterB
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 110
standby 1 authentication cisco
standby 1 timers 5 15
!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!

Is this good to go as long as there are rules in for 1.0.0.1, 1.0.0.2 and 1.0.0.3?
So when I ping the Loopback0 address only the active router responds and brings up the ISDN line?
Your help is much appreciated

Cheers,

Mike
0
 
LVL 5

Assisted Solution

by:ksims1129
ksims1129 earned 500 total points
ID: 24368913

1. I would create a hostname for each of the IP addresses
hsrp1 = 1.0.0.1
hsrp2 = 1.0.0.2
hsrp = 1.0.0.3

2.Technically no but theres possibly a work around if you provide information as to why you are using loopback interfaces.

3.Thanks for the info

4. Telneting to individual routers is just a matter of knowing the real IP addresses

Configurations looks good although i would change the time timers to 5 16 to allow time for the third retry to return.
0
 

Author Comment

by:itsystemsgroup
ID: 24369242
Thanks once again for your help. It's sounding good and viable then - I can't test this until Thursday as I am not in work tomorrow.

As for the Loopback interfaces, it's a case of inheriting them in a config that's been working for years that was configured by my predecessor.

We ping the Loopback interface on the Main Office router from the Remote Office to bring the ISDN line up.

Main Office Has: ip route 10.99.99.10 255.255.255.255 Dialer1
Remote Office Has: ip route 10.99.99.11 255.255.255.255 Dialer1

So I am quite keen to keep the line in the two Main Office routers for simplicity as (the remote office is the reverse, but you knew that anyway!):

!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!
ip route 10.99.99.10 255.255.255.255 Dialer1

But I am genuinely interested in your workaround if you believe me having Loopback0 as 10.99.99.11 configured on both HSRP1 and HSRP2 will be problematic - I assumed if one router was in standby / dormant then it would never respond to pings on its Loopback interface and the fact there was IP duplication on a Loopback address (not a physical one) on two physical routers then that wouldn't cause an issue?

I really am very appreciative of your help.

Kind Regards,

Mike
0
 
LVL 5

Assisted Solution

by:ksims1129
ksims1129 earned 500 total points
ID: 24369281
You can use the newly created HSRP address to bring up the link also. It acts like a loopback in the sense that if one of the two router are up it will always be available.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:itsystemsgroup
ID: 24369432
Aha, thanks for that - I will set this up on Thursday and give it a whirl. I will let you know how I go.

I am intrigued by your comment about the Loopback address as currently I can ping the Loopback address of 10.99.99.11 from the remote site to bring Dialer1 up, but I can't ping it's real Ethernet address to bring the ISDN line up, but that is probably due to there not being a static route for that in the config associated with Dialer1 and the firewall blocking it. Unfortunately I have no access to the firewall, it's controlled by a 3rd Party and request changes take ages so I'm not in a position to check it.

Now you have answered my questions, I am much more confident tackling this config, thank you.
0
 

Author Comment

by:itsystemsgroup
ID: 24388604
Well it works, well sort of! :-)

HSRP works in as much as when the main router is physically switched off or ALL cables, ISDN and Ethernet are pulled, then the Standby Router detects this and brings up it's Dialers and connects to the remote site - from lost connection to a resumed connection takes 45 seconds, which I think is respectable for a dial-up connection - as the ISDN numbers are different for each of the two routers, the remote site seems to take a while to accept incoming calls from a different number before it lets go of the dialer.

What doesn't work so well is when the original Active router comes back online, since the ISDN lines are active on calls and the remote site is unaware of another Active router trying to dial-in. The lines are engaged and the original router cannot resume a connection to the remote site. Turning off the now active router fixes this - the original resumes its role. So I am able to cover the eventuality of one failed router, but unable to flip-flop back to the original without rebooting the now active one.

The same happens if it's all up and I lose just the ethernet link off the primary router, the router is still alive and calling the remote site and the remote site will not allow another router to call it. So HSRP is only going to help me if I:

1. Totally lose my active router (losing just E0/0 it doesn't switch to the standby)
2. When I have fixed my primary router, I need to reboot my now active router to disconnect the lines for the original to resume it's routing role.

Neither of these problems are massive, but does anyone know of any way to get around these problems with ISDN and dialer strings?
0
 
LVL 5

Expert Comment

by:ksims1129
ID: 24390651
The following configuration will monitor ip connectivity to the remote site.

hostname RouterA
!
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 160
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!


hostname RouterB
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 150
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
0
 
LVL 5

Accepted Solution

by:
ksims1129 earned 500 total points
ID: 24391815
It dawned on me that you are not using dynamic routes so the proposed configuration may not do you any good.i would suggest that you create a tunnel interface that you can use to route a dynamic route to some made up two host routes to use to test for reachability.



hostname RouterA
!
track 10 ip route 192.168.7.1 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 160
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
interface Tunnel10
 ip address 192.168.3.1 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the remote site
 tunnel destination 3.3.3.3
 tunnel key 100
!
interface loopback 30
 ip address 192.168.6.1 255.255.255.255

router eigrp 10
 no auto-summary
 network 192.168.3.0 0.0.0.3
 network 192.168.6.1 0.0.0.0


-----------------------------------------------------------------

hostname RouterB
!
track 10 ip route 192.168.7.2 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 150
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
!
interface Tunnel10
 ip address 192.168.4.1 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the remote site
 tunnel destination 3.3.3.3
 tunnel key 200
!
interface loopback 30
 ip address 192.168.6.2 255.255.255.255
!
router eigrp 20
 no auto-summary
 network 192.168.4.0 0.0.0.3
 network 192.168.6.2 0.0.0.0

-------------remote router -------------------
!
interface loopback 10
 ip address 192.168.7.1 255.255.255.255
 description Loopback to monitor IP Connectivity to Main Site A Router
!
!
interface loopback 20
 ip address 192.168.7.2 255.255.255.255
 description Loopback to monitor IP Connectivity to Main Site B Router
!
interface Tunnel10
 ip address 192.168.3.2 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the main site A RTR ip address
 tunnel destination 3.3.3.3
 tunnel key 100
i
interface Tunnel20
 ip address 192.168.4.2 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the main site B RTR ip address
 tunnel destination 3.3.3.3
 tunnel key 200
!
router eigrp 10
 description EIGRP Area for Main Site Router A
 no auto-summary
 network 192.168.3.0 0.0.0.3
 network 192.168.7.1 0.0.0.0
!
router eigrp 20
 description EIGRP Area for Main Site Router A
 no auto-summary
 network 192.168.4.0 0.0.0.3
 network 192.168.7.2 0.0.0.0

0
 

Author Closing Comment

by:itsystemsgroup
ID: 31580609
Fantastic! Thank you so much for all your help, it really is so much appreciated. I will do some more reading on Tunnels - that may well be the way to go.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now