Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1671
  • Last Modified:

How to configure Cisco HSRP ISDN Dialup Failover using two 2811 Routers

Hi,

We currently have 2 x Cisco 2811 Routers on a point-to-point link using ISDN - the one at our Main Office dials our remote office when there is a problem at the remote office. The ISDN line is always connected at the Main Office but the line is physically disconnected at the remote end unless it is needed. Simple, and it works.

However, I now need to setup a failover system at the Main Office in case the Main Office router goes down - it has to be 'automatic' (no one physically plugging up a 'spare router') I have another router here at the Main Office to configure.

I have established:

1: I Need 2 Routers at the Main Office
2: I need more ISDN lines as both routers will need permanent ISDN connectivity
3: I need to run HSRP

The questions are:

1: Can each of the two routers at the main office have an identical config on them (apart from E0/0 - which I assume will need to be different!) i.e. can hostname be the same etc. But I need to be able to telnet to each of the individual physical routers while at the remote site myself - so I assume they will need different loopback addresses. (Yes I know telnet is bad)

2: Or do I need a different hostname, loopback and physical IP address for each router? I know the standby Virtual IP will be identical on each. We re using simple static routes, no routing protocols for simplicity.

3: With HSRP does the inactive router lie totally dormant? i.e. So can I put identical dialer strings in both routers at my Main Office without causing any problems as one is always dormant? i.e. I don't want two router trying to dial my reote office at the same time!

4: How will HSRP behave when the link to the remote site is down (as it is most of the time) - will the two routers continually flip back and forth trying to be the Active HSRP router if neither router has a route/ISDN link to the remote office? Or will they 'give-up' after each fails once?

5: I assume my firewall will need to be configured to now allow 3 addresses through as opposed to the existing one. i.e. a virtual and two physical?

Any help or pointers would be greatly appreciated,

Mike
0
itsystemsgroup
Asked:
itsystemsgroup
  • 5
  • 5
4 Solutions
 
ksims1129Commented:
This is a lot
1. Yes and no. They can have the same static routes configure and vpn information if any. Like you mentioned they will need their own IP addresses. HSRP shares a IP address but the routers still have their own independent IP addresses which you can ping and telnet to. If you telnet to the HSRP address it will take you to which ever router is active.

2.you can use the same hostname that references the one router now and just make sure that hostnames resolves to the new HSRP address

3. The second router will do whatever you want. you can have the primary router monitor the ISDN link and it fails to faioover to the second router. If you have two  connections to the remote location you can use GLBP to route packets through each router to aggregate bandwidth.

4.Answered in #3

5. yes it does. is the firewall at the main location or at the remote site or both?
0
 
itsystemsgroupAuthor Commented:
Hi ksims1129,

Thank you very much for your very prompt and detailed answer. I am amazed how helpful people are sometimes! :-)

OK, so if I understand this correctly, I can copy the existing config off my Main Office Router onto an identical router.
I have to change the physical E0/0 IP Addresses to two new ones, configure my Standby IP as my existing IP address, thereby making it virtual. Then copy the existing firewall rule and apply the same rule to my two new E0/0 interfaces.

If I use the preempt and priority commands then I can make the HSRP routers fail-over correctly?

1: I should really have two different hostnames for the two routers really?
2: Can the two 'real' routers both have the same Loopback0 IP Address?
3: I do indeed have a firewall at both ends.
4: I like the idea of telnetting to the virtual address thereby connecting to the active router, but I will need to connect to the standby router too to configure the dialer strings as my remote office is mobile, and the ISDN numbers change each week!!

I am thinking something as simple as this:

hostname RouterA
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 110
standby 1 authentication cisco
standby 1 timers 5 15
!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!



hostname RouterB
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 110
standby 1 authentication cisco
standby 1 timers 5 15
!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!

Is this good to go as long as there are rules in for 1.0.0.1, 1.0.0.2 and 1.0.0.3?
So when I ping the Loopback0 address only the active router responds and brings up the ISDN line?
Your help is much appreciated

Cheers,

Mike
0
 
ksims1129Commented:

1. I would create a hostname for each of the IP addresses
hsrp1 = 1.0.0.1
hsrp2 = 1.0.0.2
hsrp = 1.0.0.3

2.Technically no but theres possibly a work around if you provide information as to why you are using loopback interfaces.

3.Thanks for the info

4. Telneting to individual routers is just a matter of knowing the real IP addresses

Configurations looks good although i would change the time timers to 5 16 to allow time for the third retry to return.
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
itsystemsgroupAuthor Commented:
Thanks once again for your help. It's sounding good and viable then - I can't test this until Thursday as I am not in work tomorrow.

As for the Loopback interfaces, it's a case of inheriting them in a config that's been working for years that was configured by my predecessor.

We ping the Loopback interface on the Main Office router from the Remote Office to bring the ISDN line up.

Main Office Has: ip route 10.99.99.10 255.255.255.255 Dialer1
Remote Office Has: ip route 10.99.99.11 255.255.255.255 Dialer1

So I am quite keen to keep the line in the two Main Office routers for simplicity as (the remote office is the reverse, but you knew that anyway!):

!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!
ip route 10.99.99.10 255.255.255.255 Dialer1

But I am genuinely interested in your workaround if you believe me having Loopback0 as 10.99.99.11 configured on both HSRP1 and HSRP2 will be problematic - I assumed if one router was in standby / dormant then it would never respond to pings on its Loopback interface and the fact there was IP duplication on a Loopback address (not a physical one) on two physical routers then that wouldn't cause an issue?

I really am very appreciative of your help.

Kind Regards,

Mike
0
 
ksims1129Commented:
You can use the newly created HSRP address to bring up the link also. It acts like a loopback in the sense that if one of the two router are up it will always be available.
0
 
itsystemsgroupAuthor Commented:
Aha, thanks for that - I will set this up on Thursday and give it a whirl. I will let you know how I go.

I am intrigued by your comment about the Loopback address as currently I can ping the Loopback address of 10.99.99.11 from the remote site to bring Dialer1 up, but I can't ping it's real Ethernet address to bring the ISDN line up, but that is probably due to there not being a static route for that in the config associated with Dialer1 and the firewall blocking it. Unfortunately I have no access to the firewall, it's controlled by a 3rd Party and request changes take ages so I'm not in a position to check it.

Now you have answered my questions, I am much more confident tackling this config, thank you.
0
 
itsystemsgroupAuthor Commented:
Well it works, well sort of! :-)

HSRP works in as much as when the main router is physically switched off or ALL cables, ISDN and Ethernet are pulled, then the Standby Router detects this and brings up it's Dialers and connects to the remote site - from lost connection to a resumed connection takes 45 seconds, which I think is respectable for a dial-up connection - as the ISDN numbers are different for each of the two routers, the remote site seems to take a while to accept incoming calls from a different number before it lets go of the dialer.

What doesn't work so well is when the original Active router comes back online, since the ISDN lines are active on calls and the remote site is unaware of another Active router trying to dial-in. The lines are engaged and the original router cannot resume a connection to the remote site. Turning off the now active router fixes this - the original resumes its role. So I am able to cover the eventuality of one failed router, but unable to flip-flop back to the original without rebooting the now active one.

The same happens if it's all up and I lose just the ethernet link off the primary router, the router is still alive and calling the remote site and the remote site will not allow another router to call it. So HSRP is only going to help me if I:

1. Totally lose my active router (losing just E0/0 it doesn't switch to the standby)
2. When I have fixed my primary router, I need to reboot my now active router to disconnect the lines for the original to resume it's routing role.

Neither of these problems are massive, but does anyone know of any way to get around these problems with ISDN and dialer strings?
0
 
ksims1129Commented:
The following configuration will monitor ip connectivity to the remote site.

hostname RouterA
!
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 160
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
interface Loopback0
 ip address 10.99.99.11 255.255.255.255
!


hostname RouterB
!
track 10 ip route 10.99.99.10 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 150
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
0
 
ksims1129Commented:
It dawned on me that you are not using dynamic routes so the proposed configuration may not do you any good.i would suggest that you create a tunnel interface that you can use to route a dynamic route to some made up two host routes to use to test for reachability.



hostname RouterA
!
track 10 ip route 192.168.7.1 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.1 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 160
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
interface Tunnel10
 ip address 192.168.3.1 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the remote site
 tunnel destination 3.3.3.3
 tunnel key 100
!
interface loopback 30
 ip address 192.168.6.1 255.255.255.255

router eigrp 10
 no auto-summary
 network 192.168.3.0 0.0.0.3
 network 192.168.6.1 0.0.0.0


-----------------------------------------------------------------

hostname RouterB
!
track 10 ip route 192.168.7.2 255.255.255.255 reachability
!
interface ethernet 0
ip address 1.0.0.2 255.0.0.0
standby 1 ip 1.0.0.3
standby 1 preempt
standby 1 priority 150
standby 1 authentication cisco
standby 1 timers 2 7
standby 1 track dialer1 50
standby 1 track 10 decrement 80
!
!
interface Tunnel10
 ip address 192.168.4.1 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the remote site
 tunnel destination 3.3.3.3
 tunnel key 200
!
interface loopback 30
 ip address 192.168.6.2 255.255.255.255
!
router eigrp 20
 no auto-summary
 network 192.168.4.0 0.0.0.3
 network 192.168.6.2 0.0.0.0

-------------remote router -------------------
!
interface loopback 10
 ip address 192.168.7.1 255.255.255.255
 description Loopback to monitor IP Connectivity to Main Site A Router
!
!
interface loopback 20
 ip address 192.168.7.2 255.255.255.255
 description Loopback to monitor IP Connectivity to Main Site B Router
!
interface Tunnel10
 ip address 192.168.3.2 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the main site A RTR ip address
 tunnel destination 3.3.3.3
 tunnel key 100
i
interface Tunnel20
 ip address 192.168.4.2 255.255.255.252
 tunnel source Dialer1
! Insert the public IP to the main site B RTR ip address
 tunnel destination 3.3.3.3
 tunnel key 200
!
router eigrp 10
 description EIGRP Area for Main Site Router A
 no auto-summary
 network 192.168.3.0 0.0.0.3
 network 192.168.7.1 0.0.0.0
!
router eigrp 20
 description EIGRP Area for Main Site Router A
 no auto-summary
 network 192.168.4.0 0.0.0.3
 network 192.168.7.2 0.0.0.0

0
 
itsystemsgroupAuthor Commented:
Fantastic! Thank you so much for all your help, it really is so much appreciated. I will do some more reading on Tunnels - that may well be the way to go.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now