This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.
Solved
IP SLA Cisco 2821
Posted on 2011-03-08
I have a cable modem with static address run to gi0/1 on a Cisco 2821 ios Version 12.4(15)T10. The gi0/1 has dhcp enabled (carrier uses mac to give out address reservation). This is the primary internet carrier. The local lan is on gi0/0, which has another cisco router on it used by another entity that has internet access from another carrier.
I need to have the 2821 direct traffic to that device when the gi0/1 interface can no longer get outbound. i have tried static routes, such as 0.0.0.0 0.0.0.0 gi0/1 and 0.0.0.0 0.0.0.0 otherrouter address 250 but that results in the other router getting all of the traffic. This resuts in a far slower internet, as its a low speed backup T1. I need guidance on making the SLA or whatever is the best fit for this to work.
Thanks
I need to have the 2821 direct traffic to that device when the gi0/1 interface can no longer get outbound. i have tried static routes, such as 0.0.0.0 0.0.0.0 gi0/1 and 0.0.0.0 0.0.0.0 otherrouter address 250 but that results in the other router getting all of the traffic. This resuts in a far slower internet, as its a low speed backup T1. I need guidance on making the SLA or whatever is the best fit for this to work.
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2-
2
7 Comments
Active today
Object tracking with SLA sounds like what you need.
Try this:
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html
Try this:
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html
The backup router is still getting the traffic when the ip sla is defined. attached is the base code of the router. Can you show the changes necessary in the code?
Using 3956 out of 245752 bytes
!
! Last configuration change at 10:55:52 PCTime Tue Mar 8 2011 by x
! NVRAM config last updated at 10:56:30 PCTime Tue Mar 8 2011 by x
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname x
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
dot11 syslog
!
!
ip cef
!
!
ip domain name x.local
ip multicast-routing
!
multilink bundle-name authenticated
!
!
!
!
!
username privilege 15 password
archive
log config
hidekeys
!
!
!
!
!
!
!
interface Multilink1
ip address 10.10.10.2 255.255.255.252
ip pim sparse-dense-mode
fair-queue 64 16 0
no cdp enable
ppp multilink
ppp multilink group 1
!
interface GigabitEthernet0/0
description $LAN$
ip address 172.x.x.x 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
fair-queue
no cdp enable
!
interface GigabitEthernet0/1
description Metrocast
ip address dhcp
ip access-group 152 in
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
encapsulation ppp
fair-queue
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0
no ip address
encapsulation ppp
fair-queue
ppp multilink
ppp multilink group 1
!
ip forward-protocol nd
ip route 10.0.0.0 255.0.0.0 172.x.x.x
ip route 172.x.x.0 255.255.255.0 172.x.x.x
ip route 172.x.x.0 255.255.255.0 10.10.10.1
ip route 172.x.x.0 255.255.255.0 172.x.x.x
ip route 172.x.x.0 255.255.255.0 172.x.x.x
ip route 192.x.x.0 255.255.255.0 172.x.x.x
!
ip flow-export version 5
ip flow-export destination 172.x.x.x 2055
!
ip http server
ip http authentication local
no ip http secure-server
ip nat pool name 216.x.x.x 216.x.x.x netmask 255.255.255.252
ip nat inside source list 151 interface GigabitEthernet0/1 overload
!
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 deny tcp host 172.x.x.x any eq www
access-list 150 permit ip any any
access-list 151 permit ip host 172.x.x.x any
access-list 151 permit ip host 172.x.x.x any
access-list 151 permit ip host 172.x.x.x any
access-list 151 permit tcp any any
access-list 152 deny icmp any any echo
access-list 152 deny icmp any any echo-reply
access-list 152 deny udp any any gt 32768
access-list 152 permit ip any any
snmp-server community name RW
!
!
!
!
control-plane
!
banner login ^C
*****************************************************************************
* *
* *
* *
* *
* *
*****************************************************************************
^C
!
line con 0
login local
line aux 0
login local
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180135
ntp server 172.x.x.x
!
end
Active today
>The backup router is still getting the traffic when the ip sla is defined.
Please post the config that you tried but wouldn't work.
Please post the config that you tried but wouldn't work.
which interface is the T1 backup connected to?
you could use HSRP for this: (for the sake of this example I am using g0/2 as the backup.)
ip route 0.0.0.0 0.0.0.0 g0/2 track 6
ip route 0.0.0.0 0.0.0.0 g0/1 track 5
track 5 ip route 0.0.0.0 0.0.0.0 reachability
int g0/1
standby 1 ip 172.16.6.100
standby 1 preempt
standby 1 priority 110 decrement 20
standby 1 track 5
int g0/2
standby 1 ip 172.16.6.100
standby 1 preempt
standby 1 track 6
The priority command on g0/1 will make it the dominent interface until the default route is detected as down. When the default route goes down the priority will be decreased by 20 placing it under the default priority of g0/2 (default priority for HSRP is 100).
to check the configuration you can issue the show standby or show standby brief commands.
g0/1 should be shown in active state and g0/2 should be shown in standby state
you could use HSRP for this: (for the sake of this example I am using g0/2 as the backup.)
ip route 0.0.0.0 0.0.0.0 g0/2 track 6
ip route 0.0.0.0 0.0.0.0 g0/1 track 5
track 5 ip route 0.0.0.0 0.0.0.0 reachability
int g0/1
standby 1 ip 172.16.6.100
standby 1 preempt
standby 1 priority 110 decrement 20
standby 1 track 5
int g0/2
standby 1 ip 172.16.6.100
standby 1 preempt
standby 1 track 6
The priority command on g0/1 will make it the dominent interface until the default route is detected as down. When the default route goes down the priority will be decreased by 20 placing it under the default priority of g0/2 (default priority for HSRP is 100).
to check the configuration you can issue the show standby or show standby brief commands.
g0/1 should be shown in active state and g0/2 should be shown in standby state
Featured Post
Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Hello to you all,
I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month9 days, 21 hours left to enroll
610 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.