Cisco 881g dsl failover to GSM problem

Hi guys,
I'm in need of some help/debugging as I'm pretty much stuck with this.
I have a Cisco 881 router with addon GSM modem card (which I've configured first and it was working fine) but as the main focus is to have DSL as primary and
cellular as backup line, I've proceed to next step and added DSL dialer and created routes and ...
after that I cannot get gsm to go up after I shut down the DSL dialer or FE04 interface (or just disconnect the DSL from Cisco).
 I believe that I mixed up something with ACL or routes? as DNS is also not working (yet I am able to ping DNS server when DSL line is connected).

For ping destination, I use the providers DNS server, which is available for icmp.
DSL and GSM provider are the same, so destination ping server should be available from both destinations.

Thank's in advance!
Using 3986 out of 262136 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TESTGSM01
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password 7 096940081B091222243F2723382727
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.99
ip dhcp excluded-address 192.168.10.201 192.168.10.254
!
ip dhcp pool DHCPINT
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 159.42.151.5
   lease 5
!
!
ip cef
no ip domain lookup
!
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 2
request-dialin
  protocol pppoe
!
chat-script gsm "" "ATDT*99*1#" TIMEOUT 30 "CONNECT"
!
!
username ischaller privilege 15 password 7 06010A334340001455
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description DSL Dial-out interface
backup interface Cellular0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Cellular0
ip address negotiated
encapsulation ppp
dialer in-band
dialer idle-timeout 30
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname mychapuser
ppp chap password 7 082C554D0118150713181F
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
!
interface Dialer1
no ip address
no cdp enable
!
interface Dialer2
description DSL dial interface
ip address negotiated
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 2
dialer idle-timeout 0
dialer persistent
dialer-group 2
no cdp enable
ppp authentication chap pap callin
ppp chap hostname test@net-dsl
ppp chap password 7 011A56035A1955
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
ip local policy route-map track-primary-if
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer2 195
ip route 0.0.0.0 0.0.0.0 Cellular0 200
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map nat2cell interface Cellular0 overload
ip nat inside source route-map nat2dsl interface Dialer2 overload
!
ip sla 1
icmp-echo 159.42.151.5 source-interface Dialer2
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now
access-list 1 permit any
access-list 2 permit 192.0.0.0 0.255.255.255
access-list 3 permit any
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 20 permit 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.0.0.0 0.255.255.255 any
access-list 102 permit icmp any host 159.42.151.5
access-list 103 permit icmp any host 159.42.151.5
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
 
!
!
!
!
route-map track-primary-if permit 10
match ip address 102
set interface Dialer2
!
route-map nat2dsl permit 10
match ip address 101
match interface Dialer2
!
route-map nat2cell permit 10
match ip address 101
match interface Cellular0
!
!
control-plane
!
!
line con 0
exec-timeout 5 30
password 7 143F26203801382675
logging synchronous
login
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line 3
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
rxspeed 236800
txspeed 118000
line vty 0 4
password 7 022E30703F031D2C1E
login
!
scheduler max-task-time 5000
end

Open in new window

HattrickSGAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SanjeevlokeCommented:
try a simple test 1st

remove --ip local policy route-map track-primary-if
interface FastEthernet4
description DSL Dial-out interface
backup interface Cellular0 ----------------remove ...
check now if u can ping or get out.
i c have u configured IP SLA ..
configure track and use IP SLA in it

ip route 0.0.0.0 0.0.0.0 Dialer2 195 ----track 1
ip route 0.0.0.0 0.0.0.0 Cellular0 200 ------------remove AD not needed.

once u track the route ..and if SLA sees remote IP is down ...track1 will go down and route will be removed.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HattrickSGAuthor Commented:
Thanx!
I'll try that tomorrow night and let you know the result!
0
HattrickSGAuthor Commented:
OK,

this config IS working now - It seems I played to much with access lists :-)
Also, I've deleted everything and started from scratch and in the end, adding line by line.
 

Using 4224 out of 262136 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname htkfwbs01
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-2322176706
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2322176706
revocation-check none
rsakeypair TP-self-signed-2322176706
!
!
crypto pki certificate chain TP-self-signed-2322176706
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
ip source-route
!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.99
ip dhcp excluded-address 192.168.10.151 192.168.10.254
!
ip dhcp pool sdm-pool1
   network 192.168.10.0 255.255.255.0
   domain-name hattrick.local
   dns-server 192.10.19.10 8.8.8.8
   default-router 192.168.10.1
!
!
ip cef
ip domain name domain.local
!
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialin
  protocol pppoe
!
chat-script gsm "" "atdt*99*1#" TIMEOUT 30 "CONNECT"
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description ADSL Interface
no ip address
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer in-band
dialer idle-timeout 0
dialer string gsm
dialer-group 2
async mode interactive
no ppp lcp fast-start
ppp chap hostname 38458
ppp chap password 7 00574B535D03
ppp ipcp dns request
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip mroute-cache
!
interface Dialer1
description Zove T-Com dsl
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname user@htnet-dsl
ppp chap password 7 001b5301254A58
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
ip local policy route-map track-primary-if
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 track 234
ip route 0.0.0.0 0.0.0.0 Cellular0 254
ip http server
ip http secure-server
!
!
ip nat inside source route-map nat2cell interface Cellular0 overload
ip nat inside source route-map nat2dsl interface Dialer1 overload
!
ip sla 1
icmp-echo 192.10.19.10 source-interface Dialer1
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now
access-list 1 permit any
access-list 3 permit any
access-list 10 permit 192.0.0.0 0.255.255.255
access-list 101 permit ip 192.0.0.0 0.255.255.255 any
access-list 102 permit icmp any host 195.29.150.3
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run

!
!
!
!
route-map track-primary-if permit 10
match ip address 102
set interface Dialer1
!
route-map nat2dsl permit 10
match ip address 101
match interface Dialer1
!
route-map nat2cell permit 10
match ip address 101
match interface Cellular0
!
!
control-plane
!
!
line con 0
password 7 10663D32311200065D
logging synchronous
login
no modem enable
line aux 0
logging synchronous
line 2
exec-timeout 0 0
no activation-character
no exec
transport preferred none
transport input all
line 3
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
speed 384000
line vty 0 4
logging synchronous
login
!
scheduler max-task-time 5000
end
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SanjeevlokeCommented:
So u did two things from config i can c..

1) removed backup interface
2) Added track to route..
0
HattrickSGAuthor Commented:
Hi,

actually - I removed all the access lists, left the track-if and manually bound gsm to connect to T-Mobile.
Don't know for sure why it didn't work before but for now it's up and running :-)
0
Istvan KalmarHead of IT Security Division Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.