Solved

WAN Failover Cisco 2821

Posted on 2012-04-02
19
891 Views
Last Modified: 2012-06-21
I have a Cisco 2821 currently with a Business Class Fiber to copper service, We ordered a DSL connection with Static IP and have a 4esw-HWIC for the 2821, two fold question, how can I set it as a failover for internet and is it possible to just have specific addresses allowed to use it?
0
Comment
Question by:leadtheway
  • 7
  • 6
  • 2
  • +1
19 Comments
 
LVL 5

Expert Comment

by:atechnicnate
ID: 37797414
Why not order a HWIC-DSL card and put the dsl card right in to the 2821 instead of using an external modem? Perhaps you already are but when you said you're using a 4ESW-HWIC with a DSL line I just assumed external modem....  As for failover you could do a policy based failover such as:

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37797432
yeah that seems a little above my paygrade, is there a simple way to possibly just do a failover with a metric or something?
0
 
LVL 5

Expert Comment

by:atechnicnate
ID: 37797465
Might be easier with a state full NAT fail over as described here:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftsnat.html

However, do you have two WAN ports or are you wanting to use two switch ports?  If you don't have two WAN ports this isn't going to work anyway.
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37797550
WAN ports?  isn't that determined by configuration, our current interfaces

PCCHMRT02#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         96.x.x.242   YES NVRAM  up                    up
GigabitEthernet0/1         192.168.253.25  YES NVRAM  up                    up
FastEthernet0/0/0          unassigned      YES unset  up                    down
FastEthernet0/0/1          unassigned      YES unset  up                    down
FastEthernet0/0/2          unassigned      YES unset  up                    down
FastEthernet0/0/3          unassigned      YES unset  up                    up
Vlan1                      unassigned      YES NVRAM  up                    down
Vlan2                      172.31.30.1     YES NVRAM  up                    up
Vlan5                      unassigned      YES NVRAM  administratively down down
Vlan11                     10.201.201.1    YES NVRAM  up                    down
NVI0                       unassigned      NO  unset  up                    up
0
 
LVL 5

Expert Comment

by:atechnicnate
ID: 37797782
You should be ok then. I was just saying that I don't think you can use a switch port as a failover route but I could be wrong....
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37797824
FastEthernet0/0/0          unassigned      YES unset  up                    down
FastEthernet0/0/1          unassigned      YES unset  up                    down
FastEthernet0/0/2          unassigned      YES unset  up                    down
FastEthernet0/0/3          unassigned      YES unset  up                    up

these are the ports in the 4esw-hwic, so you are saying I can't use those as a failover?
0
 
LVL 5

Expert Comment

by:atechnicnate
ID: 37798159
I haven't worked with the 4ESW enough to give you a perfect answer here other than to try it.... However, I don't think that card will allow you to specify HSRP (Hot standby routing protocol) on one of the FastEthernet Interfaces and if it won't then you can't do the NAT fail over with that port.  The issue is that Switches are layer two devices and have some layer three characteristics at times.  You need a full on layer 3 port that can route IP's through.  I'd suggest just trying it and see if it will even allow you to issue the commands.
0
 
LVL 12

Expert Comment

by:atrevido
ID: 37798176
I agree with @atechnicnate that the 4ESW will not allow HSRP to work as the switch port will make HSRP think it's up all the time.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 5

Expert Comment

by:atechnicnate
ID: 37798233
Since I have nothing to test with I found an old thread that I think fits what you are trying to do.

https://supportforums.cisco.com/thread/1002905
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37825833
Can someone tell me definite that it won't work, what if I have an additional 877 to work with, can it work somehow that way?
0
 
LVL 5

Expert Comment

by:atechnicnate
ID: 37826326
It won't work with an 877 for sure. You need two non switch ports (layer 3 ports) to make it work properly.
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37827025
i meant using the 877 in conjunction with the 2821 to get it to work, doesn't the 4esw-Hwic support layer 3?
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 37844092
Regarding failover: The best way to do it may be to use IP SLA. You can use an echo object to ping the address on other side of your normal internet link  which you use for your default route. If whether the link is physically up or down due to layer 2 connections, IP SLA will give you the ability to affect static route reachability and HSRP priority. This will provide the failover you're looking for.
http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_eot.html

Regarding limiting who can use the backup link: If you want to limit it in order to conserve bandwidth, the easiest way would be to simply put an access list on the DSL interface. This is much cleaner than using policy-based routing and much less CPU-intensive too.
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37851220
Thats the best answer I've seen so far.  The links seem helpful, just have to put in place, Just curious, wouldn't you be available via email for some prepaid engineering help.  Just to maybe have you answer questions and maybe look over the config?  How can I contact you if so?

Thanks
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 37852228
Sure. Email me at mbernhardt8-at-comcast-dot-net. I don't think there's a problem with the EE terms of service for this, but I don't want spammers to find me.
0
 
LVL 1

Author Comment

by:leadtheway
ID: 37852616
thanks, I sent you an email
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now