INV_support
asked on
failover questions
Good morning everyone. I have a client that has a Cisco router with a T1 connection and a secondary connection through the fast ethernet 0/1. Last week, the T1 line was "down" although it was not really down. A call to the ISP showed that they were in an up/up state and they could loop to the customer. It turned out to be an issue at the CO. This was resolved and the client was back online again. The issue is that they were not able to pass any traffic through Fa0/1.
In looking at the configuration, there were two routes in place and was using the one weighted at 100 and not the other weighted at 150 as the line was theoretically up. I am looking at making a change on the configuration to try to get it to pass traffic should this ever happen again. Basically, a setting that will maybe have a keep-alive set for the serial and if it does not pass traffic in a set amount of time, it will route to the Fa0/1. I have attached the config below:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers no service dhcp !
hostname
!
boot-start-marker
boot-end-marker
!
logging snmp-authfail
logging buffered 4096 notifications
logging console critical
logging monitor notifications
!
aaa new-model
!
!
aaa group server tacacs+ invision_tacacs
server 69.18.
server 69.18.
!
aaa authentication banner
!!!----------------------- ------!!!
!!! AAA User Authentication !!!
!!!----------------------- ------!!!
aaa authentication login default local-case group tacacs+ enable aaa authentication enable default enable aaa authentication ppp default local aaa authentication ppp direct_serial none aaa authorization exec default local group tacacs+ aaa authorization commands 1 default if-authenticated none aaa authorization network default local aaa accounting send stop-record authentication failure aaa accounting nested aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 10 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ aaa accounting network default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ !
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip telnet source-interface Serial0/0/0
no ip dhcp use vrf connected
!
!
ip ftp source-interface Serial0/0/0
ip ftp username
ip ftp password 7 05030B2C7641473C4D0A431908 2F37323D29
ip tftp source-interface Serial0/0/0
no ip bootp server
ip domain name invision.net
ip name-server
ip name-server
ip rcmd source-interface Serial0/0/0
!
username
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description
ip address 69.18.xxx.xxx
no ip redirects
no ip unreachables
ip accounting access-violations
ip nat inside
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description connection to Cable_Modem
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
description
bandwidth 1536
ip unnumbered FastEthernet0/0
ip access-group int_s0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no fair-queue
down-when-looped
service-module t1 fdl ansi
!
router eigrp 17
redistribute connected
redistribute static
network 69.18 0.0.0.3
network 69.18 0.0.127.255
distribute-list prefix int_e17_distrib out
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 100
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 150
no ip http server
ip http access-class 10
ip http authentication local
ip http timeout-policy idle 600
life 86400 requests 10000 ip nat inside source list 50 interface FastEthernet0/1 overload
!
ip access-list extended int_s0_out
remark -------------------------- ---------- ----
remark At
remark outgoing
remark allow only assigned ip addresses outbound
remark -------------------------- ---------- ---
remark ---- allow our netblocks
permit ip 69. any
remark ---- allow pings
deny icmp any any redirect
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit icmp any any source-quench
permit icmp any any administratively-prohibite d
permit icmp any any unreachable
permit icmp any any parameter-problem
permit icmp any any time-exceeded
deny icmp any any
remark ---- block spoofed addresses
deny ip any any log-input
!
!
!
control-plane
!
banner exec
Welcome - Authorized use only.
Do a 'show users' to make sure you
are not making conflicting changes.
Remeber to 'write' and copy start
tftp 'cst' after all changes.
For assistance call InVision's
NOC at (631) 543-1000 x404
banner login
InVision.com, Inc.
This is an InVision system, restricted to authorized persons and for official InVision business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement officials for prosecution. Violators will be prosecuted to the fullest extent of both civil and criminal law.
alias configure rb router bgp 12251
alias configure re router eigrp 17
logout-warning 30
absolute-timeout 720
history size 128
line aux 0
modem InOut
flowcontrol hardware
line vty 0 4
session-timeout 10 output
access-class 10 in
exec-timeout 0 0
privilege level 15
logout-warning 30
absolute-timeout 180
history size 128
transport preferred none
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
exception protocol ftp
exception dump
end
In looking at the configuration, there were two routes in place and was using the one weighted at 100 and not the other weighted at 150 as the line was theoretically up. I am looking at making a change on the configuration to try to get it to pass traffic should this ever happen again. Basically, a setting that will maybe have a keep-alive set for the serial and if it does not pass traffic in a set amount of time, it will route to the Fa0/1. I have attached the config below:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers no service dhcp !
hostname
!
boot-start-marker
boot-end-marker
!
logging snmp-authfail
logging buffered 4096 notifications
logging console critical
logging monitor notifications
!
aaa new-model
!
!
aaa group server tacacs+ invision_tacacs
server 69.18.
server 69.18.
!
aaa authentication banner
!!!-----------------------
!!! AAA User Authentication !!!
!!!-----------------------
aaa authentication login default local-case group tacacs+ enable aaa authentication enable default enable aaa authentication ppp default local aaa authentication ppp direct_serial none aaa authorization exec default local group tacacs+ aaa authorization commands 1 default if-authenticated none aaa authorization network default local aaa accounting send stop-record authentication failure aaa accounting nested aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 10 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ aaa accounting network default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ !
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip telnet source-interface Serial0/0/0
no ip dhcp use vrf connected
!
!
ip ftp source-interface Serial0/0/0
ip ftp username
ip ftp password 7 05030B2C7641473C4D0A431908
ip tftp source-interface Serial0/0/0
no ip bootp server
ip domain name invision.net
ip name-server
ip name-server
ip rcmd source-interface Serial0/0/0
!
username
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description
ip address 69.18.xxx.xxx
no ip redirects
no ip unreachables
ip accounting access-violations
ip nat inside
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description connection to Cable_Modem
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
description
bandwidth 1536
ip unnumbered FastEthernet0/0
ip access-group int_s0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no fair-queue
down-when-looped
service-module t1 fdl ansi
!
router eigrp 17
redistribute connected
redistribute static
network 69.18 0.0.0.3
network 69.18 0.0.127.255
distribute-list prefix int_e17_distrib out
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 100
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 150
no ip http server
ip http access-class 10
ip http authentication local
ip http timeout-policy idle 600
life 86400 requests 10000 ip nat inside source list 50 interface FastEthernet0/1 overload
!
ip access-list extended int_s0_out
remark --------------------------
remark At
remark outgoing
remark allow only assigned ip addresses outbound
remark --------------------------
remark ---- allow our netblocks
permit ip 69. any
remark ---- allow pings
deny icmp any any redirect
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit icmp any any source-quench
permit icmp any any administratively-prohibite
permit icmp any any unreachable
permit icmp any any parameter-problem
permit icmp any any time-exceeded
deny icmp any any
remark ---- block spoofed addresses
deny ip any any log-input
!
!
!
control-plane
!
banner exec
Welcome - Authorized use only.
Do a 'show users' to make sure you
are not making conflicting changes.
Remeber to 'write' and copy start
tftp 'cst' after all changes.
For assistance call InVision's
NOC at (631) 543-1000 x404
banner login
InVision.com, Inc.
This is an InVision system, restricted to authorized persons and for official InVision business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement officials for prosecution. Violators will be prosecuted to the fullest extent of both civil and criminal law.
alias configure rb router bgp 12251
alias configure re router eigrp 17
logout-warning 30
absolute-timeout 720
history size 128
line aux 0
modem InOut
flowcontrol hardware
line vty 0 4
session-timeout 10 output
access-class 10 in
exec-timeout 0 0
privilege level 15
logout-warning 30
absolute-timeout 180
history size 128
transport preferred none
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
exception protocol ftp
exception dump
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER