Solved

Configure Cisco 871 for failover with dual wan and broadband card

Posted on 2013-01-23
5
870 Views
Last Modified: 2013-05-12
I have a cisco router which I want to configure to failover to the broadband card from AT&T then to the second Wan port (T-1 line).  I have tried several configurations but cannot get the automatic failover to work.

Current configuration
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myserver
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable password
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 192.168.10.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-1189660641
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1189660641
 revocation-check none
 rsakeypair TP-self-signed-1189660641
!
!
crypto pki certificate chain TP-self-signed-1189660641
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31313839 36363036 3431301E 170D3130 31303238 30363432
  32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31383936
  36303634 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BB4B 981B88BA 040FC86B 9403826E D232FD4E F00C4F34 D655C87B 36BBFA29
  B2888FED C10791CA 834B9B9F A70A7D23 D0F49087 B248F9D4 6E6F53D2 A8C58D6D
  BC9FD779 725648D1 460387B9 D53B75EE 7F14FB75 22D7723E 70480B75 DC599481
  96889048 1B48712E 7E350E6A 5CEBB0AB 2BE176B0 8BC873C2 6ADE81B0 1FFD146A
  4B610203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 1495E905 626DBB5F B9447A15 A664B829 0346D9B4
  1B301D06 03551D0E 04160414 95E90562 6DBB5FB9 447A15A6 64B82903 46D9B41B
  300D0609 2A864886 F70D0101 04050003 81810021 43A56CC9 1EB9AC87 8E0B57AA
  9A402C8C D2143367 0E7BC228 1D6A5632 276D20E6 AD6210D3 380155F3 ECB3E74E
  3F2C62C0 84817FFF F02E4885 0DCDC5C0 258B19B5 C9F95B0D 5DD1BF0E 12AFAEDA
  CFBD7726 F90E635A F4BC9DF9 41AB1D3B 00621764 D11F5BF7 BDF429F5 32F714C5
  5065649C 2DD5F156 52C88A36 6641F977 0FEA02
        quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.10.1 192.168.10.10
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
ip dhcp pool vlan1
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 4.2.2.2 8.8.8.8 75.75.75.75
!
!
ip domain name yourdomain.com
ip name-server 4.2.2.2
ip name-server 75.75.75.75
ip name-server 8.8.8.8
!
!
!
username ******* privilege 15 secret ******!
!
archive
 log config
  hidekeys
!
!
!
track 1 rtr 1
!
track 2 rtr 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
 switchport access vlan 2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ETH-WAN$$ES_WAN$
 ip address 67.200.250.154 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 description $ES_LAN$
 ip address 192.168.20.199 255.255.255.0
 ip nat outside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.20.1 track 1
ip route 0.0.0.0 0.0.0.0 67.200.250.153 100 track 2
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 4.2.2.2 255.255.255.255 192.168.20.1
ip route 8.8.8.8 255.255.255.255 67.200.250.153
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map backup interface FastEthernet4 overload
ip nat inside source route-map primary interface Vlan2 overload
!
ip access-list standard youtube
 remark CCP_ACL Category=1
 deny   74.125.227.12 log
 permit any log
!
ip sla 1
 icmp-echo 8.8.8.8 source-interface FastEthernet4
 frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 4.2.2.2 source-interface Vlan2
 frequency 5
ip sla schedule 2 life forever start-time now
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.10.0 0.0.0.255
no cdp run
!
!
route-map backup permit 10
 match ip address 1
 match interface FastEthernet4
!
route-map primary permit 10
 match ip address 1
 match interface Vlan2
!
radius-server local
  nas 192.168.10.1 key  ******
  group rad_eap
  !
!
radius-server host 192.168.10.1 auth-port 1812 acct-port 1813 key ******!
control-plane
0
Comment
Question by:gstanciel
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Leeeee
Comment Utility
Try:

track 1 rtr 1 reachability
!
track 2 rtr 2 reachability

instead of

track 1 rtr 1
!
track 2 rtr 2

Remove:

ip route 0.0.0.0 0.0.0.0 192.168.20.1

Issue show track and paste output. What happens when you shut down the primary interface? Issue show ip route after you shut down the vlan 2 svi. Everything else regarding the IP SLA looks okay.
0
 

Accepted Solution

by:
gstanciel earned 0 total points
Comment Utility
Track 1
  Response Time Reporter 1 reachability
  Reachability is Up
    19732 changes, last change 00:15:37
  Latest operation return code: OK
  Latest RTT (millisecs) 20
  Tracked by:
    STATIC-IP-ROUTING 0
Track 2
  Response Time Reporter 2 reachability
  Reachability is Up
    1526 changes, last change 00:05:22
  Latest operation return code: OK
  Latest RTT (millisecs) 15
  Tracked by:
    STATIC-IP-ROUTING 0


Gateway of last resort is 192.168.20.1 to network 0.0.

     4.0.0.0/32 is subnetted, 1 subnets
S       4.2.2.2 [1/0] via 192.168.20.1
C    192.168.10.0/24 is directly connected, Vlan1
     67.0.0.0/29 is subnetted, 1 subnets
C       67.200.250.152 is directly connected, FastEthe
     8.0.0.0/32 is subnetted, 1 subnets
S       8.8.8.8 [1/0] via 67.200.250.153
C    192.168.20.0/24 is directly connected, Vlan2
S*   0.0.0.0/0 [1/0] via 192.168.20.1

When taking down Vlan2 I can no longer browse the internet but I can ping the 8.8.8.8 server.  Is there another DNS server I can use in the situation?
0
 
LVL 5

Expert Comment

by:Leeeee
Comment Utility
There's many free DNS servers you can use besides 4.2.2.2 and 8.8.8.8. You could fix the issue by creating two more floating static routes to those servers so when one of the internet circuits is down, you can still reach those servers through the other circuit. That may make things more confusing for you though.

Current
ip route 4.2.2.2 255.255.255.255 192.168.20.1
ip route 8.8.8.8 255.255.255.255 67.200.250.153
Add:
ip route 4.2.2.2 255.255.255.255 67.200.250.153 10
ip route 8.8.8.8 255.255.255.255 192.168.20.1 10

Also when you shut down VLAN 2, is that the output you saw in the sh track?
And the sh ip route output was from the period when vlan 2 was shutdown?
0
 

Author Comment

by:gstanciel
Comment Utility
The track output was before the shutdown.  The sh ip was after.  I have not been able to try your solution yet.  I will work on it tomorrow and let you know.
0
 

Author Closing Comment

by:gstanciel
Comment Utility
The solution pointed me in the right direction.  I had to remove the track settings to get it to work properly.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now