ISP Failover with Default Routes using IP SLA Tracking
I am trying to configure an Cisco ISP Failover on our Cisco 4321 Router and cannot get it to work as it will not browse the internet at all on the laptop whether I have VOCUS or TELSTRA or both connected to Cisco Router.
I can ping both the VOCUS WAN IP and Telstra NBN LAN IP from the cisco CCLI
Outcome I am looking for:
2x Internet Connections connected to cisco router
Telstra NBN Connection needs to act as as failover when VOCUS drops out.
Can browse internet on both connections.
I have configured the router as per this article: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html
I am using the following configuration
1x Cisco 4321 Router - IOS Version 15.5
1x NIM-ES2-4 Module
1x VOCUS Fibre Internet on
WAN IP: 203.89.xx.xxx
WAN SUBNET: 255.255.255.252
Connected to Cisco Router interface: GigabitEthernet0/0/0
1x Telstra Smart Business Modem (NBN)
LAN IP: 192.168.1.1
LAN SUBNET: 255.255.255.0
Connected to Cisco Router interface: GigabitEthernet0/0/1
1x Windows Laptop
LAN IP: dhcp
LAN SubnetL dhcp
Connected to Layer 2 NIM-ES2-4 Module
Cisco Configuration is as follows
I can ping both the VOCUS WAN IP and Telstra NBN LAN IP from the cisco CCLI
Outcome I am looking for:
2x Internet Connections connected to cisco router
Telstra NBN Connection needs to act as as failover when VOCUS drops out.
Can browse internet on both connections.
I have configured the router as per this article: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html
I am using the following configuration
1x Cisco 4321 Router - IOS Version 15.5
1x NIM-ES2-4 Module
1x VOCUS Fibre Internet on
WAN IP: 203.89.xx.xxx
WAN SUBNET: 255.255.255.252
Connected to Cisco Router interface: GigabitEthernet0/0/0
1x Telstra Smart Business Modem (NBN)
LAN IP: 192.168.1.1
LAN SUBNET: 255.255.255.0
Connected to Cisco Router interface: GigabitEthernet0/0/1
1x Windows Laptop
LAN IP: dhcp
LAN SubnetL dhcp
Connected to Layer 2 NIM-ES2-4 Module
Cisco Configuration is as follows
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname ROUTER-01
!
boot-start-marker
boot system bootflash:isr4300-universalk9.03.16.10.S.155-3.S10-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$lVVm$ukq.K6yz66RqkPCVLEkc/.R.Y/2.ED34R
enable password 7 1327161E07545D797F656961E0
!
aaa new-model
!
aaa session-id common
clock timezone EST 10 0
no ip source-route
no ip gratuitous-arps
!
!
no ip bootp server
ip domain name test.com.au
ip dhcp excluded-address 192.168.0.100 192.168.0.254
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool DP-LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
domain-name test.com.au
dns-server 10.1.1.20 8.8.8.8
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-4203923198
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4203923198
revocation-check none
rsakeypair TP-self-signed-4203923198
!
!
crypto pki certificate chain TP-self-signed-4203923198
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323033 39323331 3938301E 170D3139 31303137 30333137
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32303339
32333139 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009C66 889B5997 911AE238 5FB7D4B7 1BB96F1C 6CF29A2F 26C26092 CFF5CBAE
8EE2E36E 7D035E70 DF9FB604 8CB7CE82 5BDE77BA D48595F8 8523EE3B 6475398C
03A1E123 51BAC59D 7D26F1C3 61A421A8 210C4B39 5A8FF80D 4BC7A6C5 AEF8D88C
4B270398 D16E90A8 75E1869B 6B61BFF8 CC450B91 836803F1 92C5D1ED D7A903B3
5EAD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C679A8 F0731C64 CE446430 8E8F7196 4CD9474C 4A301D06
03551D0E 04160414 C679A8F0 731C64CE 4464308E 8F71964C D9474C4A 300D0609
2A864886 F70D0101 05050003 81810051 F4160EF9 9794844A 855FF354 A7698417
8C139A52 1EF55D66 2A9B992B 63514579 4AABDBF8 294BE3F4 C2B0DBD5 9D737F6B
3DB542B3 F6669B2E AD23A92B 1129178D 610AB19A 2E50CE0B 3F428388 F6082F13
DF954689 45373B5B 7577E950 A7A2A555 B7CF0F79 63683160 9A6BD1D3 5C9906FB
BBEC7F95 F408D75D 4D781958 E958EF
quit
license udi pid ISR4321/K9 sn FDO20130UCG
!
spanning-tree extend system-id
!
username nettkoadmin privilege 15 secret 5 $1$GqH5$66X/nR1jLd1ovu3KJgvF3.
!
redundancy
mode none
!
crypto ikev2 proposal azure-proposal
encryption aes-cbc-256 aes-cbc-128 3des
integrity sha1
group 2
!
crypto ikev2 policy azure-policy
proposal azure-proposal
!
crypto ikev2 keyring azure-keyring
peer 23.101.xxx.xxx
address 23.101.xxx.xxx
pre-shared-key RRPsTU1eoexsfNj6Ye5ShkiPL1TyoiyC
!
!
!
crypto ikev2 profile azure-profile
match address local interface GigabitEthernet0/0/0
match identity remote address 23.101.xxx.xxx 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local azure-keyring
!
!
!
vlan internal allocation policy ascending
no cdp run
!
track 8 ip sla 1 reachability
!
!
!
!
!
!
!
!
crypto ipsec transform-set azure-ipsec-proposal-set esp-aes 256 esp-sha-hmac
mode tunnel
!
!
crypto ipsec profile vti
set transform-set azure-ipsec-proposal-set
set ikev2-profile azure-profile
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
ip address 169.254.0.1 255.255.255.0
ip tcp adjust-mss 1350
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel destination 23.101.xxx.xxx
tunnel protection ipsec profile vti
!
interface GigabitEthernet0/0/0
description Vocus-Link
ip address 203.89.xx.xxx 255.255.255.252
ip nat outside
ip verify unicast source reachable-via rx 100
negotiation auto
!
interface GigabitEthernet0/0/1
description Telstra-NBN
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip tcp adjust-mss 1452
negotiation auto
!
interface GigabitEthernet0/1/0
description LAN
switchport access vlan 10
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
!
ip nat inside source route-map NAT_TELSTRA interface GigabitEthernet0/0/1 overload
ip nat inside source route-map NAT_VOCUS interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http secure-port 4443
ip http client source-interface GigabitEthernet0/0/1
ip http client username nettkoadmin
ip http client password 7 06341A2D49545C485C47
ip http path flash:
ip tftp source-interface GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 track 8
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 10
ip route 10.1.1.16 255.255.255.240 Tunnel1
ip ssh time-out 60
!
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
ip access-list standard SSH
permit 203.89.xx.xx
permit 110.143.xx.xx
permit 110.145.xxx.xxx
permit 172.16.xx.x
permit 203.45.xxx.xxx
permit 192.168.3.0 0.0.0.255
permit 0.0.0.119 255.255.255.0
permit 10.0.0.0 0.255.255.255
ip access-list standard vty-access
permit 203.89.xx.xx
permit 192.168.0.0 0.0.255.255
!
ip sla 1
icmp-echo 203.89.xx.xxx source-ip 203.89.xx.xxx
ip sla schedule 1 life forever start-time now
access-list 100 permit udp any any eq bootpc
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.1.1.16 0.0.0.15
access-list 101 permit ip 10.1.2.0 0.0.0.255 10.1.1.16 0.0.0.15
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 permit udp any any eq bootpc
!
route-map NAT_TELSTRA permit 10
match ip address 101
match interface GigabitEthernet0/0/1
!
route-map NAT_VOCUS permit 10
match ip address 101
match interface GigabitEthernet0/0/0
!
!
!
!
!
control-plane
!
!
line con 0
password 7 15201E0001307E757163
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class SSH in vrf-also
privilege level 15
password 7 03265A070A57781F1A4858
logging synchronous
transport input telnet ssh
transport output ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
password 7 03265A070A57781F1A4858
logging synchronous
transport input telnet
!
!
endASKER
No I cannot ping 8.8.8.8
Here is the results of the commands you asked me to execute. Please note that I dont currently have the VOCUS connected as it isnt active yet, so I am only running interface GigabitEthernet0/0/1 (Telstra NBN). It looks like the failover isnt working as it is still trying to route traffic over the VOCUS (Interface GigabitEthernet0/0/0) link instead of the Telstra NBN (Interface GigabitEthernet0/0/1), which suggests I have an error in the configuration. Just not sure where the problem is.
ROUTER-01#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ROUTER-01#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
ID Type Destination Stats Return Last
(ms) Code Run
--------------------------
*1 icmp-echo 203.89.xx.xxx - Timeout 1 minute, 1 s
econd ago
ROUTER-01#show track
Track 8
IP SLA 1 reachability
Reachability is Down
1 change, last change 08:24:02
Latest operation return code: Timeout
Tracked by:
Static IP Routing 0
ROUTER-01#show ip route track
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 track 8 state is [down]
Here is the results of the commands you asked me to execute. Please note that I dont currently have the VOCUS connected as it isnt active yet, so I am only running interface GigabitEthernet0/0/1 (Telstra NBN). It looks like the failover isnt working as it is still trying to route traffic over the VOCUS (Interface GigabitEthernet0/0/0) link instead of the Telstra NBN (Interface GigabitEthernet0/0/1), which suggests I have an error in the configuration. Just not sure where the problem is.
ROUTER-01#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ROUTER-01#show ip sla summary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending
ID Type Destination Stats Return Last
(ms) Code Run
--------------------------
*1 icmp-echo 203.89.xx.xxx - Timeout 1 minute, 1 s
econd ago
ROUTER-01#show track
Track 8
IP SLA 1 reachability
Reachability is Down
1 change, last change 08:24:02
Latest operation return code: Timeout
Tracked by:
Static IP Routing 0
ROUTER-01#show ip route track
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 track 8 state is [down]
Okay... it looks like the first problem is that your ISP gateway doesn't respond to the SLA pings. If you're able to ping it from the router CLI, it may be that something is wrong with the ip sla command itself. Just to avoid typos, can you remove your current ip sla command and source it off of the interface instead?
Of course, it may just be completely off line. Can you do the following to see if it returns a MAC address or an incomplete result?
If you get a MAC address, it's not responding to pings and we'll have to get a little more creative. If you get an incomplete result, your gateway isn't functioning at all and that's a deeper problem.
no ip sla 1
ip sla 1
icmp-echo 203.89.xx.xxx source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time nowOf course, it may just be completely off line. Can you do the following to see if it returns a MAC address or an incomplete result?
show arp 203.89.68.157If you get a MAC address, it's not responding to pings and we'll have to get a little more creative. If you get an incomplete result, your gateway isn't functioning at all and that's a deeper problem.
ASKER
Still no joy. I can ping Router LAN Address 192.168.1.1 OK.
Here is a screenshot of the CLI
ROUTER-01(config)#no ip sla 1
ROUTER-01(config)#ip sla 1
ROUTER-01(config-ip-sla)#
*Oct 29 13:28:54.082: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to down
*Oct 29 13:28:54.083: %LINK-3-UPDOWN: Interface Vlan10, changed state to down
*Oct 29 13:28:55.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to down
*Oct 29 13:28:55.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
ROUTER-01(config-ip-sla)#
*Oct 29 13:28:57.084: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to up
*Oct 29 13:28:57.089: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
*Oct 29 13:28:58.085: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to up
ROUTER-01(config-ip-sla)#
*Oct 29 13:28:58.090: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
ROUTER-01(config-ip-sla)#$
ROUTER-01(config-ip-sla-ec
ROUTER-01(config)#exit
ROUTER-01#
*Oct 29 13:30:07.846: %SYS-5-CONFIG_I: Configured from console by console
ROUTER-01#wr mem
Building configuration...
[OK]
ROUTER-01#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ROUTER-01#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
show arp 203.89.68.xxx
Protocol Address Age (min) Hardware Addr Type Interface
Internet 203.89.68.xxx - e00e.da26.fb60 ARPA GigabitEthernet0/0/0
Here is a screenshot of the CLI
ROUTER-01(config)#no ip sla 1
ROUTER-01(config)#ip sla 1
ROUTER-01(config-ip-sla)#
*Oct 29 13:28:54.082: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to down
*Oct 29 13:28:54.083: %LINK-3-UPDOWN: Interface Vlan10, changed state to down
*Oct 29 13:28:55.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to down
*Oct 29 13:28:55.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
ROUTER-01(config-ip-sla)#
*Oct 29 13:28:57.084: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to up
*Oct 29 13:28:57.089: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
*Oct 29 13:28:58.085: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to up
ROUTER-01(config-ip-sla)#
*Oct 29 13:28:58.090: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
ROUTER-01(config-ip-sla)#$
ROUTER-01(config-ip-sla-ec
ROUTER-01(config)#exit
ROUTER-01#
*Oct 29 13:30:07.846: %SYS-5-CONFIG_I: Configured from console by console
ROUTER-01#wr mem
Building configuration...
[OK]
ROUTER-01#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ROUTER-01#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
show arp 203.89.68.xxx
Protocol Address Age (min) Hardware Addr Type Interface
Internet 203.89.68.xxx - e00e.da26.fb60 ARPA GigabitEthernet0/0/0
Before we get too deep into the weeds of the SLA stuff, can you try the following just to make sure that the main ISP link is working at all? If it is, we can go a bit deeper on this.
configure terminal
ip route 8.8.8.8 255.255.255.255 203.89.68.157
do ping 8.8.8.8
no ip route 8.8.8.8 255.255.255.255 203.89.68.157
end
Any response there?
configure terminal
ip route 8.8.8.8 255.255.255.255 203.89.68.157
do ping 8.8.8.8
no ip route 8.8.8.8 255.255.255.255 203.89.68.157
end
Any response there?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Jody Lemoine
Unfortunately I cannot test main VOCUS link as it isnt active yet. All I have at my disposal is a Telstra NBN router that is currently running a 4G Connection as I am also waiting on the NBN to arrive aswell.
If I connect directly to the Telstra NBN Router via LAN cable the internet works fine.
I tried your suggestion and it still doesnt ping 8.8.8.8
Any other ideas ?
Unfortunately I cannot test main VOCUS link as it isnt active yet. All I have at my disposal is a Telstra NBN router that is currently running a 4G Connection as I am also waiting on the NBN to arrive aswell.
If I connect directly to the Telstra NBN Router via LAN cable the internet works fine.
I tried your suggestion and it still doesnt ping 8.8.8.8
Any other ideas ?
ASKER
Hi Justin,
I have tried your suggestions and it throws off an error
"Inconsistent address and mask"
ROUTER-01(config)#ip route 0.0.0.0 203.89.68.157 GigabitEthernet0/0/0 track 8
%Inconsistent address and mask
I managed to update th eroute-maps ok
route-map NAT_TELSTRA permit 10
match ip address NAT
match interface GigabitEthernet0/0/1
!
route-map NAT_VOCUS permit 10
match ip address NAT
match interface GigabitEthernet0/0/0
Any other ideas?
I have tried your suggestions and it throws off an error
"Inconsistent address and mask"
ROUTER-01(config)#ip route 0.0.0.0 203.89.68.157 GigabitEthernet0/0/0 track 8
%Inconsistent address and mask
I managed to update th eroute-maps ok
route-map NAT_TELSTRA permit 10
match ip address NAT
match interface GigabitEthernet0/0/1
!
route-map NAT_VOCUS permit 10
match ip address NAT
match interface GigabitEthernet0/0/0
Any other ideas?
ASKER
Hi All,
I managed to resolve the issue by doing the following:
Changed Interface Gig0/0/1 to the following
interface GigabitEthernet0/0/1
description Telstra-NBN
ip address 192.168.1.1 255.255.255.0
ip nat outside
negotiation auto
And as per Justin's post I changed the route config to this:
ip route 0.0.0.0 0.0.0.0 203.89.68.157 track 8
ip route 0.0.0.0 0.0.0.0 192.168.1.2 10
My only concern now is the VOCUS Link.
The VOCUS link WAN IP Address are 203.89.68.157, 203.89.68.158
The Interface is setup as follows:
interface GigabitEthernet0/0/0
description Vocus-Link
ip address 203.89.68.158 255.255.255.252
ip nat outside
ip verify unicast source reachable-via rx 100
negotiation auto
The route for this is setup as:
ip route 0.0.0.0 0.0.0.0 203.89.68.157 track 8
Can you see any problems with the VOCUS link working and NBN acta as a failover.
The other concern is I keep seeing this in the CLI
*Oct 29 23:18:41.491: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to down
*Oct 29 23:18:41.492: %LINK-3-UPDOWN: Interface Vlan10, changed state to down
*Oct 29 23:18:42.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to down
DPARTNERS-RT-01#
*Oct 29 23:18:44.492: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to up
*Oct 29 23:18:44.495: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
*Oct 29 23:18:45.492: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to up
Final Working Config is as follows:
I managed to resolve the issue by doing the following:
Changed Interface Gig0/0/1 to the following
interface GigabitEthernet0/0/1
description Telstra-NBN
ip address 192.168.1.1 255.255.255.0
ip nat outside
negotiation auto
And as per Justin's post I changed the route config to this:
ip route 0.0.0.0 0.0.0.0 203.89.68.157 track 8
ip route 0.0.0.0 0.0.0.0 192.168.1.2 10
My only concern now is the VOCUS Link.
The VOCUS link WAN IP Address are 203.89.68.157, 203.89.68.158
The Interface is setup as follows:
interface GigabitEthernet0/0/0
description Vocus-Link
ip address 203.89.68.158 255.255.255.252
ip nat outside
ip verify unicast source reachable-via rx 100
negotiation auto
The route for this is setup as:
ip route 0.0.0.0 0.0.0.0 203.89.68.157 track 8
Can you see any problems with the VOCUS link working and NBN acta as a failover.
The other concern is I keep seeing this in the CLI
*Oct 29 23:18:41.491: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to down
*Oct 29 23:18:41.492: %LINK-3-UPDOWN: Interface Vlan10, changed state to down
*Oct 29 23:18:42.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to down
DPARTNERS-RT-01#
*Oct 29 23:18:44.492: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to up
*Oct 29 23:18:44.495: %LINK-3-UPDOWN: Interface Vlan10, changed state to up
*Oct 29 23:18:45.492: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to up
Final Working Config is as follows:
Generally, static routes pointing to interface should not be used (it is not just about if proxy ARP on neighboring device is on or off). So, other static route too should be configured with IP address instead of pointing to interface.
Interface VLAN will go down only in the case that there is no single active port for specific VLAN active on switch (including trunks), so after PC connected to port Gi0/1/0 is shut or disconnected interface VLAN 10 is going down, which is expected.
I am not sure about setup, but if NBN is leased line, natting may not be needed for NBN.
If I did not miss something - potential issue with setup is flapping of floating route. IP SLA, the way it is configured may add floating static route even if primary link is invalid (as soon as primary interface is down IP SLA will start using secondary path). You need to make sure that only interface Gi0/0/0 will be used to forward IP SLA traffic.
Interface VLAN will go down only in the case that there is no single active port for specific VLAN active on switch (including trunks), so after PC connected to port Gi0/1/0 is shut or disconnected interface VLAN 10 is going down, which is expected.
I am not sure about setup, but if NBN is leased line, natting may not be needed for NBN.
If I did not miss something - potential issue with setup is flapping of floating route. IP SLA, the way it is configured may add floating static route even if primary link is invalid (as soon as primary interface is down IP SLA will start using secondary path). You need to make sure that only interface Gi0/0/0 will be used to forward IP SLA traffic.
ASKER
Hi All,
I managed to get the router working with NBN and Fibre connection but for some reason I am having these issues.
1. Cannot ping any internal or external hostnames from the Cisco Router CLI. I can ping external and internal ip addresses
2. Cannot ping any VPN Private IP Addresses from the Cisco Router CLI. e.g. we have a Azure VM on 10.1.1.20 and I cannot ping this.
3. All internal devices on the LAN can ping external and Internal hostnames ok BUT cannot ping VPN private IP Addresses or Hostnames.
I managed to get the router working with NBN and Fibre connection but for some reason I am having these issues.
1. Cannot ping any internal or external hostnames from the Cisco Router CLI. I can ping external and internal ip addresses
2. Cannot ping any VPN Private IP Addresses from the Cisco Router CLI. e.g. we have a Azure VM on 10.1.1.20 and I cannot ping this.
3. All internal devices on the LAN can ping external and Internal hostnames ok BUT cannot ping VPN private IP Addresses or Hostnames.
Are you able to ping 8.8.8.8 from the router CLI?
Can you post the results of the following commands?
show ip sla summary
show track
show ip route track