load balancing help

Answered Question
Feb 28th, 2007

hi all

i have to configure a cisco 2800

with 2 WAN interface ADSL, SERIAL(ISDN)

as the folowing :

the smtp and ftp flow pass through the ISDN

and all other trafic like www,DNS,..

must pass through ADSL (it has a dynamic ip @ )

i do the folowing but it doesn't work

---------------------

Current configuration : 5078 bytes

!

version 12.4

no service pad

!

interface FastEthernet0/1

description $ETH-LAN$

ip address W.W.W.W 255.255.255.252 secondary

ip address Y.Y.Y.Y 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

ip policy route-map PBR

duplex auto

speed auto

no mop enabled

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/1/0.4 point-to-point

ip access-group 138 in

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface Serial0/2/0

ip address x.X.X.X (public ip @ ) 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

!

interface Dialer0

ip address negotiated

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xxxxxxxxxxxxxxxxx

ppp chap password xxxxxxxxxxxxxxxxx

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/2/0

ip route 0.0.0.0 0.0.0.0 ATM0/1/0.4

!

!

logging trap emergencies

access-list 128 permit tcp any X.X.X.X 0.0.0.3 eq smtp

access-list 128 permit tcp any X.X.X.X 0.0.0.3 eq ftp

access-list 128 permit tcp any X.X.X.X 0.0.0.3 eq ftp-data

access-list 128 deny ip any any

access-list 138 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

route-map PBR permit 10

match ip address 128

set ip next-hop x.X.X.X

!

route-map PBR permit 20

match ip address 138

set ip next-hop (adsl ip @)

!

!

!

!

control-plane

!

!

thank's

I have this problem too.
0 votes
Correct Answer by rtanner about 9 years 6 months ago

It is not clear to me that the access works without any PBR configured. Assuming it does ...

the serial interface has a mask of 255.255.255.252, so the IP address of the remote end can be worked out from this - it will be the next address up if your address is odd ( e.g .2 if you are .1) , or the next address down if your address is even ( e.g .1 if you are .2) . The route should not point to the router's local interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
rtanner Wed, 02/28/2007 - 14:50

Without knowing "how" it doesn't work ...

First , get the access working through your ADSL, then apply the PBR configs.

The PBR will only apply to the SMTP and FTP traffic, so you only need to set the next hop IP for this traffic ( ACL 128) . Normal destination-based routing will occur for the rest of the traffic.

! so remove

ip route 0.0.0.0 0.0.0.0 Serial0/2/0

! and remove as not required and is confusing me

access-list 128 deny ip any any

! and since normal routing is used for the ADSL traffic, remove

route-map PBR permit 20

match ip address 138

set ip next-hop (adsl ip @)

! and acl 138 is no longer required so can be removed.

ref: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml

One last thing, can you confirm that the next-hop IP address for the serial link is the remote end of the link?

hth,

Ross

slinky_cisco Wed, 02/28/2007 - 15:40

Well....speaking of load balancing, how can i load balance 2 serial internet connections to work together at the same time, for fail-over reasons.

note that they're p2p connections, connected to satellite modems.

youssef_bensouda Thu, 03/01/2007 - 05:56

i did it but it doesn't work also

when i apply the policy all traffic is bloced

http smt www

i remove ip route 0.0.0.0 0.0.0.0 Serial0/2/0

access-list 128 deny ip any any

route-map PBR permit 20

match ip address 138

set ip next-hop (adsl ip @)

the hext hope is the ip adresse of the serial interface in my router i have a

% Warning: Next hop address is our address

and i don't know the ip @ of my isp to make a next hope in ur opinion could that be the problem ?

Correct Answer
rtanner Sun, 03/04/2007 - 17:15

It is not clear to me that the access works without any PBR configured. Assuming it does ...

the serial interface has a mask of 255.255.255.252, so the IP address of the remote end can be worked out from this - it will be the next address up if your address is odd ( e.g .2 if you are .1) , or the next address down if your address is even ( e.g .1 if you are .2) . The route should not point to the router's local interface.

Actions

This Discussion