After OER enabled, randomly unable to ping or SSH into router.

Unanswered Question
Mar 24th, 2008
User Badges:

Hello,


We currently have a multihomed Cisco 1811 running IOS 12.4.

FastEthernet0 (FE0) is assigned 1.1.1.1 from ISP-A. FastEthernet1 (FE1) is assigned 2.2.2.2 from ISP-B.


OER is configured and working well.


The problem I have is sometimes (randomly) various remote networks are unable to ping or SSH into the Router itself using ISP-A (1.1.1.1). They have to use ISP-B (2.2.2.2). Sometimes it is vice-versa.


I am assuming that this is caused by the OER algorithm setting a static route to the various destination networks.


I can set up a local policy to force any connections destined for FE0 to go back out FE0.


or...


I can set up a local policy to force any connections destined for FE1 to go back out FE1.


But...


I have been unable to determine how to create a local policy so that both FE0 and FE1 behave this way "simultaneously".


My question is:


1. Is it possible to set a local policy such that when a connection enters FE0, it is routed back through FE0 and when a connection enters FE1 it is routed back through FE1?


Thanks in advance.


Riaz Oosman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shailendra.singh Tue, 03/25/2008 - 00:07
User Badges:

Yes, Why not? You can use " match input-interface" in the route-map for this.

Thanks,

Shailendra


gfwireless Tue, 03/25/2008 - 05:10
User Badges:

Hi Shailendra,


Thanks for the reply.


I was unable to find "match input-interface" in a regular route-map statement. I did however find that it was applicable in a QOS class-map. Is this what you are referring to?


Thanks!


Riaz Oosman

gfwireless Mon, 04/07/2008 - 07:10
User Badges:

Hello,

Doing a little more research I believe I have solved my problem.


Global IP for FE0 is 1.1.1.1, default GW is 1.1.1.254


Global IP for FE1 is 2.2.2.2, default GW is 2.2.2.254



Here are the pertinent config entries that I created:


access-list 170 permit ip host 1.1.1.1 any

access-list 171 permit ip host 2.2.2.2 any

!

route-map equal-access permit 10

match ip address 170

set ip next-hop 1.1.1.254

!

route-map equal-access permit 20

match ip address 171

set ip next-hop 2.2.2.254

!

ip local policy route-map equal-access



This has been on a production router for several days now and we have not had any problems. If anyone sees a security or access issue, please post any corrections. Thanks.


Riaz...


Actions

This Discussion