After OER enabled, randomly unable to ping or SSH into router.

Unanswered Question
Mar 24th, 2008

Hello,

We currently have a multihomed Cisco 1811 running IOS 12.4.

FastEthernet0 (FE0) is assigned 1.1.1.1 from ISP-A. FastEthernet1 (FE1) is assigned 2.2.2.2 from ISP-B.

OER is configured and working well.

The problem I have is sometimes (randomly) various remote networks are unable to ping or SSH into the Router itself using ISP-A (1.1.1.1). They have to use ISP-B (2.2.2.2). Sometimes it is vice-versa.

I am assuming that this is caused by the OER algorithm setting a static route to the various destination networks.

I can set up a local policy to force any connections destined for FE0 to go back out FE0.

or...

I can set up a local policy to force any connections destined for FE1 to go back out FE1.

But...

I have been unable to determine how to create a local policy so that both FE0 and FE1 behave this way "simultaneously".

My question is:

1. Is it possible to set a local policy such that when a connection enters FE0, it is routed back through FE0 and when a connection enters FE1 it is routed back through FE1?

Thanks in advance.

Riaz Oosman

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shailendra.singh Tue, 03/25/2008 - 00:07

Yes, Why not? You can use " match input-interface" in the route-map for this.

Thanks,

Shailendra

gfwireless Tue, 03/25/2008 - 05:10

Hi Shailendra,

Thanks for the reply.

I was unable to find "match input-interface" in a regular route-map statement. I did however find that it was applicable in a QOS class-map. Is this what you are referring to?

Thanks!

Riaz Oosman

gfwireless Mon, 04/07/2008 - 07:10

Hello,

Doing a little more research I believe I have solved my problem.

Global IP for FE0 is 1.1.1.1, default GW is 1.1.1.254

Global IP for FE1 is 2.2.2.2, default GW is 2.2.2.254

Here are the pertinent config entries that I created:

access-list 170 permit ip host 1.1.1.1 any

access-list 171 permit ip host 2.2.2.2 any

!

route-map equal-access permit 10

match ip address 170

set ip next-hop 1.1.1.254

!

route-map equal-access permit 20

match ip address 171

set ip next-hop 2.2.2.254

!

ip local policy route-map equal-access

This has been on a production router for several days now and we have not had any problems. If anyone sees a security or access issue, please post any corrections. Thanks.

Riaz...

Actions

This Discussion