07-11-2008 11:32 AM - edited 03-03-2019 10:41 PM
I have two ISPs connected to my 2611XM. I use Cable connection as the primary connection and want to use DSL as the backup. I tried doing this using the track 123 rtr 1 reachability but couldn't get it working. I would appreciate if anyone could help me on this. Here's the config on the router. Also attached is the diagram for my topology (failover.jpeg)
c2600-adventerprisek9-mz.124-17.bin
FAILOVER#sh run
Building configuration...
Current configuration : 2314 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname FAILOVER
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
!
aaa session-id common
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool FAILOVER
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.2 42.63.84.25
lease 4
!
!
ip sla monitor 1
type echo protocol ipIcmpEcho 42.63.95.1 source-interface FastEthernet0/1
timeout 1000
threshold 40
frequency 3
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 131.10.28.24 source-interface Dialer1
timeout 1000
threshold 40
frequency 3
ip sla monitor schedule 2 life forever start-time now
vpdn enable
!
track timer interface 5
!
track 123 rtr 1 reachability
delay down 15 up 10
!
track 345 rtr 2 reachability
delay down 15 up 10
!
interface FastEthernet0/0
description INTERNAL_LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed 100
!
interface FastEthernet0/1
description CABLE
ip address 42.x.x.47 255.255.252.0
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface Ethernet1/0
description DSL
no ip address
half-duplex
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname username
ppp chap password xxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 42.63.95.1 track 123
!
no ip http server
no ip http secure-server
ip nat inside source route-map CABLE interface FastEthernet0/1 overload
ip nat inside source route-map DSL interface Dialer1 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map CABLE permit 10
match ip address 100
match interface FastEthernet0/1
!
route-map DSL permit 10
match ip address 100
match interface Dialer1
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
FAILOVER#
Solved! Go to Solution.
07-13-2008 02:34 AM
Hi,
No idea, you should look at SIP traces to see what's going on.
Perhaps the server is not configured to handle the phones coming in with another address.
As an appreciation to those providing answers, please rate useful posts with the scrollbox below!
07-11-2008 12:00 PM
What is not working exactly?
If the issue is that the NAT translations remaining after a route is removed, you should use "oer" keyword in "ip nat ....". I'm not sure it is available in 12.4 mainline, however.
07-11-2008 12:09 PM
Thanks for you reply.
The failover doesn't happen at all. AFter the cable link goes down the traffic doesn't transition to DSL.
I am sure that there's something that I did wrong in the configuration.
Thanks in advance for your response.
07-11-2008 12:20 PM
Hi,
indeed you also need a default route with higher distance (aka floating) pointing to dialer interface.
07-11-2008 12:26 PM
Does the backup floating route also need to have a track
I tried using
ip route 0.0.0.0 0.0.0.0 dialer 1 track 345
But that also did not work.
I didn't try using it with a higher metric though.
Any thoughts would be appreciated.
07-11-2008 01:44 PM
Hi there,
I did a floating route as you said.
ip route 0.0.0.0 0.0.0.0 dialer 1 5
Now the backup route kicks in after the primary route fails. But I have to clear NAT translations before a host could go to outside world.
I don't have the option to use ip nat translation tcp-timeout OR udp-timeout because there are application which will not work after doing this.
I would really appreciate if you could guide me little more as I think that I am somewhere near to get it working.
P.S. I read something about Stateful NAT, not sure though if that fits in my issue or not.
07-12-2008 01:59 AM
Hi, as you found yourself, you don't need a tracking statement if the DSL access is meant for backup only.
I don't think stateful NAT would help as it is meant to address other needs (equipment redundancy rather than circuit redundancy).
What you need is to upgrade to one of the latest 12.4 T releases, once you configure the oer keyword to "ip nat ...", all translation should be removed once the primary route is no more.
Of course from that point on, traffic to the internet would take the DSL address, as you cannot use an address belonging to a circuit to a different one, and there is no configuration or workaround that would allow that.
Hope this helps, please rate post if it does!
07-12-2008 08:22 PM
Hi there,
Thank you so much for your guidance. I used oer at the end of IP nat statement and it works.
The small problem here is that my computer works fine after a failover happens however, my ip phones (registering with asterisk server) don't work. I tried decreasing the registeration time to 60 seconds. But again the phone doesn't register and cannot do outbound and inbound calls. This also happens with Soft phone.
I also tried using
ip nat translation udp-timeout 10 (thinking that after every 10 seconds the entry will delete and the phone will create new entry).
Any suggestions on this would be highly appreciated.
07-13-2008 02:34 AM
Hi,
No idea, you should look at SIP traces to see what's going on.
Perhaps the server is not configured to handle the phones coming in with another address.
As an appreciation to those providing answers, please rate useful posts with the scrollbox below!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: