Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
3
Helpful
3
Replies

Simple dual WAN with load balancing and failover on the 1811

cowmixtoo
Level 1
Level 1

‎04-23-2009 11:50 PM - edited ‎03-04-2019 04:30 AM

I'm trying to follow the famous example here:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml

The only difference with my configuration is both of my ISP connections have static IPs (so it should be eaiser to configure you would think.)

Anyway I can only get one or the other connections to work, never both at the same time. Attached is my current config. This config the ETH0 is the one that most traffic goes over.

Current configuration : 7238 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

!

!

!

ip cef

ip domain name yourdomain.com

ip name-server 64.105.199.74

ip name-server 64.105.159.250

!

no ipv6 cef

multilink bundle-name authenticated

!

!

username root privilege 15 secret 5 $1$ifix$nrWAT5zZIA13Av41XLjMm/

archive

log config

hidekeys

!

!

track timer interface 5

!

!

!

interface FastEthernet0

description COVAD$ETH-LAN$

ip address cc.cc.cc.26 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet1

description VERIZON$ETH-LAN$

ip address vv.vv.vv.7 255.255.255.0

ip nat outside

ip virtual-reassembly

shutdown

duplex auto

speed auto

!

interface FastEthernet2

description 240 NAT

switchport access vlan 239

!

interface FastEthernet3

description 240 NAT

switchport access vlan 239

!

interface FastEthernet4

description 10 DIAG

!

interface FastEthernet5

description 10 DIAG

!

interface FastEthernet6

description 10 DIAG

!

interface FastEthernet7

description 10 DIAG

!

interface FastEthernet8

description 10 DIAG

!

interface FastEthernet9

description 10 DIAG

!

interface Vlan1

description DIAG VLAN$ETH-SW-LAUNCH$$INTF-INFO-FE 2$

ip address 10.10.10.1 255.255.255.248

ip tcp adjust-mss 1452

!

interface Vlan239

description THE NAT

ip address 192.168.140.2 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Async1

no ip address

encapsulation slip

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 vv.vv.vv.1 permanent

ip route 0.0.0.0 0.0.0.0 cc.cc.cc.25 permanent

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map fixed-covad interface FastEthernet0 overload

ip nat inside source route-map fixed-verizon interface FastEthernet1 overload

!

ip sla 1

icmp-echo vv.vv.vv.1 source-interface FastEthernet1

timeout 1000

threshold 40

frequency 3

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo cc.cc.cc.25 source-interface FastEthernet0

timeout 1000

threshold 40

frequency 3

ip sla schedule 2 life forever start-time now

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.140.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 23 permit 192.168.140.0 0.0.0.255

access-list 110 permit ip 192.168.140.0 0.0.0.255 any

no cdp run

!

!

!

route-map fixed-covad permit 10

match ip address 110

match interface FastEthernet0

set ip next-hop cc.cc.cc.25

!

route-map fixed-verzion permit 10

match ip address 110

match interface FastEthernet1

set ip next-hop vv.vv.vv.1

!

!

!

!

control-plane

!

line con 0

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

transport input telnet ssh

!

!

webvpn cef

end

Labels:
0 Helpful
3 Replies 3

Laurent Aubert
Cisco Employee
Cisco Employee

‎04-24-2009 06:14 AM

Hi,

I suppose you noticed Fast1 is in shutdown state.

Load-balancing is per flow so you need different combination of source and destination addresses.

Also I don't think you need the set ip next-hop in the route-map as the routing decision is already made.

Other than that I don't know why it shouldn't work.

HTH

Laurent.

cowmixtoo
Level 1
Level 1
In response to Laurent Aubert

‎04-24-2009 01:46 PM

The test I am doing is where I have a constant ping going out to a host on the general Internet. I take turns turning one connection off and the other on (and then vice versa) and the ping only persists when a certain connection is active.

I've corrected the issues you identified and the problem still persists.

0 Helpful

Laurent Aubert
Cisco Employee
Cisco Employee
In response to cowmixtoo

‎04-27-2009 07:38 AM

Hi,

It's due to the permanent keyword in your static route. Remove it from both routes so the route associated to a down interface will also be removed from the routing table.

HTH

Laurent.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card