Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1639
Views
5
Helpful
5
Replies

backup interface fastethernet

Go to solution
usuario0001
Level 1
Level 1

‎04-24-2009 12:25 AM - edited ‎03-04-2019 04:30 AM

Hello,

I have a 2811 router with two fastethernet interfaces, and a switch card. I've configured one interface 0/0 like the primary, and the second one 0/1 like a backup, but I have some doubts. This is the configuration of the interfaces,

interface FastEthernet0/0

backup delay 10 30

backup interface fastethernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.100.100.20 255.255.255.0

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

Mi doubts are:

I had this nat configuration:

ip nat inside source list 102 interface fastEthernet0/0 overload

!

access-list 102 permit ip 192.168.4.0 0.0.0.255 any

But, what happen if the interface working is the backup, do I have to change this configuration to make it work? because the interface can be 0/0 or 0/1, but how do I configure both of them?

And the other doubt:

I have a VPN with a tunnel with this configuration:

interface Tunnel1

ip address 10.1.1.6 255.255.255.252

keepalive 10 3

tunnel source FastEthernet0/0

tunnel destination 216.7.149.150

crypto map IPSEC_VPN

And I don't know what to do whit the configuration of tunnel source, because sometimes it will be fastethernet0/0 and others fastethernet0/1.

Can somebody help me with my doubts?

Thanks

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee
In response to usuario0001

‎04-27-2009 09:58 AM

Hi,

Just as you configure the first one:

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

The 2nd one will be in the configuration but not in the routing table unless the primary interface is down.

HTH

Laurent.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee

‎04-24-2009 06:45 AM

Hi,

Your doubts are correct.

Here is the NAT configuration you should use:

ip nat inside source route-map backup interface FastEthernet0/1 overload

ip nat inside source route-map primary interface FastEthernet0/0 overload

!

route-map backup permit 10

match ip address 102

match interface FastEthernet0/1

!

route-map primary permit 10

match ip address 102

match interface FastEthernet0/0

!

Regarding your GRE tunnel, I see two solutions:

1-Create a second GRE tunnel identical to the first one except it will use Fas1/0 as its source address. It should work as only one tunnel will be UP at a time. Don't forget the backup route for your VPN traffic,

2- You could de-correlate the GRE IP header and the IPSec IP Header:

- Apply your crypto-map on Fast0/0 and 1/0

- Use Private loopback address for your tunnel source and destination

- Configure IPSec in Tunnel mode if it's currently in transport mode.

-Update the ACL used by the crypto-map to match the new tunnel addresses.

This way, GRE packets will be routed either to F0/0 or 0/1 and will be intercepted by the crypto-map which will encrypt those packets.

Also don't forget to add a 2nd default-route pointing to your backup interface.

HTH

Laurent.

Go to solution
usuario0001
Level 1
Level 1
In response to Laurent Aubert

‎04-27-2009 12:33 AM

Thanks a lot for your reply Laurent.

I have another question to ask you, is about the routes:

I have this route,

ip route 0.0.0.0 0.0.0.0 [next_hop_IP]

but with the backup interface next hop is different. How can I configure this 2 routes for primay and backup?

Thanks

0 Helpful

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee
In response to usuario0001

‎04-27-2009 09:58 AM

Hi,

Just as you configure the first one:

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

The 2nd one will be in the configuration but not in the routing table unless the primary interface is down.

HTH

Laurent.

0 Helpful

Go to solution
usuario0001
Level 1
Level 1
In response to Laurent Aubert

‎05-05-2009 03:36 AM

Thanks a lot Laurent.

It worked!!

Regards.

0 Helpful

Go to solution
visitor68
Level 4
Level 4
In response to usuario0001

‎05-05-2009 06:38 AM

Marian:

You have an interesting set up.

May I ask you a few questions?

What are your ethernet interfaces connected to?

Why have you only configured an IP address on the backup and not the primary?

I have seen configurations in which the backup interface is a dialer or a BRI with its own IP address. Also, the failover was predictable in that if the primary serial interface failed, the BRI would dial out to create a backup.

What happens in your case when the primary fails?

Can you elaborate a bit on the requirements and how you are meeting them?

Thanks for your time

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card