10-04-2017 02:11 AM - edited 03-01-2019 06:10 PM
Hy Everybody.
I have a Cisco router 1800 and i would like use FailOver.
I have my Configuration whch works but i still have a little detail to solve.
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname routeur-cisco1811 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 XXXXXXX/ ! aaa new-model ! ! aaa authentication login default local ! ! aaa session-id common ! ! dot11 syslog ip source-route ! ! ip dhcp excluded-address 192.168.3.1 ip dhcp excluded-address 192.168.3.2 192.168.3.99 ip dhcp excluded-address 192.168.3.200 192.168.3.252 ip dhcp excluded-address 192.168.3.254 ip dhcp excluded-address 192.168.3.253 ! ip dhcp pool CASA_LAN network 192.168.3.0 255.255.255.0 dns-server 8.8.8.8 default-router 192.168.3.254 ! ! ip cef no ip domain lookup ip domain name domoticity.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 no ipv6 cef ! multilink bundle-name authenticated ! ! ! username domoticity privilege 15 secret 5 XXXXXXX ! ! ! archive log config hidekeys ! ! ip ssh time-out 60 ip ssh logging events ip ssh version 2 ! track 1 ip sla 1 reachability ! track 2 ip sla 2 reachability ! track 3 list boolean and object 1 object 2 ! ! ! interface FastEthernet0 description Acces principal FTTH ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 description Acces secour 3/4G ip address 10.0.0.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet2 switchport access vlan 2 ! interface FastEthernet3 switchport access vlan 3 ! interface FastEthernet4 switchport access vlan 4 ! interface FastEthernet5 switchport access vlan 5 ! interface FastEthernet6 switchport access vlan 6 ! interface FastEthernet7 switchport access vlan 7 ! interface FastEthernet8 switchport access vlan 8 ! interface FastEthernet9 switchport access vlan 9 ! interface Vlan1 no ip address ! interface Vlan2 description domoticity ip address 192.168.2.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan3 description casa ip address 192.168.3.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan4 description stockage ip address 192.168.4.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan5 description domotique et cameras ip address 192.168.5.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan6 description sentinelle ip address 192.168.6.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan7 description Monotoring surveillance generale ip address 10.1.1.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan8 description Orange travail ip address 192.168.8.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan9 description Serveurs multimedia ip address 192.168.9.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Async1 no ip address encapsulation slip ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3 ip route 0.0.0.0 0.0.0.0 10.0.0.1 10 ip route 90.116.11.243 255.255.255.255 192.168.1.1 no ip http server no ip http secure-server ! ! ip nat inside source route-map BACKUP_ISP interface FastEthernet1 overload ip nat inside source route-map MAIN_ISP interface FastEthernet0 overload ! ip sla 1 icmp-echo 192.168.1.1 source-ip 192.168.1.254 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 90.116.11.243 source-ip 192.168.1.254 ip sla schedule 2 life forever start-time now access-list 100 permit ip 192.168.2.0 0.0.0.255 any access-list 100 permit ip 192.168.3.0 0.0.0.255 any access-list 100 permit ip 192.168.4.0 0.0.0.255 any access-list 100 permit ip 192.168.5.0 0.0.0.255 any access-list 100 permit ip 192.168.6.0 0.0.0.255 any access-list 100 permit ip 192.168.8.0 0.0.0.255 any access-list 100 permit ip 192.168.9.0 0.0.0.255 any access-list 100 permit ip 10.1.1.0 0.0.0.255 any ! ! ! ! route-map BACKUP_ISP permit 10 match ip address 100 match interface FastEthernet1 ! route-map MAIN_ISP permit 10 match ip address 100 match interface FastEthernet0 ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! event manager applet CLEAR_NAT_DOWN event track 3 state down action 1.0 cli command "enable" action 2.0 cli command "clear ip nat translations forced" event manager applet CLEAR_NAT_UP event track 3 state up action 1.0 cli command "enable" action 2.0 cli command "clear ip nat translations forced" ! end
So i have a Fiber Box where is connected the wan1 (FastEthernet0) and a 3gBox where is connected the wan2 (FastEthernet1).
When disconnect the wan 1,it balances to wan2. And when i connect again the wan 1,it balances to wan1.
In my configuration, in red you have my ISP ip.
My provider changes my ISP ip sometimes and every internet Cut.
I have a FQDNs at noip.
a very nice person from the forum :), tells me that i can't remplace my ISP ip by my FQDNS and it's better to turn to a EEEM script.
I know only do bash and php script.But no EEEm Scripts.
Some can help me please :)
Solved! Go to Solution.
12-12-2017 03:46 AM
You need to post the debug output when you execute the policy using the track event detector. The debug output will appear on any monitored line.
10-04-2017 09:42 AM
Can you just try to ping Internet Server, i think is not reliable to just check your LAN IP and WAN IP ?
you are arlready using this DNS servers, you can easily check the reachibility of this two servers or other or more, just to tune polling interval to not flood internet servers :-) ?
10-04-2017 10:55 AM
I'm not sure I understand. You're saying that the red IP is your ISP's address or the address the ISP gives to you? If this is your IP that the provider has handed you, and it will change, then you could do something like this:
event manager applet get-my-ip
event none
action 1.0 cli command "enable"
action 2.0 cli command "ping ip DOMAIN_NAME repeat 1"
action 3.0 regexp "Echoes to ([0-9.]+)" $_cli_result match ip
action 4.0 puts "My IP is $ip"
Then you can use the $ip variable where you need it (such as reconfiguring things).
10-04-2017 12:47 PM
Hy,
Thaks for your answer.
Yes it's the Address Ip that gives me my ISP.
So i deleted the route with the IP in red and the ip sla 2 and i put your script,isn't it?
Sorry but i begin and a lot of thing are still difficult to understand
10-05-2017 06:57 AM
You don't need to delete the lines with red. You can add the following to the end of the applet I provided:
action 5.0 cli command "config t"
action 6.0 cli command "ip route $ip 255.255.255.255 192.168.1.1"
Fill in the configuration commands you need as additional actions. Use the variable "$ip" to mean your IP address.
The trick will be what the trigger for the applet is. It sounds like when the WAN interface bounces your IP could change? If that is the case you may want to use a syslog trigger:
event syslog pattern "LINEPROTO.*FastEthernet0.*changed state to up"
11-30-2017 03:08 PM
Hy,
i know i have take a lot of time to answer. ^^
I have tested what you said :
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname routeur-cisco1811 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 XXXXXXXX/ ! aaa new-model ! ! aaa authentication login default local ! ! aaa session-id common ! ! dot11 syslog ip source-route ! ! ip dhcp excluded-address 192.168.3.1 ip dhcp excluded-address 192.168.3.2 192.168.3.99 ip dhcp excluded-address 192.168.3.200 192.168.3.252 ip dhcp excluded-address 192.168.3.254 ip dhcp excluded-address 192.168.3.253 ! ip dhcp pool CASA_LAN network 192.168.3.0 255.255.255.0 dns-server 8.8.8.8 default-router 192.168.3.254 ! ! ip cef no ip domain lookup ip domain name domoticity.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 no ipv6 cef ! multilink bundle-name authenticated ! ! ! username domoticity privilege 15 secret 5 XXXXXXXX ! ! ! archive log config hidekeys ! ! crypto key generate rsa modulus 1024 ! ip ssh time-out 60 ip ssh logging events ip ssh version 2 ! track 1 ip sla 1 reachability ! track 2 ip sla 2 reachability ! track 3 list boolean and object 1 object 2 ! ! ! interface FastEthernet0 description Acces principal FTTH ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto no shutdown ! interface FastEthernet1 description Acces secour 3/4G ip address 10.0.0.254 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto no shutdown ! interface FastEthernet2 switchport access vlan 2 no shutdown ! interface FastEthernet3 switchport access vlan 3 no shutdown ! interface FastEthernet4 switchport access vlan 4 no shutdown ! interface FastEthernet5 switchport access vlan 5 no shutdown ! interface FastEthernet6 switchport access vlan 6 no shutdown ! interface FastEthernet7 switchport access vlan 7 no shutdown ! interface Vlan1 no ip address ! interface Vlan2 description domoticity ip address 192.168.2.254 255.255.255.0 ip nat inside ip virtual-reassembly no shutdown ! interface Vlan3 description casa and multimedia ip address 192.168.3.254 255.255.255.0 ip nat inside ip virtual-reassembly no shutdown ! interface Vlan4 description stock and print ip address 192.168.4.254 255.255.255.0 ip nat inside ip virtual-reassembly no shutdown ! interface Vlan5 description domotique and camera ip address 192.168.5.254 255.255.255.0 ip nat inside ip virtual-reassembly no shutdown ! interface Vlan6 description tower control ip address 10.1.1.254 255.255.255.0 ip nat inside ip virtual-reassembly no shutdown ! interface Vlan7 description Orange travail ip address 192.168.7.254 255.255.255.0 ip nat inside ip virtual-reassembly no shutdown ! ! interface Async1 no ip address encapsulation slip ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 3 ip route 0.0.0.0 0.0.0.0 10.0.0.1 10 no ip http server no ip http secure-server ! ! ip nat inside source route-map BACKUP_ISP interface FastEthernet1 overload ip nat inside source route-map MAIN_ISP interface FastEthernet0 overload ! ip sla 1 icmp-echo 192.168.1.1 source-ip 192.168.1.254 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 90.116.13.81 source-ip 192.168.1.254 ip sla schedule 2 life forever start-time now access-list 100 permit ip 192.168.2.0 0.0.0.255 any access-list 100 permit ip 192.168.3.0 0.0.0.255 any access-list 100 permit ip 192.168.4.0 0.0.0.255 any access-list 100 permit ip 192.168.5.0 0.0.0.255 any access-list 100 permit ip 192.168.6.0 0.0.0.255 any access-list 100 permit ip 192.168.7.0 0.0.0.255 any access-list 100 permit ip 10.1.1.0 0.0.0.255 any ! ! ! ! route-map BACKUP_ISP permit 10 match ip address 100 match interface FastEthernet1 ! route-map MAIN_ISP permit 10 match ip address 100 match interface FastEthernet0 ! ! ! control-plane ! banner login ^C Acces restreint, avec identification !!!!^C banner motd ^C @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@ @@ @@ @@ ROUTEUR CISCO @@ @@ @@ @@ @@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@ @@ @@ @@ Casa @@ @@ @@ @@ & @@ @@ @@ @@ Domoticity @@ @@ @@ @@ @@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @: domoticity@gmail.com ^C ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! event manager applet CLEAR_NAT_DOWN event track 3 state down action 1.0 cli command "enable" action 2.0 cli command "clear ip nat translations forced" event manager applet CLEAR_NAT_UP event track 3 state up action 1.0 cli command "enable" action 2.0 cli command "clear ip nat translations forced" ! ! ! ! event manager applet get-my-ip event none action 1.0 cli command "enable" action 2.0 cli command "ping ip domoticity.ddns.net repeat 1" action 3.0 regexp "Echoes to ([0-9.]+)" $_cli_result match ip action 4.0 puts "My IP is $ip" action 5.0 cli command "config t" action 6.0 cli command "ip route $ip 255.255.255.255 192.168.1.1" ! ! ! end
And that's i have when i do a sho ip route
routeur-cisco1811#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 10.0.0.1 to network 0.0.0.0 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet1 C 192.168.1.0/24 is directly connected, FastEthernet0 S* 0.0.0.0/0 [10/0] via 10.0.0.1
It doesn't work and i don't see my Error.
Can you help me please :)
To say you again what i would like to do.
My provider change sometimes the public IP.
And it's just to update my public ip in the Cisco Router
Thanks
12-01-2017 07:55 AM
The example I gave you will require you to execute "event manager run get-my-ip" from EXEC mode. Then it should print the IP and change the route. If you need this to be automatically triggered, what do you want the trigger to be?
12-01-2017 08:47 AM
Hy
Thanks a lot to answer me.
This, can be the trigger?
ip sla 2 icmp-echo 90.116.13.81 source-ip 192.168.1.254
90.116.13.81 was my public ip when i have wrote.
But it was changed
So i wanted to remplace the ip automatically
12-01-2017 09:00 AM
You can do something like:
event track 2 state down
Then, when the track goes down, the IP will change.
12-01-2017 09:18 AM
I don't see how i can introduce.
Can you give me an Example plsea, i am still newby and learn a lot everyday.
12-01-2017 09:20 AM
event manager applet get-my-ip
event track 2 state down
The rest of your applet remains the same. Then you should see the route change when the track goes down.
12-01-2017 09:49 AM
thank you
So i have understood
event manager applet get-my-ip event manager track 2 state down event none action 1.0 cli command "enable" action 2.0 cli command "ping ip domoticity.ddns.net repeat 1" action 3.0 regexp "Echoes to ([0-9.]+)" $_cli_result match ip action 4.0 puts "My IP is $ip" action 5.0 cli command "config t" action 6.0 cli command "ip route $ip 255.255.255.255 192.168.1.1"
And after
If iam not in wrong,
ip sla 2 icmp-echo 90.116.13.81 source-ip 192.168.1.254 ip sla schedule 2 life forever start-time now
This is it which balances between my fiber connexion and my 4g connexion.
So i must introduce it in my applet like this :
action 7.0 cli command "ip sla 2"
action 8.0 "icmp-echo $ip source-ip 192.168.1.254"
Action 9.0 "ip sla schedule 2 life forever start-time now"
12-01-2017 10:05 AM
Remove the "event none". Yes, if you need to reconfigure ip sla 2 so that you're pinging your external IP, then what you have is good. Just add:
action 6.1cli command "no ip sla 2"
12-01-2017 11:14 AM
I do it.
But i stay in 4g connexion.
So i have tested a part of the applet
ing ip domoticity.ddns.net
routeur-cisco1811#ping ip domoticity.ddns.net Translating "domoticity.ddns.net" % Unrecognized host or address, or protocol not running. routeur-cisco1811#ping ip domoticity.ddns.net repeat 1 Translating "domoticity.ddns.net" Translating "ip" ^ % Invalid input detected at '^' marker. routeur-cisco1811#
I don't understand what's wrong
I have tested ping domoticity.ddns.net with my mobile and it's ok
12-01-2017 11:47 AM
You have "no ip domain lookup" in your config. Configure "ip domain lookup" instead and it should work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide