I have an 1841 router with several WAN interfaces. What I am trying to accomplish is that if the Ethernet 0/1 interface is down, it will route traffic to the backup interface which is Serial 0/1/0.
Serial 0/0/0 and 0/0/1 are point to point T1 to a remote office and are intended to provide backup connectivity for a VPN between sites. As I am new to the situation and did not configure these, I'm not sure how these are set up and if they are even really being utilized, but for now my main purpose is to get a backup WAN set up.
Primary WAN is a Comcast cable connected to an ASA.
Secondary WAN is T1 on Serial 0/1/0.
When I pull the plug on the comcast connection, I can ping outside IPs but no web traffic gets through. I suspect this has something to do with the "set ip next-hop" configuration. From what I can tell the configuration is set to route all DNS, http and https traffic to this IP (the comcast IP) unless that IP is not accessible, then it would use the default route. I'm not very familiar with this and I am not seeing where there is a default route set to take over in case the comcast goes down. Any help would be appreciated.
Here is the running config:
Current configuration : 4469 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WMSavoy-McLeod ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model dot11 syslog ip source-route ! ! ! ! ip cef multilink bundle-name authenticated ! ! ! ! ! username --------
username -------- username -------- archive log config hidekeys ! ! controller T1 0/0/0 framing esf fdl ansi linecode b8zs channel-group 0 timeslots 1-24 ! controller T1 0/0/1 framing esf fdl ansi linecode b8zs channel-group 0 timeslots 1-24 ! ! ! ! interface Loopback0 ip address 22.214.171.124 255.255.255.255 ! interface Tunnel0 ip address 172.16.4.254 255.255.255.252 tunnel source 126.96.36.199 tunnel destination 188.8.131.52 tunnel mode ipip ! interface Multilink1 ip address 184.108.40.206 255.255.255.252 no ip redirects no ip proxy-arp no ip mroute-cache ppp multilink ppp multilink group 1 ! interface FastEthernet0/0 ip address 10.10.209.253 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 description Connected to ASA Firewall ip address 220.127.116.11 255.255.255.224 ip policy route-map comcast-redirect duplex auto speed auto ! interface Serial0/0/0:0 description Connected to 100 CC no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/0/1:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/1/0 description Connected to McLeod
ip address 18.104.22.168 255.255.255.252 encapsulation ppp service-module t1 timeslots 1-24 service-module t1 fdl ansi ! router eigrp 1 redistribute bgp 46210 route-map check-def passive-interface FastEthernet0/0 passive-interface Serial0/1/0 passive-interface Tunnel0 network 22.214.171.124 0.0.0.255 default-metric 10000 1000 255 1 1500 no auto-summary ! router bgp 46210 no synchronization bgp log-neighbor-changes bgp redistribute-internal network 126.96.36.199 mask 255.255.255.0 network 188.8.131.52 mask 255.255.255.0 neighbor 184.108.40.206 remote-as 46210 neighbor 220.127.116.11 ebgp-multihop 2 neighbor 18.104.22.168 version 4 neighbor 22.214.171.124 remote-as 1785 neighbor 126.96.36.199 version 4 neighbor 188.8.131.52 send-community neighbor 184.108.40.206 prefix-list BGPDefault in neighbor 220.127.116.11 route-map MCLEOD-BGP-IN in neighbor 18.104.22.168 route-map MCLEOD-BGP-OUT out no auto-summary ! ip forward-protocol nd ip route 10.225.103.0 255.255.255.0 172.16.4.253 ip route 22.214.171.124 255.255.255.0 Null0 ip route 126.96.36.199 255.0.0.0 172.16.4.253 ip route 188.8.131.52 255.255.255.0 Null0 ip route 184.108.40.206 255.255.0.0 172.16.4.253 ! no ip http server no ip http secure-server ! ! ip access-list extended dns-traffic permit udp any any eq domain ip access-list extended web-traffic permit tcp any any eq www permit tcp any any eq 443 ! ! ip prefix-list 220.127.116.11/24 seq 1 permit 18.104.22.168/24 ! ip prefix-list 22.214.171.124/24 seq 1 permit 126.96.36.199/24 ! ip prefix-list BGPDefault seq 5 permit 0.0.0.0/0 le 32 ! ip prefix-list def-route seq 5 permit 0.0.0.0/0 access-list 14 permit 188.8.131.52 access-list 14 permit 184.108.40.206 access-list 60 permit 220.127.116.11 access-list 60 permit 18.104.22.168 access-list 60 permit 22.214.171.124 access-list 60 permit 126.96.36.199 access-list 60 permit 188.8.131.52 access-list 60 permit 184.108.40.206 access-list 60 permit 220.127.116.11 snmp-server community 1ntegrity RO 60 snmp-server community integrity RW 60 snmp-server ifindex persist snmp-server enable traps tty snmp-server manager snmp-server inform timeout 10 pending 10 disable-eadi route-map MCLEOD-BGP-OUT permit 1 match ip address prefix-list 18.104.22.168/24 ! route-map MCLEOD-BGP-OUT permit 2 match ip address prefix-list 22.214.171.124/24 set as-path prepend 46210 46210 46210 set community 116981830 ! route-map check-def permit 10 match ip address prefix-list def-route ! route-map comcast-redirect permit 10 match ip address web-traffic dns-traffic set ip next-hop 126.96.36.199 set interface FastEthernet0/1 ! route-map MCLEOD-BGP-IN permit 1 match ip address prefix-list def-route ! ! ! control-plane ! ! line con 0 login local line aux 0 login local line vty 0 4 access-class 60 in login local ! scheduler allocate 20000 1000 end
i can see that you are running eigrp with ASA and bgp on ser0/1/0, so if your eth0/1 will go down eigrp will go down and you should automatically route out to ser0/1/0 and i do not see any issue with it as long as your bgp is established and working fine on ser0/1/0, sam can be confirmed with:
sh ip bgp sum
sh ip bgp
on your route-map applied on eth0/1 that is your return traffic coming from ASA and not sure what is the purpose of it but it will only effect traffic coming from ASA not outgoing traffic.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.