Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

backup interface fastethernet

Hello,

I have a 2811 router with two fastethernet interfaces, and a switch card. I've configured one interface 0/0 like the primary, and the second one 0/1 like a backup, but I have some doubts. This is the configuration of the interfaces,

interface FastEthernet0/0

backup delay 10 30

backup interface fastethernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.100.100.20 255.255.255.0

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

Mi doubts are:

I had this nat configuration:

ip nat inside source list 102 interface fastEthernet0/0 overload

!

access-list 102 permit ip 192.168.4.0 0.0.0.255 any

But, what happen if the interface working is the backup, do I have to change this configuration to make it work? because the interface can be 0/0 or 0/1, but how do I configure both of them?

And the other doubt:

I have a VPN with a tunnel with this configuration:

interface Tunnel1

ip address 10.1.1.6 255.255.255.252

keepalive 10 3

tunnel source FastEthernet0/0

tunnel destination 216.7.149.150

crypto map IPSEC_VPN

And I don't know what to do whit the configuration of tunnel source, because sometimes it will be fastethernet0/0 and others fastethernet0/1.

Can somebody help me with my doubts?

Thanks

Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: backup interface fastethernet

Hi,

Just as you configure the first one:

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

The 2nd one will be in the configuration but not in the routing table unless the primary interface is down.

HTH

Laurent.

5 REPLIES
Cisco Employee

Re: backup interface fastethernet

Hi,

Your doubts are correct.

Here is the NAT configuration you should use:

ip nat inside source route-map backup interface FastEthernet0/1 overload

ip nat inside source route-map primary interface FastEthernet0/0 overload

!

route-map backup permit 10

match ip address 102

match interface FastEthernet0/1

!

route-map primary permit 10

match ip address 102

match interface FastEthernet0/0

!

Regarding your GRE tunnel, I see two solutions:

1-Create a second GRE tunnel identical to the first one except it will use Fas1/0 as its source address. It should work as only one tunnel will be UP at a time. Don't forget the backup route for your VPN traffic,

2- You could de-correlate the GRE IP header and the IPSec IP Header:

- Apply your crypto-map on Fast0/0 and 1/0

- Use Private loopback address for your tunnel source and destination

- Configure IPSec in Tunnel mode if it's currently in transport mode.

-Update the ACL used by the crypto-map to match the new tunnel addresses.

This way, GRE packets will be routed either to F0/0 or 0/1 and will be intercepted by the crypto-map which will encrypt those packets.

Also don't forget to add a 2nd default-route pointing to your backup interface.

HTH

Laurent.

New Member

Re: backup interface fastethernet

Thanks a lot for your reply Laurent.

I have another question to ask you, is about the routes:

I have this route,

ip route 0.0.0.0 0.0.0.0 [next_hop_IP]

but with the backup interface next hop is different. How can I configure this 2 routes for primay and backup?

Thanks

Cisco Employee

Re: backup interface fastethernet

Hi,

Just as you configure the first one:

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

The 2nd one will be in the configuration but not in the routing table unless the primary interface is down.

HTH

Laurent.

New Member

Re: backup interface fastethernet

Thanks a lot Laurent.

It worked!!

Regards.

New Member

Re: backup interface fastethernet

Marian:

You have an interesting set up.

May I ask you a few questions?

What are your ethernet interfaces connected to?

Why have you only configured an IP address on the backup and not the primary?

I have seen configurations in which the backup interface is a dialer or a BRI with its own IP address. Also, the failover was predictable in that if the primary serial interface failed, the BRI would dial out to create a backup.

What happens in your case when the primary fails?

Can you elaborate a bit on the requirements and how you are meeting them?

Thanks for your time

947
Views
5
Helpful
5
Replies