Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1811 router dual Internet connections

Hello all!

Looking for a little bit of help, please.

Company has an 1811 router, running version 12.4(6)T7 IOS. We have 1 broadband Internet connection with static IP into FastEthernet0. I would like to add a different slower broadband IP DHCP type into FastEthernet1 for backup and redundancy purposes.

My goal is backup and redundcany, and load balance outbound web browsing, if possible.

I have looked at Cisco doc #99427, but that is a slightly different config than I am working with and I can't quite follow where the doc is getting some of its parameters.

I can post my current config if someone is willing to help or has a similar working config that I can mirror with obvious IP changes.

Thanks, the recent ice storms in the midwest have brought this to fore front and I need to get this working.

Thank You

Brian

38 REPLIES
Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

Let's see the config.

New Member

Re: Cisco 1811 router dual Internet connections

Config contained in attached TXT file.

THANK YOU for you help.

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

ip sla 1

icmp-echo 216.203.117.81

frequency 5

ip sla schedule 1 life forever start-time now

track 1 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 216.203.117.81 track 1

ip route 0.0.0.0 0.0.0.0 FastEthernet1 20

ip nat inside source route-map primary-nat interface FastEthernet0 overload oer

ip nat inside source route-map backup-nat interface FastEthernet1 overload oer

route-map primary-nat permit 10

match ip address 1

set ip next-hop verify-availability 216.203.117.81 track 1

!

route-map backup-nat permit 10

match ip address 1

set interface fastethernet1

_____________

I'm afraid you will have problems with the static NATs as you can't do extendable with interface as the global address.

New Member

Re: Cisco 1811 router dual Internet connections

Edison,

First, Thank You so much for stepping up.

I understand the issues with static NAT. One piece I still don't get, where do I define trck 1 rtr 1 as being my FastEthernet0 connection. Or, is that unnecessary? The doc #99427, also defined an sla 2 on the second Internet connection, is that needed?

Does your solution provide redundancy only or both load-balancing & redundancy on the outbound traffic?

Thanks

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

The SLA pings FastEthernet0's gateway. If FasEthernet0 connection is down, you should be unable to ping the gateway.

Once the gateway is unreachable the track will be marked down and subsequently the ip route will be removed since it has tracking enabled.

OER on the NAT will enable the changeover once the state of the SLA changes.

The rest is very straight forward.

I've implemented this config on some of my customers and suggested to other members of this community, with success.

New Member

Re: Cisco 1811 router dual Internet connections

When inputting commands I am getting bad responses on the oer in the ip nat commands and also on the route-map primary section on the track 1 command.

I am just copying & pasting, so its not typos. Ideas?

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

Argh, IOS limitations. OER may not be supported on some IOS versions, let me check which IOS is supported under 1811.

New Member

Re: Cisco 1811 router dual Internet connections

Edison,

Attached is an updated config, showing IOS information at the top. This new version also contains the lines I was successful in adding based upon your suggested config.

Looking FWD to your next response.

Thanks again for your help.

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

12.4(15)T supports it.

New Member

Re: Cisco 1811 router dual Internet connections

OK, so I need an IOS update. Will do that and get back to you Monday. THANKS! Have a good weekend.

New Member

Re: Cisco 1811 router dual Internet connections

Alright, I updated the IOS on the router to version you specified.

Completed input of your commands. Though I called my track 123, instead of track 1.

Disconnected cable from FE0 on router. Appears failover did NOT work, as I could not browse anywhere. Waited and tried for several minutes in case failover takes a little while, still no luck.

Have attached new updated config, showing all commands and updated IOS. Please review and tell me what I missed or screwed up.

THANKS!

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

Remove

ip nat inside source list 1 interface FastEthernet0 overload

Also, can you verify if you can ping 216.203.117.81 while FE0 is down ?

If so, IP SLA won't declare the track as down.

New Member

Re: Cisco 1811 router dual Internet connections

Your second issue brings up an interesting question on my part. Since both my connections are broadband, through diff carriers and speeds. I have a carrier provided high-speed modem on both connections. Typically the gateway declared on a router would point you to the modem. Since the modem is on my premise that might not be a good IP SLA test, if the carrier circuit is down beyond the modem. Can I substitute a different IP address in the IP SLA section for testing?

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

> Can I substitute a different IP address in the IP SLA section for testing?

Yes, but you need to make sure the track is declared down for switchover.

You can add the source-interface on the IP SLA configuration to ensure the ping is leaving the proper interface.

New Member

Re: Cisco 1811 router dual Internet connections

Correct syntax for adding the source-interface, please? I am currently determining the next up stream point to use as my test address.

Also, when the primary comes back online, what causes the router the switch back over to that connection for routing traffic?

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

1.

ip sla 1

icmp-echo 216.203.117.81 source-ipaddr x.x.x.x

frequency 5

ip sla schedule 1 life forever start-time now

2.

The SLA will ping the destination IP for an x interval. Once the destination IP replies, the track is up and reinstated.

New Member

Re: Cisco 1811 router dual Internet connections

Still have an issue. I unplug the cable from FE0 and try for several minutes but never ever to browse out over backup connection. Backup connection is up and has DHCP assigned address. But traffic not routing, I think.

I even unplug the backup connection from FE1 and plug directly into laptop. Laptop gets DHCP assigned address and is able to browse out, so I know circuit is working.

I must be missing something else.

Ideas....

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

> Backup connection is up and has DHCP assigned address. But traffic not routing, I think.

You can verify if routing is working or not by pinging the internet sourcing from that interface.

Example,

ping 4.2.2.1 source fastethernet1

Can you post the output from

show ip nat trans

show track

and

show ip interface brief | ex una

while the FE0 is down ?

New Member

Re: Cisco 1811 router dual Internet connections

Edison,

Sorry for the lengthy delay over the holiday season. I hope you are still watching this thread. I have done as you advised and have attached the output you ask for.

Still not working and when I do the testing, I have a tough time getting the router to see that FE0 is back online after test and getting traffic to route back to the primary.

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

Let's see your current config.

I believe the nat timeout would help on this situation.

New Member

Re: Cisco 1811 router dual Internet connections

Attached is latest config, I highlighted the lines which I have added per the instructions in this thread.

The address I used in the ip sla icmp-echo I found by doing a tracert to several outside locations, it is a couple hops upstream from my modem, a public address, and it responds to ping command.

I think we're close. I need to get failover DSL to respond when primary is down AND for the primary to come back online seamlessly when it is restored.

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

Your config looks perfect and it's very similar to a config that I've deployed successfully in other environments.

You mentioned you have a hard time switching back to the primary ISP, so I have a couple of questions:

1) When the track is down, your users are able to access the internet via the DSL connection ?

2) When you want to return back to the primary ISP, is the track back up ?

New Member

Re: Cisco 1811 router dual Internet connections

1) No, can not access Internet over DSL.

2) So far after manually taking FE0 down to test failover to FE1 (DSL), when I plug FE0 back in route does not come back up. I either have reboot router, or remove the route-map and ip route commands that point to FE1.

Did you see other suggestion posted on my issue. Had more to config, including IP SLA 2. Any validity to this?

New Member

Re: Cisco 1811 router dual Internet connections

I'm not sure if your current running configuration is the same as you posted a couple of weeks ago but you should be able to see what is needed for this to work. You will have to implement the following configuration changes based on your last posting of the running config.

Please read the changes carefully as it contains a part that requires input from you (backup ISP device IP address to monitor).

Interesting items to point out so far:

1. Interface Fa1 seems to be administratively shutdown.

2. ip sla 2 is missing entirely from the config.

3. ip sla 1 doesn't specify source interface as Fa0.

4. there is no ACL on interface Fa1 which is going to be needed if it is used as backup interface.

5. there are no NAT statements for when interface Fa1 is going to be used. You can use a DynDNS.org client to update a DNS name to make it easier for you to know what IP address the backup interface is using.

6. you mentioned load balancing outbound web traffic. you will have per destination load balancing outbound if you have fast-switching enabled on the interfaces which i think you already do have.

give this a try and let us know the outcome.

!

access-list 102 permit udp any eq domain any

access-list 102 permit udp host 132.163.4.102 eq ntp any

access-list 102 permit tcp any any eq 1494

access-list 102 permit tcp any any eq 5367

access-list 102 permit tcp any any eq 5366

access-list 102 permit tcp any any eq 5365

access-list 102 permit tcp any any eq 5364

access-list 102 permit tcp any any eq 3389

access-list 102 permit tcp any any eq 5360

access-list 102 permit tcp any any eq 5361

access-list 102 permit tcp any any eq 5362

access-list 102 permit tcp any any eq 443

access-list 102 permit tcp any any eq www

access-list 102 permit tcp any any eq smtp

access-list 102 permit icmp any any echo-reply

access-list 102 permit icmp any any time-exceeded

access-list 102 permit icmp any any unreachable

!

interface FastEthernet1

ip access-group 102 in

no shutdown

!

no ip route 0.0.0.0 0.0.0.0 FastEthernet1 20

!

do clear ip nat trans force

no ip nat inside source list 1 interface FastEthernet0 overload

no ip nat inside source route-map backup-nat interface FastEthernet1 overload oer

no ip nat inside source route-map primary-nat interface FastEthernet0 overload oer

!

ip nat inside source static tcp 10.2.1.4 1494 interface FastEthernet1 1494 extendable

ip nat inside source static tcp 10.2.1.4 3389 interface FastEthernet1 3389 extendable

ip nat inside source static tcp 10.2.1.2 5360 interface FastEthernet1 5360 extendable

ip nat inside source static tcp 10.2.1.3 5361 interface FastEthernet1 5361 extendable

ip nat inside source static tcp 10.2.1.74 5364 interface FastEthernet1 5364 extendable

ip nat inside source static tcp 10.2.1.77 5365 interface FastEthernet1 5365 extendable

ip nat inside source static tcp 10.2.1.78 5366 interface FastEthernet1 5366 extendable

ip nat inside source static tcp 10.2.1.100 5367 interface FastEthernet1 5367 extendable

ip nat inside source static tcp 10.2.1.6 25 interface FastEthernet1 25 extendable

ip nat inside source static tcp 10.2.1.6 80 interface FastEthernet1 80 extendable

ip nat inside source static tcp 10.2.1.6 443 interface FastEthernet1 443 extendable

ip nat inside source static tcp 10.2.1.6 5362 interface FastEthernet1 5362 extendable

!

ip nat inside source list 1 interface FastEthernet1 overload

ip nat inside source list 1 interface FastEthernet0 overload

!

no track 123

!

no track 345

!

no ip sla 1

!

ip sla 1

icmp-echo 216.203.117.81 source-interface FastEthernet0

frequency 5

!

ip sla schedule 1 life forever start-time now

!

ip sla 2

icmp-echo X.X.X.X source-interface FastEthernet1 (needs to be an IP address on backup ISP network)

frequency 5

!

ip sla schedule 2 life forever start-time now

!

track 123 rtr 1 reachability

delay down 10 up 5

!

track 345 rtr 2 reachability

delay down 10 up 5

!

no route-map primary-nat

!

no route-map backup-nat

!

New Member

Re: Cisco 1811 router dual Internet connections

I hope you are still watching this thread. I was pulled away to another project, unannounced. Anyway, I implemented all the changes you recommended and still NO connectivity to Internet through FE1 when FE0 is down. Addressing your concerns specifically:

1) FE1 is now up

2) Added the IP SLA 2 with a known upstream IP address to ping

3) Added source interface to IP SLA 1

4) Added ACL on interface FE1

5) Not clear on this & when I tried to add IP NAT INSIDE SOURCE statements, it errored out, possibly because I did not understand the syntax & use of DynDNS.org

6) How do I verify that fast-switching is enabled?

I have attached 2 configs, my last config BEFORE I added your recommended changes, and the AFTER config with your changes included.

When FE0 is down I still can not get out to Internet. I verified that FE0 is down by manually trying to ping 10.13.2.5 & another upstream host, FE0 definitely down. But while it was down I could not ping 209.181.206.195. That is the next upstream hop from the WAN interface on DSL modem (71.213.237.219). I could ping that WAN interface on DSL modem, but nothing beyond.

When I plug laptop directly into DSL modem, I am able to browse Internet, and successfully ping 209.181.206.195. So, I know that DSL circuit is working. But when that DSL circuit is plugged into Cisco 1811 router, and FE0 is down I get nothing.

It would seem to me that there needs to be some sort of IP ROUTE command identifying FE1 as a viable route to Internet, but you recommended I remove that. For that matter, for load-balancing to work when both FE0 & FE1 are up I would think the IP ROUTE command is needed?

I would truly appreciate if you could look over my configs and see what piece is still missing to make this fail-over DSL circuit work correctly.

THANK YOU

Hall of Fame Super Bronze

Re: Cisco 1811 router dual Internet connections

Sorry, I don't have the hardware nor time to recreate this environment. I'm afraid I've reached the end of the line here.

__

Edison.

New Member

Re: Cisco 1811 router dual Internet connections

Based on the current "after" running configuration these are the necessary commands to run to get the router working as you desire.

!

ip nat inside source static tcp 10.2.1.4 1494 interface FastEthernet1 1494 extendable

ip nat inside source static tcp 10.2.1.4 3389 interface FastEthernet1 3389 extendable

ip nat inside source static tcp 10.2.1.2 5360 interface FastEthernet1 5360 extendable

ip nat inside source static tcp 10.2.1.3 5361 interface FastEthernet1 5361 extendable

ip nat inside source static tcp 10.2.1.74 5364 interface FastEthernet1 5364 extendable

ip nat inside source static tcp 10.2.1.77 5365 interface FastEthernet1 5365 extendable

ip nat inside source static tcp 10.2.1.78 5366 interface FastEthernet1 5366 extendable

ip nat inside source static tcp 10.2.1.100 5367 interface FastEthernet1 5367 extendable

ip nat inside source static tcp 10.2.1.6 25 interface FastEthernet1 25 extendable

ip nat inside source static tcp 10.2.1.6 80 interface FastEthernet1 80 extendable

ip nat inside source static tcp 10.2.1.6 443 interface FastEthernet1 443 extendable

ip nat inside source static tcp 10.2.1.6 5362 interface FastEthernet1 5362 extendable

!

ip nat inside source list 1 interface FastEthernet1 overload

!

no ip route 0.0.0.0 0.0.0.0 216.203.117.81

!

ip route 0.0.0.0 0.0.0.0 216.203.117.81 254

!

Since FE1 is getting an IP address via DHCP the router will obtain a default route via the DHCP process. This default route will have an administrative distance of 254. If you remove the existing default route and reenter it with an administrative distance of 254 then you will end up with two default routes installed in the routing table. This will help you achieve load balancing outbound.

New Member

Re: Cisco 1811 router dual Internet connections

I am getting Invalid input at EXTENDABLE on the ip nat staments. Accepts command up to that point.

Ideas?

New Member

Re: Cisco 1811 router dual Internet connections

run the attached commands please

696
Views
4
Helpful
38
Replies