Hi, am having trouble trying to setup a 2800 series router as a failover device (please bear in mind that I am fairly new to IOS).
The device has two ADSL modules installed which will be used as a direct connection to the ADSL lines rather than go through a seperate modem.
I am looking for the config so I am able to connect to either connection and should the primary connection fail the secondary connect takes over.
I have been trying to configure this on and off for a while however am struggling even to get the router to successfully connect to the ISP.
The easiest way of configuring a backup connection is to simply define a pair of static default routes, each having a different trustworthiness (we call it Administrative Distance, AD, in Cisco parlance; lower number is better). The route with the better AD will point to the primary ISP and should the connection to the primary ISP fail, this route will be replaced by the other pointint go the backup ISP.
This is the basic simple idea. Your configuration will need to be slightly more sophisticated because you are probably going to perform NAT which has to take the outgoing ISP into account (each ISP is going to assign a different public IP to you so you need to perform NAT accordingly), and also, because the virtual Dialer interface that is going to represent your ADSL session to a particular ISP will not go down even if the ADSL connection is broken, we will probably need to configure an active ping test to verify the connectivity.
Perhaps if you could attach your existing configuration and tell us slightly more about your setup we could come up with a suggestion of how to proceed.
By the way, the topic of this discussion is more relevant to WAN Routing and Switching, not LAN - would you mind transferring this thread to that section? Use the Move discussion link in the Actions box on the top of the page.
thanks for the response ( have moved the thread as well )
my existing configuration is absolute garbage, as this is something I go back to when I have little or no other work to deal with. I understand what you mentioned and is what I am trying to achive though have little reference to work from as everything I find uses external modems as a segway and I have little expierence dealing with routers using IOS, usually deal with switches.
failed to mention that the router will need to act as the DHCP on top of this.
Really something to refer to in the encapsulation of the scenario
Okay, please capture the output of the following commands in your terminal program and post it here as an attachment (the attachment can be added after clicking on the "Use advanced editor" when writing a reply).
I also need to know:
It looks as if ATM0/2/0 is your BT connection and ATM0/3/0 is your other connection (but this one does not seem to be configured). You need to configure ATM03/0 with the details provided by your provider and then create another dialer interface (e.g. dialer2) where you configure your PPP bits and pieces. ATM0/3/0 is associated with this dialer with the "dialer pool" and "dialer group" command.
Then you would configure a second static route something like:
ip route 0.0.0.0 0.0.0.0 dialer2 10
(the 10 at the end gives it a higher admin distance meaning it will only come in to play when dialer1 is down).
You would also need to add another NAT statement along the lines of:
ip nat inside source list 1 interface dialer2 overload
Your current configuration is indeed broken in some places - deactivated routing, deactivated IP CEF, VPDN being enabled... I suggest starting from a completely clean configuration - that is going to make our troubleshooting easier if you don't mind. Issue the erase startup-config command and then reload your router using the reload command (if it asks you to save the current configuration do not allow it to save anything - you would just put back the current wrong configuration).
Please find the attached file. In it, there are commands relative to a clean running-config. They should put your configuration into a basic clean state in which the ADSL connections should come up. Edit the file, replace the capitalized values (passwords, the CHAP logins and passwords) as necessary, and then paste the contents directly to the router in the configure terminal mode - preferably not all at the time, better in parts. I hope I did not make any typo - please be sure to check for any error messages while pasting the file.
After you do this, please again attach the output of the show running-config to see how your configuration looks like, and also include the following command outputs:
show ip route
show ip int brief
show int di1
show int di2
I am getting an error when entering the config on both dialer lines
ppp chap hostname *******@*******.com ppp chap password ********
% Invalid input detected at '^' marker.
is this because the hostnames are email addressess?
No, I don't think the @ sign is making any troubles here - I've seen and configured similar hostname myself quite often. However, are you absolutely sure you have encapsulation ppp already present on the Dialer interfaces? If not, the encapsulation is HDLC, not PPP, and PPP-related commands will be rejected.
One more comment - what you posted is a single line that combines both ppp chap hostname and ppp chap password commands. However, these are two distinct commands and shall be entered each on a separate line:
ppp chap hostname ....@......com
ppp chap password XXXXXX
Are you entering them in this way?
Often asked had you searched before asking.
Firts have that working , then you can move to the redundacy part, that is often asked here as well.
Note IOS is not easy and not apt for beginners, better would be if youse an RV series routers.
I am happy to help the gentleman to get it working even though the topic has been discussed here several times.
Peter Paluch wrote:
I am happy to help the gentleman to get it working even though the topic has been discussed here several times.
No problem, but is worth for anyone to know that the matter is the subject already of many great documents and answers.
No doubt about that.
It's just that we - as people representing the CSC and all its expertise, courtesy and willingness to help others by which it is considered one of the finest voluntary forums around - should not fall back to RTFM kind of answers, though sometimes it really looks like we are. No one is helped by that approach.
If there are documents that already cover the topic being discussed, let's have them quoted, absolutely. But let's not try to stop the discussion entirely just because any of us does not feel comfortable answering it. Lots of other people here have gained their great reputation by answering exactly those little repetitive tidbits we are already tired of responding to, and they have helped others immensely. That's why - and the only why - CSC is here.
Well said Peter - we were all novices once. And we have all known people along our journey who have taken the time and effort to explain complex things to us and we remember and appreciate those people.
Let's continue here so that the indented threading does not limit the available space for answers.
Your current output looks good! According to the output, both your ADSL connections are up and running and they have received an IP address! Congratulations so far!
Please try these pings:
Both of them should be successful - these are the IP addresses of the ISP. If that works, try pinging 188.8.131.52 or 184.108.40.206 - they should be successful as well.
If you can not access internet from your host please double check its IP settings. In fact, I recall we have not configured any DNS server in the DHCP pool on your router, so your PC is probably unable to ping or contact any domain names, but it should be capable of pinging all IP addresses suggested here so far! Can you test this?
If pinging IP addresses from the PC works, just please go to your router's configuration, enter the DHCP pool configuration and add the following line:
This will cause your router to ask the ISP via PPP/IPCP for various IP settings including the addresses of DNS servers, and add them to the DHCP pool dynamically. After you do this, shutdown and reactivate both Dialer interfaces (this is necessary as we need to renegotiate IP settings with your ISP and request DNS server addresses along with it), and then, do ipconfig /release and ipconfig /renew on your PC. Then try pinging valid hostnames from your PC.
Let me know.
will test it out tomorrow morning,
dialer interfaces shutdown/ reactivate is there a renew/ reload option for this is or is it a case of opening up the config for each to force the chances?
You have to specifically enter the Dialer1 and Dialer2 interface configuration and shutdown / no shutdown them. I do not know any command outside the configuration mode that would "cycle" the interfaces.
Right tested it this morning and was able to ping both ISP Gateway addresses and 220.127.116.11 / 18.104.22.168 successfully.
shutdown/ no shudown cycled the dialers and release ip settings of the laptop I was using, was still unable to ping any url or url's ip address though can do so through the router itself (ping IP addresses via console).
At this moment I need to see your complete running-config. Please capture show running-config output and post it here. Remove sensitive information such as passwords but otherwise, keep it intact.
Your configuration is almost correct - it's just that you have inadvertently mixed uppercase and lowercase when editing the DHCP pools. Their names are case sensitive, and you have inadvertently created another DHCP pool.
Simply enter the following commands into your configure terminal mode:
no ip dhcp pool lan1
ip dhcp pool LAN1
Then do the usual ipconfig /release and ipconfig /renew on your PC and try accessing internet again. If this does not work please issue the following command on the PC and post the results here:
tracert -d 22.214.171.124
I am interested to see where the traceroute stops.
Based on your description, I understand that you have two ADSL connections and you need configurations to set-up the PPPOA connections and also would like to have a fail-over functionality between these two WAN connections.
Please find the below set of configurations that can help you set this up,
1. Sample configuration to set-up the PPPOA connection,
a. Configure Ingress (LAN) interface:
Router(config)#interface Gig 0/0 (Any Ethernet/LAN facing port)
Router(config-if)#description internal interface
Router(config-if)#ip address x.x.x.x x.x.x.x
Router(config-if)#ip nat inside
b. Configure Egress(WAN) interface:
Router(config-if)#no ip address
Router(config-if)#no atm ilmi-keepalive
Router(config-if)#dsl operating-mode auto
Router(config)#interface ATM0.1 point-to-point
Router(config-if-atm-vc)# encapsulation aal5mux ppp dialer
Router(config-if-atm-vc)# dialer pool-member 1
c. Configure Dialer interface:
Router(Config)#ip address negotiated
Router(Config)#ip mtu 1492
Router(Config)#ip nat outside
Router(Config)#dialer pool 1
Router(Config)#ppp authentication chap pap callin
Router(Config)#ppp chap hostname xxxxx
Router(Config)#ppp chap password xxxxx
Follow the same steps for the Second ADSL port as well but ensure you create another Dialer interface (Dialer 2) and also ensure to use "dialer pool-member 2" under ATM interface and "dialer pool 2" under the new Dialer 2 interface.
2. NAT configurations for DUAL-WAN set-up:
a. Create an Access-list permitting the LAN subnet intending to access the internet,
access-list extended 101
permit ip 10.10.0.0 0.0.0.255 any (for example 10.10.0.0/24 is considered as LAN subnet).
b. Create Route-maps,
route-map PRIMARY_WAN permit 10
match ip address 101
set interface Dialer 1
route-map SECONDARY_WAN permit 20
match ip address 101
set interface Dialer 2
c. Configure the NAT statement,
ip nat inside source route-map PRIMARY_WAN interface Dialer 1 overload
ip nat inside source route-map SECONDARY_WAN interface Dialer 2 overload
Make sure to add "ip nat inside" and "ip nat outside" on the Ingress and the Egress interfaces respectively.
3. WAN failover functionality (IP SLA),
(config)#ip sla 1
(config-ip-sla)#icmp-echo 126.96.36.199 source-interface Dialer 1
(config)#track 1 ip sla 1 reachability
(config)#ip sla schedule 1 life forever start-time now
Create default route statements and a permanent static route to reach 188.8.131.52,
ip route 0.0.0.0 0.0.0.0 Dialer 1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer 2 100
ip route 184.108.40.206 255.255.255.255 Dialer 1 permanent.
Try these configurations and let me know how it goes
Thank you for joining and for your willingness to help Phil!
I would like to kindly ask you for more observance of what has been accomplished in this thread so far before posting. Notice that we have already created a configuration for connectivity via both ADSL links, so posting another configuration that does not perfectly align with Phil's current configuration can cause confusions. Except for IP SLA which we have not yet implemented as we want first to have well working basic connectivity and only then proceed towards configuring the IP SLA-driven redundancy, Phil's current configuration already contains everything you have suggested.
Going over your suggested configuration, I see commands that pop up in many similar configuration templates and are not entirely correct. You may want to update or remove these commands from your templates:
I think I missed the long history of steps that were suggested here and I just wanted to provide the config Phil was looking to realize the set-up.
Sorry for any inconvenience caused.
I agree with your views on the above 3 commands, but I can assure you those would not cause any harm to the set-up either.