Cisco 2801 with 2 ISP

petrutz_21 · ‎02-22-2012

Hi all !!

Could someone help me with a simple configuration of a 2801 Router. I have 2 internet providers with static ip's connected to F0/0 and F0/1 and one Vlan for LAN area. I would like to configure the router to use one primary line and just in case to use the back-up line. What should i use ?

This is how i configured:

interface FastEthernet0/0

description ISP1

ip address 192.168.8.10 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

description ISP2

ip address 192.168.2.10 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/3/0

!

interface FastEthernet0/3/1

!

interface FastEthernet0/3/2

!

interface FastEthernet0/3/3

!

interface Vlan1

description $ES_LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip route 0.0.0.0 0.0.0.0 192.168.8.1

ip route 0.0.0.0 0.0.0.0 192.168.2.1 10

!

ip nat inside source route-map ISP2 interface FastEthernet0/1 overload

ip nat inside source route-map ISP1 interface FastEthernet0/0 overload

!

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

route-map ISP2 permit 10

match ip address 100

match interface FastEthernet0/1

!

route-map ISP1 permit 10

match ip address 100

match interface FastEthernet0/0

!

control-plane

Now if detects that it hasn't cable link on the FastEthernet interfaces it's working. I'm using 2 wireless gateways to acces the internet each one connected on the 2 FaEth for simulating the providers. If i simulate an issue on the provider ( i've removed the sim from the wireless gateway) it doesn't pass on the second isp.

I haved trying to configure with "IP Service Level Agreements " for failover / load balancing but the command "ip sla" is incomplete. I can't make an update of the IOS because the customer do not have an Service Contract with Cisco.

There is another way to configure it?

Thanks in advance !

What configuration should i make further ?

paolo bevilacqua · ‎02-22-2012

You can try with an EEM script, but considering you want advanced features, you should have the rightly licensed system to use them.

Gautam Renjen · ‎02-22-2012

Paste output of:

1. "show version"

2. conf t

ip sla ?

3. conf t

rtr ?

petrutz_21 · ‎02-22-2012

1. Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 12.4(16b), RELEASE S
OFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 20-Dec-07 03:43 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

System returned to ROM by power-on
System image file is "flash:c2801-ipbase-mz.124-16b.bin"

Cisco 2801 (revision 7.0) with 114688K/16384K bytes of memory.
Processor board ID FCZ123212X3
6 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

2. ip sla ?- monitor ? - key-chain / responder ...

it doesn't have "operation-number"

3. it doesn't have "rtr" command

ebarticel · ‎02-22-2012

Have you tried adding "ip policy route-map name" to interfaces?

petrutz_21 · ‎02-22-2012

i didn't try ! could you please paste me a small config if you know that it will work ?

cadet alain · ‎02-22-2012

Hi Eugen,

he doesn't want to use PBR he only wants to use IP SLA to detect a failure on the ISP side to track the primary static route.

Toma, can you take a look here: http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html#wp1049823

Regards.

Alain

Don't forget to rate helpful posts.

petrutz_21 · ‎02-23-2012

Hi Alain,

As I told up here in the post the IOS that i have doesn't have all IP SLA options . The ip sla monitor operation-number

command is missing. I've search a lot on the internet and I've read also on that link that you've send it to me but it doesn't help me because of the IOS version that is on the router. I can't make an update of the IOS because the customer do not have an Service Contract with Cisco.

cadet alain · ‎02-23-2012

Hi,

yes indeed then in this case as Paolo stated you can use a EEM script to ping the ISP and according to result flush the primary static route from RIB.

I verified on Cisco feature Navigator and you can do EEM v1.0 with IPBASE.

Regards.

Alain

Don't forget to rate helpful posts.

Brunhuber Adrian · ‎02-23-2012

To track the primary connection you must use IP SLA .
First configure the track to check if the primary ISP is up.

track 10 ip sla 1 reachability

delay down 10 up 10

Configure the object .

ip sla 1

icmp-echo 8.8.8.8 source-ip

threshold 2000

frequency 5

ip sla schedule 1 life forever start-time now

Now , the routes

ip route 0.0.0.0 0.0.0.0 track 10 # this route is up only ip the Sla object is up.
ip route 0.0.0.0 0.0.0.0 254 # if the tracked object is down the first route is removed and this route will be used.

Hope this helps .

petrutz_21 · ‎02-23-2012

Hi,

As I told upper in this post ..the IOS doesn't have IP SLA , IP SLA MONITOR, RTR commands complete.

I must configure something like : sending packets ( ex. icmp packets ) to an ip from the internet ( ex. google 8.8.8.8 ) and if the packets can't be sent than the router to use the backup interface. When receives replies form a specified public ip address on the first interface that should go back to it and have the connection up on the primary interface.

Thanks.

petrutz_21 · ‎02-23-2012

Any other solutions ?

Gautam Renjen · ‎02-23-2012

The only way to know if a connection more than 1 hop away it down, or something at Layer 3 is down, while Layer 2 is still up, it to use SLA / EEM, which isn't supported in ipbase image.

If this customer has multiple routers, then you might want to use another router that has a higher feature set in this location , and swap the devices. Other than that, i highly doubt if someone will come up with a solution that would be manageable and supportable.

petrutz_21 · ‎02-23-2012

it can be made something like a policy rules ?... if the packets can't be send to a specifed ip address that the interface to be shut down and then it will detect a failover .. and it will use the backup interface.

Gautam Renjen · ‎02-24-2012

1. There is no such solution available in the base image to detect this at Layer - 3 or higher. There could be if you used the PPP protocol for example end to end , but if your isp isn't using that, then it won't work.

2. If we shut down interface 1, then how will we ever know that the ISP Service / connection via interface 1 is working fine at a later point in time, so that we can "no shut" it and bring it back up.

What i mean to say is, lets say Fa0/0 is up/up and so is Fa0/1.

The internet connection via Fa0/0 goes down. Interface is up/up. Lets say we have a mechanism to detect it. Say, we shut the interface. Now, how will that mechanism tell us if the connection is back up, when the "test packets" that need to go out of interface Fa0/0 can't go out because it's shut. It's going to be in permanent shut mode unless manually no shut.

For this we actually remove routes pointing to that interface / or change AD etc, but never "shut" it.