Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5235
Views
0
Helpful
17
Replies

Cisco 891 Fail over Configuration

Go to solution
andyspranata
Level 1
Level 1

‎02-03-2012 09:47 PM - edited ‎03-04-2019 03:08 PM

Cisco 891 configuration Details:

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname XXXXX

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200

logging console critical

enable secret 5 YYYYYYYYYYYYYYYYYYYYYYYYYY

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

!

!

!

aaa session-id common

!

!

!

no ip source-route

!

!

!

ip dhcp pool ccp-pool1

   import all

   network 10.153.64.0 255.255.255.128

   default-router 10.153.64.1

   dns-server 8.8.8.8

   lease infinite

!

!

ip cef

no ip bootp server

ip domain name VVVVVVVVVVVV

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip name-server 10.153.65.1

ip name-server 10.153.66.1

ip inspect tcp reassembly queue length 128

no ipv6 cef

!

!

!

!

!

track 1 ip sla 1 reachability

delay down 9 up 10

!

track 2 ip sla 2 reachability

delay down 9 up 10

!

!


interface FastEthernet8

description $ETH-WAN$$FW_OUTSIDE$

ip address 10.153.66.5 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface GigabitEthernet0

description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$

ip address 10.153.65.5 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface Vlan1

description LAN Connection$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$

ip address 10.153.64.1 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

!

interface Async1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation slip

!

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source route-map A interface FastEthernet8 overload

ip nat inside source route-map B interface GigabitEthernet0 overload

ip route 0.0.0.0 0.0.0.0 10.153.65.1 track 1

ip route 0.0.0.0 0.0.0.0 10.153.66.1 100 track 2

!

ip sla 1

icmp-echo 10.153.65.1 source-interface GigabitEthernet0

threshold 2

frequency 5

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 10.153.66.1 source-interface FastEthernet8

frequency 5

ip sla schedule 2 life forever start-time now

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.153.64.0 0.0.0.127

access-list 10 permit 10.153.64.0

access-list 110 permit ip 10.153.64.0 0.0.0.127 any

no cdp run

!

!

!

!

route-map A permit 10

match ip address 110

match interface GigabitEthernet0

!

route-map B permit 10

match ip address 110

match interface FastEthernet8

!


I could connect to the Gigabitethernet wan, based on above configuration.

When I test on FastEthernet8 for the secondary ISP connection it will not go through the internet.

The Ping details

ping from (10.153.65.5) to 8.8.8.8 = OK

ping from (10.153.66.5) to 10.153.66.1 = OK

ping from (10.153.66.5) to 8.8.8.8 = not OK

PLease advice?

Labels:
0 Helpful
17 Replies 17

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to andyspranata

‎02-04-2012 12:01 AM

Hi Andy,

        Yes you can.

Edit: Your configuration looks fine to me. It's Active/Standby.

You can use PBR to redirect a host to WAN(FastEthernet)

!

ip access-list ext Redirect-Host

permit ip host 10.153.64.61 any

!

route-map GoToFastEthernet permit 10

match ip address Redirect-Host

set ip next-hop 10.153.66.1

!

int vlan 1

ip policy route-map GoToFastEthernet

!

HTH,

Toshi

0 Helpful

Go to solution
andyspranata
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎02-04-2012 12:20 AM

Hello Thotsaphon Lueangwattanaphong,

You are a genius.

I should take the CCNA course soon to become like you.

Thank you very much.

Andy

0 Helpful

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to andyspranata

‎02-04-2012 12:25 AM

Andy,

      Go get it

I'm glad that I could help

Toshi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card