Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 891 Fail over Configuration

Cisco 891 configuration Details:

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname XXXXX

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200

logging console critical

enable secret 5 YYYYYYYYYYYYYYYYYYYYYYYYYY

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

!

!

!

aaa session-id common

!

!

!

no ip source-route

!

!

!

ip dhcp pool ccp-pool1

   import all

   network 10.153.64.0 255.255.255.128

   default-router 10.153.64.1

   dns-server 8.8.8.8

   lease infinite

!

!

ip cef

no ip bootp server

ip domain name VVVVVVVVVVVV

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip name-server 10.153.65.1

ip name-server 10.153.66.1

ip inspect tcp reassembly queue length 128

no ipv6 cef

!

!

!

!

!

track 1 ip sla 1 reachability

delay down 9 up 10

!

track 2 ip sla 2 reachability

delay down 9 up 10

!

!


interface FastEthernet8

description $ETH-WAN$$FW_OUTSIDE$

ip address 10.153.66.5 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface GigabitEthernet0

description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$

ip address 10.153.65.5 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface Vlan1

description LAN Connection$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$

ip address 10.153.64.1 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

!

interface Async1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation slip

!

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source route-map A interface FastEthernet8 overload

ip nat inside source route-map B interface GigabitEthernet0 overload

ip route 0.0.0.0 0.0.0.0 10.153.65.1 track 1

ip route 0.0.0.0 0.0.0.0 10.153.66.1 100 track 2

!

ip sla 1

icmp-echo 10.153.65.1 source-interface GigabitEthernet0

threshold 2

frequency 5

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 10.153.66.1 source-interface FastEthernet8

frequency 5

ip sla schedule 2 life forever start-time now

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.153.64.0 0.0.0.127

access-list 10 permit 10.153.64.0

access-list 110 permit ip 10.153.64.0 0.0.0.127 any

no cdp run

!

!

!

!

route-map A permit 10

match ip address 110

match interface GigabitEthernet0

!

route-map B permit 10

match ip address 110

match interface FastEthernet8

!


I could connect to the Gigabitethernet wan, based on above configuration.

When I test on FastEthernet8 for the secondary ISP connection it will not go through the internet.

The Ping details

ping from (10.153.65.5) to 8.8.8.8 = OK

ping from (10.153.66.5) to 10.153.66.1 = OK

ping from (10.153.66.5) to 8.8.8.8 = not OK

PLease advice?

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Cisco 891 Fail over Configuration

Hello,

     Well, you're trying to "ping" from WAN (10.153.66.5). You need to enable another default route for that . Just shut down "Gigabit 0" for testing.

     Don't forget you're using "Track" to install a default route once at a time

HTH,

Toshi

Cisco 891 Fail over Configuration

Hello,

    Frist off, you need to make sure that which WAN interface you're using to get the outside. "Show ip route" will reveal you that. You can shut down Gigabit0 for testing.

HTH,

Toshi

Re: Cisco 891 Fail over Configuration

Hi Andy,

        Yes you can.

Edit: Your configuration looks fine to me. It's Active/Standby.

You can use PBR to redirect a host to WAN(FastEthernet)

!

ip access-list ext Redirect-Host

permit ip host 10.153.64.61 any

!

route-map GoToFastEthernet permit 10

match ip address Redirect-Host

set ip next-hop 10.153.66.1

!

int vlan 1

ip policy route-map GoToFastEthernet

!

HTH,

Toshi

17 REPLIES
Bronze

Cisco 891 Fail over Configuration

You have missmatched route map to FastEhternet8 interface

      ip nat inside source route-map A interface FastEthernet8 overload

route-map B permit 10

match ip address 110

match interface FastEthernet8

Hope this helps

Eugen

New Member

Cisco 891 Fail over Configuration

sorry, that was a mistake when I copy paste the configuration

ip nat inside source route-map A interface FastEthernet8 overload

ip nat inside source route-map B interface GigabitEthernet0 overload

route-map B permit 10

match ip address 110

match interface GigabitEthernet0

!

route-map A permit 10

match ip address 110

match interface FastEthernet8

Bronze

Re: Cisco 891 Fail over Configuration

Did you try to change FastEthernet8 with the IP address for the interface in the nat statement?

Also both map statement are using the same acl 110. I see that you have and acl 1 configured.

Did you try to change one of map to use acl 1?

New Member

Re: Cisco 891 Fail over Configuration

ip nat inside source route-map A interface FastEthernet8 overload

to

ip nat inside source route-map A interface 10.153.66.5 overload

is that correct?

Changed the route-map configuration to:

route-map B permit 10

match ip address 110

match interface GigabitEthernet0

!

route-map A permit 10

match ip address 1

match interface FastEthernet8

Bronze

Cisco 891 Fail over Configuration

Don't need the "interface", just ip address

ip nat  inside source route-map A  10.153.66.5 overload

New Member

Re: Cisco 891 Fail over Configuration

I tried it  and it give me a wrong syntax warning

    % invalid input detected

     ip nat  inside source route-map A  10.153.66.5 overload

                                                           ^

Bronze

Re: Cisco 891 Fail over Configuration

You need a space between "route-map" and "A".

Also you have two default routes, but the one out Fa8 has a 100 AD. maybe if you remove that value it will use it

ip route 0.0.0.0 0.0.0.0 10.x.x.x 100 track 2

change to

ip route 0.0.0.0 0.0.0.0 10.x.x.x track 2

Re: Cisco 891 Fail over Configuration

Helllo,

    Try this out.

!

ip nat inside source route-map B interface FastEthernet8 overload

ip nat inside source route-map A interface GigabitEthernet0 overload

!

route-map A permit 10

match ip address 110

match interface GigabitEthernet0

!

route-map B permit 10

match ip address 110

match interface FastEthernet8

!

Edit:  Well, you're trying to "ping" from WAN(10.153.66.5). You need to enable another default route for that . Just shut down "Gigabit 0" for testing.

HTH,

Toshi

New Member

Re: Cisco 891 Fail over Configuration

HI ,

It was a wrong copy-paste configuration: the right one is:

ip nat inside source route-map A interface FastEthernet8 overload

ip nat inside source route-map B interface GigabitEthernet0 overload

route-map B permit 10

match ip address 110

match interface GigabitEthernet0

!

route-map A permit 10

match ip address 110

match interface FastEthernet8

Re: Cisco 891 Fail over Configuration

Hello,

     Well, you're trying to "ping" from WAN (10.153.66.5). You need to enable another default route for that . Just shut down "Gigabit 0" for testing.

     Don't forget you're using "Track" to install a default route once at a time

HTH,

Toshi

New Member

Re: Cisco 891 Fail over Configuration

Thanks Man,

You are correct - I just tried it and it is working

The failover configuration

Thanks to you.

Best regards,

Andy

New Member

Re: Cisco 891 Fail over Configuration

Please find below the ping details

#ping

Protocol [ip]:

Target IP address: 8.8.8.8

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: FastEthernet8

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 10.153.66.5

.....

Success rate is 0 percent (0/5)

Please give the details to enable default route?

is this what you mean:

ip route 0.0.0.0 0.0.0.0 10.153.65.1 track 1

ip route 0.0.0.0 0.0.0.0 10.153.66.1 100 track 2

Cisco 891 Fail over Configuration

Hello,

    Frist off, you need to make sure that which WAN interface you're using to get the outside. "Show ip route" will reveal you that. You can shut down Gigabit0 for testing.

HTH,

Toshi

New Member

Re: Cisco 891 Fail over Configuration

Hi,

I have test it - and it is working.

So the FastEthernet8 will not active  when GigabitEthernert0 is active.

is there a way to make sure that both of them active but

GigabitEthernert0 as the primary.

because I would like to configure 1 ip - 10.153.64.61 to route directly to 10.153.66.5

Best regards

Andy

Re: Cisco 891 Fail over Configuration

Hi Andy,

        Yes you can.

Edit: Your configuration looks fine to me. It's Active/Standby.

You can use PBR to redirect a host to WAN(FastEthernet)

!

ip access-list ext Redirect-Host

permit ip host 10.153.64.61 any

!

route-map GoToFastEthernet permit 10

match ip address Redirect-Host

set ip next-hop 10.153.66.1

!

int vlan 1

ip policy route-map GoToFastEthernet

!

HTH,

Toshi

New Member

Re: Cisco 891 Fail over Configuration

Hello Thotsaphon Lueangwattanaphong,

You are a genius.

I should take the CCNA course soon to become like you.

Thank you very much.

Andy

Cisco 891 Fail over Configuration

Andy,

      Go get it

I'm glad that I could help

Toshi

2862
Views
0
Helpful
17
Replies