Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dual isp failover issues with cisco 881

I am trying to use dual isp's connections on CISCO 881 by using static route track. I have problem that I can't ping, telnet secondary router IP from WAN(public address,able to ping from router console). This is the reason that secondary connection is not doing fail over when primary fail. SLA all commands are ok and working fine. Its look like issue with nating. only primary route is active and I can ping and telnet from WAN. I want a solution that both addresses are ping able, telnet from WAN, with failover.

Configuration file:

ip dhcp pool phones
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 135.196.0.6 xx.196.0.xx 8.8.8.8

interface FastEthernet 3

switchport access vlan 3

int fastethernet 2

switchport access vlan 2

interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto

interface Vlan1

no shutdown
description "TO LAN"
ip address 192.168.1.254 255.255.255.0
ip nat inside

interface Vlan2

no shut
description "UPLINK TO secondary isp"
ip address 217.33.177.xxx 255.255.255.0
ip nat outside

interface Vlan3

no shutdown
description "UP LINK TO primary isp"
ip address 212.2.29.yyy 255.255.255.248
ip nat outside

ip nat inside source list 100 interface Vlan3 overload

ip nat inside source list 101 interface vlan 2 overload

access-list 100 permit ip any any

access-list 101 permit ip any any 

ip route 0.0.0.0 0.0.0.0 212.2.29.yyy track 1
ip route 0.0.0.0 0.0.0.0 217.33.177.xx 10

ip sla 1
icmp-echo 212.2.29.yyy source-interface Vlan3
frequency 5
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

5 REPLIES
VIP Purple

Yep, it is a NAT issue.  You

Yep, it is a NAT issue.  You need something more like:

ip nat inside source route-map NAT-VLAN2 interface vlan2 overload
ip nat inside source route-map NAT-VLAN3 interface vlan3 overload

access-list 100 permit ip any any

route-map NAT-VLAN2 permit 10
match ip address 100
match interface VLAN2

route-map NAT-VLAN3 permit 10
match ip address 100
match interface VLAN3
New Member

thanks philips for reply,

thanks philips for reply,

Main issue how to do routing among vlans created on switch module. I have two vlans, which dont ping each other when i connect through ethernet cable to vlan1. IP ROUTING, command I cant see running configuration while this is accepted by router. Secondary ISP public IP address don,t let me ping/telnet from Internet while I am able to ping/telnet primary isp public ip. thanks

VIP Purple

Please post an updated

Please post an updated configuration.

New Member

thanks philips,

thanks philips,

your suggestion perfectly worked. I have few other issues where phones not registering with PBX using secondary ISP. But just for information, secondary ISP address will not be ping/telnet, till primary goes down. When primary ISP link goes down then I am able to ping/telnet secondary ISP address. When primary link comes up again, if telnet through secondary, router will disconnect and need to telnet again through primary address. thanks for your help. 

VIP Purple

It would be great if you

It would be great if you could mark and rate helpful posts.  :-)

134
Views
15
Helpful
5
Replies