Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Dual WAN + PBR + IP SLA works, but there's a problem

I have an 1811, dual WAN.  It's setup to failover properly, based on IP SLA and tracking.  Fixed IP ( with my primary ISP.  I'm pinging my primary ISP's default gateway ( for the tracking object.  This works as expected.  The problem is that when my primary ISP is experiencing heavy traffic, the gateway often stops responding to pings.  The connection is still up, and it still passes traffic.  But since I stop getting a response to the ping, my router things the connection is down, and switches to the backup ISP.

This is undesirable. 

So I tried changing the ping to a different address (e.g.,   I also changed the appropriate access-list (PingISP_A). 

The pings work.   If the primary connection is disabled, the router properly fails over.   However, when the primary connection is reconnected, the pings do not start working again.  I think this is because the route (ip route 10 track 100) is gone from the routing table at this point.   Is there any way to get this working?  Am I going about it the wrong way?


Current config - works (except for the above issue)

interface FastEthernet0

description ISP_A

ip address

interface FastEthernet1

description ISP_B

ip address dhcp

ip dhcp-client default-router distance 20

ip route 10 track 100

ip route dhcp 20

ip local policy route-map LocalPolicy

route-map LocalPolicy permit 10

match ip address PingISP_A

set ip next-hop

set interface Null0

ip access-list extended PingISP_A

permit icmp any host echo

ip sla 111

icmp-echo source-interface FastEthernet0

timeout 1000

threshold 100

frequency 3

ip sla schedule 111 life forever start-time now

track 100 rtr 111 reachability

delay down 30 up 30


Re: Dual WAN + PBR + IP SLA works, but there's a problem


For better IP sla configuration you can use your ISP A router outside ip address as source address for IP SLA configuration.

Moreover, no need to do any ACL,route-map for this.

If the gateway ip is not reachable the the respective routes will be removed from the routing table due to tracking.

To make icmp to be success no need to do any route-map for this and to avoid such a scenario, increase the frequence to bit high and timeout too.

for more info just have a look into this url



Community Member

Re: Dual WAN + PBR + IP SLA works, but there's a problem


Thanks for the reply.   The problem I'm having is that ISPA's gateway will stop replying to pings, but will still pass traffic.  I've seen it stop replying to pings for several minutes at a time, yet I can ping another address on the internet without problem.

Re: Dual WAN + PBR + IP SLA works, but there's a problem


Then this scenario, you can ping the public DNS server from your primary router and make the source interface as your outside ip address/interface.



Community Member

Re: Dual WAN + PBR + IP SLA works, but there's a problem


That's exactly what I tried to do.  But this is what happens:

primary static IP - 69.x.x.100,  gateway 69.x.x.1

ping - success

primary link goes down (legitimately)

ping - no response

track 100 goes from [up] -> [down]

ip route 69.x.x.1 10 track 100     is removed from the routing table (because of track 100)

primary link comes back online

ping - still no response

BUT, ping 69.x.x.1 works.   (works most of the time, except when ISP is under heavy load, which is why I want to use a different address)

It appears that unless IP SLA is pinging something in the same subnet as my gateway, it won't ever "fail back".

Re: Dual WAN + PBR + IP SLA works, but there's a problem


You can set the icmp packet size will bit bit small.By default cisco router takinig the  ping datagram size is 100bytes.

under ip sla config  request-data-size  bytes use this command.hope u wil get success and set 36 bytes as ping datagram size.

I have tested in my network,the ping datagram size we can use from 36 to18024

Protocol [ip]:
Target IP address:
Repeat count [5]:
Datagram size [100]: 32
% A decimal  number between 36 and 18024.
Datagram size [100]: 36
Timeout in seconds  [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape  sequence to abort.
Sending 5, 36-byte ICMP Echos to, timeout is  2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max  = 1/2/4 ms



CreatePlease to create content