Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Manual Failover to 2 separate Internet services using 1 L3 port

Hi everyone,

 

I have a customer insisting on a manual failover (2 internet links) using a Cisco 1941 using only 1 WAN port, ie Gigabit Ethernet 0/1 (GE0/0 = LAN)

Before he purchases an extra EHWIC for the 1941 to give him another L3 port he wants to manually take the Ethernet cable out of the primary NTD/NTU (fiber/Ethernet link) and plug the gig0/1 into the secondary NTU/NTD from the 2nd ISP.

When he purchases extra EHWIC for 1941 I will failover using standard IP SLA way but for now, I don't think using a ip address xxxx secondary command on Gig0/1 and a second default route using a higher metric will be enough

 

Is this possible and how?

if

Primary ISP WAN IP = 111.111.111.111 / Default gateway = 111.111.111.112   /30

Secondary ISP WAN IP = 222.222.222.222 / Default GW = 222.222.222.223     /30

 

GigabitEthernet0/1

ip address 111.111.111.111 255.255.255.252

ip nat outside

 

GigabitEthernet0/0

ip address 10.10.10.1 255.255.255.0

ip nat inside

 

ip nat inside source list 22 interface gigabitethernet0/1 overload

access-list 22 permit 10.10.10.0 0.0.0.255

 

ip route 0.0.0.0 0.0.0.0 111.111.111.112

 

Using this basic NAT/PAT config , how can I have it so he take out connection 1 and plugs in connection 2 (ie 222.222.222.222) and everything keeps on working.

 

Is this kind of lazy method even feasible?

 

Please help, I am completely stuck for ideas.

 

 

 

 

Everyone's tags (1)
2 REPLIES

Hello.It's possible.Please

Hello.

It's possible.

Please read http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example first.

 

Here is an example for your case:

int G0/1
 ip add 192.168.131.3 255.255.255.0
 
ip add 192.168.132.3 255.255.255.0 secondary
 ip nat outside

!ISP1 - 192.168.131.1; my address 192.168.131.3
!ISP2 - 192.168.132.1; my address 192.168.132.3

 

!configure your SLAs (really up to you what destinations are); make sure you use correct source-ip

ip sla 1
 icmp-echo 8.8.8.8 source-ip 192.168.131.3
 timeout 200
 threshold 150
 frequency 10

ip sla 2
 icmp-echo 8.8.8.8 source-ip 192.168.132.3
 timeout 200
 threshold 150
 frequency 10

ip access-list extended SLA1
 permit icmp host 192.168.131.3 host 8.8.8.8 echo
ip access-list extended SLA2
 permit icmp host 192.168.132.3 host 8.8.8.8 echo

route-map LOCAL_SLA permit 10
 match ip address SLA1
 set ip next-hop 192.168.131.1
 !set interface G0/1 Null0 !might be useful, but not mandatory

route-map LOCAL_SLA permit 20
 match ip address SLA2
 set ip next-hop 192.168.132.1
 !set interface G0/1 Null0 !might be useful, but not mandatory

ip local policy route-map LOCAL_SLA

ip sla group schedule 1 1-2 schedule-period 10 start-time now life forever

track 1 rtr 1 reachability
 delay down 1 up 1
track 2 rtr 2 reachability
 delay down 1 up 1


! Backup route with AD=10
 ip route 0.0.0.0 0.0.0.0 192.168.131.1 track 1
 ip route 0.0.0.0 0.0.0.0 192.168.132.1 10 track 2

!What traffic is subject to NAT
ip access-list extended NAT_ALL
 deny   ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
 permit ip 10.0.0.0 0.255.255.255 any

!Define our next-hops for NAT route-map
access-list 1 permit 192.168.131.1
access-list 2 permit 192.168.132.1

route-map NAT1 permit 10
 match ip address NAT_ALL
 match ip next-hop 1

route-map NAT2 permit 10
 match ip address NAT_ALL
 match ip next-hop 2


!define pool for PAT
ip nat pool POOL10 192.168.131.3 192.168.131.3 netmask 255.255.255.0
ip nat pool POOL20 192.168.132.3 192.168.132.3 netmask 255.255.255.0

!configure PAT
ip nat inside source route-map NAT1 pool POOL10 overload
ip nat inside source route-map NAT2 pool POOL20 overload

You also may use PBR on NAT inside interface to load balance in case when both ISPs are up.

Best regards.

Community Member

Thanks for the quick feedback

Thanks for the quick feedback! I was thinking along those line but unsure if the Secondary IP address on Gig0/1 was a valid option.

 

I will try this shortly

65
Views
0
Helpful
2
Replies
CreatePlease to create content