Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multihoming with one router on single ISP

Hi, i'm trying to archieve multihoming with Main link and backup link with the same ISP, I use two Dialers as Interfaces, this is how my ip route looks like today:

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 200.100.88.248 to network 0.0.0.0

     200.100.88.0/32 is subnetted, 1 subnets
C       200.100.88.248 is directly connected, Dialer2
                       is directly connected, Dialer1
     177.189.0.0/32 is subnetted, 2 subnets
C       177.189.209.100 is directly connected, Dialer2
C       177.189.208.28 is directly connected, Dialer1
     192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.0.0/24 is directly connected, Vlan10
C       192.168.0.201/32 is directly connected, Virtual-Access6
S*   0.0.0.0/0 [1/0] via 200.100.88.248

 

My config today is:

 

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco3825
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 xxxx
enable password xxxx
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network PPTP local
!
aaa session-id common
!
resource policy
!
no ip dhcp use vrf connected
!
ip dhcp pool LAN
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 192.168.0.1 8.8.8.8 8.8.4.4
   default-router 192.168.0.1
!

!
ip cef
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
vpdn enable
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxx privilege 15 secret 5 XXXX
username xxx privilege 15 password XXX
!
!
track 100 rtr 100 reachability
 delay down 10 up 20
!
track 101 rtr 101 reachability
 delay down 10 up 20
!

class-map type inspect match-any VPN-traffic
 match access-group 1
!
!
policy-map type inspect ccp-pol-outToIn
 class type inspect VPN-traffic
  inspect
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 description Facing the ISP (the WAN)
 no ip address
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 media-type rj45
 pppoe enable group 1
 pppoe-client dial-pool-number 1
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/1
 description Facing the 2nd ISP (the WAN2)
 no ip address
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 media-type rj45
 pppoe enable group 2
 pppoe-client dial-pool-number 2
 no cdp enable
 no mop enabled

!
interface FastEthernet0/2/0
 switchport access vlan 10
!
interface FastEthernet0/2/1
 switchport access vlan 10
!
interface FastEthernet0/2/2
 switchport access vlan 10
!
interface FastEthernet0/2/3
 switchport access vlan 10
!
interface Integrated-Service-Engine1/0
 no ip address
 shutdown
 no keepalive
!
interface Virtual-Template1
 ip unnumbered Vlan10
 ip nat inside
 ip virtual-reassembly
 peer default ip address pool vpn_pool
 ppp encrypt mppe auto required
 ppp authentication ms-chap
 ppp ipcp dns 192.168.0.1 8.8.8.8
 ppp timeout retry 10
!
interface Vlan1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip virtual-reassembly
 ip route-cache flow
!
interface Vlan10
 description Office network
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!

interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxx@xx.com
 ppp chap password 0 xxxx
 ppp pap sent-username xxx@xx.com password 0 xxxx
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
!
interface Dialer2
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 dialer-group 2
 ppp authentication chap pap callin
 ppp chap hostname xxx@xxx.com
 ppp chap password 0 xxx
 ppp pap sent-username xxx@xxx.com password 0 xxxx
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
!
!
ip local policy route-map LocalPolicy
ip local pool vpn_pool 192.168.0.200 192.168.0.210
ip route 0.0.0.0 0.0.0.0 Dialer1 track 100
ip route 0.0.0.0 0.0.0.0 Dialer2 10 track 101
ip route 0.0.0.0 0.0.0.0 Dialer1 250
ip route 0.0.0.0 0.0.0.0 Dialer2 251

!
!
ip http server
no ip http secure-server
ip dns server
ip nat inside source route-map DYN_NAT interface Dialer1 overload
ip nat inside source route-map FAILOVER_NAT interface Dialer2 overload
!
ip access-list extended PingISP_A
 permit icmp host 177.189.208.28 host 8.8.8.8
ip access-list extended PingISP_B
 permit icmp host 177.189.209.100 host 8.8.8.8
!
ip sla 100
 icmp-echo 8.8.8.8 source-interface Dialer1
 timeout 700
 frequency 3
ip sla schedule 100 life forever start-time now
ip sla 101
 icmp-echo 8.8.8.8 source-interface Dialer2
 timeout 700
 frequency 3
ip sla schedule 101 life forever start-time now
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
!
!
!
route-map FAILOVER_NAT permit 10
 match ip address 2
 match interface Dialer2
!
route-map DYN_NAT permit 10
 match ip address 1
 match interface Dialer1
!
route-map LocalPolicy permit 10
 match ip address PingISP_A
 set interface Dialer1
 set ip next-hop 200.100.88.248
!
route-map LocalPolicy permit 20
 match ip address PingISP_B
 set interface Dialer2
 set ip next-hop 200.100.88.248
!

!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line 66
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
 password xxxx
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
!
end

 

 

Before I connected the second dialer cable, the Dialer 1 was working, but now,Dialer 1 can not ping 8.8.8.8, take a look:

 

cisco3825#show track
Track 100
  Response Time Reporter 100 reachability
  Reachability is Down
    2 changes, last change 17:07:50
  Delay up 20 secs, down 10 secs
  Latest operation return code: Timeout
  Tracked by:
    STATIC-IP-ROUTING 0
Track 101
  Response Time Reporter 101 reachability
  Reachability is Up
    29 changes, last change 02:19:42
  Delay up 20 secs, down 10 secs
  Latest operation return code: OK
  Latest RTT (millisecs) 128
  Tracked by:
    STATIC-IP-ROUTING 0

 

cisco3825#show ip sla statistics

 
Round Trip Time (RTT) for Index 100
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *17:51:15.883 UTC Tue Oct 7 2014
Latest operation return code: Timeout
Number of successes: 0
Number of failures: 181
Operation time to live: Forever
 
 
 
Round Trip Time (RTT) for Index 101
Latest RTT: 127 milliseconds
Latest operation start time: *17:51:15.883 UTC Tue Oct 7 2014
Latest operation return code: OK
Number of successes: 180
Number of failures: 1
Operation time to live: Forever

 

Maybe its because they have same "next hop"? Can some 1 help? I'm trying to archieve Main Link (Dialer 1) and backup failover link (Dialer 2)

 

thanks! 

Everyone's tags (1)
217
Views
0
Helpful
0
Replies