07-23-2012 05:54 AM - edited 03-04-2019 05:02 PM
I have two ISP, the main on Dialer0 and the backup on Fa0/1,
I have setup an ip sla on the ADSL link to check if he's up
or not and then fallback on the second provider link (fa0/1).
Everything works well when the ADSL is down (when the nat goes
through the backup link) but as soon as the ADSL is ok the
NAT doesn't want to work. I've tried to nat overload on BVI1
or on Dialer0 (where I use to do when there were no bridge)
it makes no differences
I've already done a lot of theses setups with two isp and it
works well but without the bridge (and I realy need it here)
Thank you !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
FastEthernet0/0 : LAN (nat inside) - Here I plug my laptop with ip 10.0.0.2/24
FastEthernet0/1 : Backup WAN (nat outside)
Dialer0 : Main WAN (nat outside)
FastEthernet0/1/0 - 3 : WAN Bridge Dialer0
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
boot-start-marker
boot system flash c2800nm-adventerprisek9-mz.124-25e.bin
boot-end-marker
!
ip cef
!
ip sla monitor 1
type pathEcho protocol ipIcmpEcho 8.8.4.4
timeout 1000
threshold 3
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type pathEcho protocol ipIcmpEcho 109.159.248.158
timeout 1000
frequency 3
ip sla monitor schedule 2 life forever start-time now
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 101 list boolean or
object 1
object 2
!
bridge irb
!
interface FastEthernet0/0
description LAN /w NAT inet and failover
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Demon's network 193.195.220.x
ip address 193.195.220.236 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/2/0
switchport access vlan 2
!
interface FastEthernet0/2/1
switchport access vlan 2
!
interface FastEthernet0/2/2
switchport access vlan 2
!
interface FastEthernet0/2/3
switchport access vlan 2
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Vlan1
no ip address
!
interface Vlan2
description BT's network 217.36.70.x
no ip address
no ip unreachables
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
ip unnumbered BVI1
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXX
ppp chap password 7 XXXXXXXXXX
ppp pap sent-username XXXXXXXXX password 7 XXXXXXXXXX
!
interface BVI1
description BT's network 217.36.70.x
ip address 217.36.70.157 255.255.255.248
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 track 101
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250
ip route 8.8.4.4 255.255.255.255 Dialer0
ip route 109.159.248.158 255.255.255.255 Dialer0
!
!
ip nat inside source route-map isp1 interface BVI1 overload
ip nat inside source route-map isp2 interface FastEthernet0/1 overload
!
ip access-list extended LAN_RANGE
permit ip 10.0.0.0 0.0.0.255 any
!
route-map isp2 permit 10
match ip address LAN_RANGE
match interface FastEthernet0/1
!
route-map isp1 permit 10
match ip address LAN_RANGE
match interface BVI1
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
end
Solved! Go to Solution.
07-27-2012 10:30 AM
07-23-2012 06:05 AM
And what port uses vlan 1 ? None in you config.
Furthmore ip nat outside must be under dialer0, not BVI1. Also, mss-adjust is not needed there.
07-23-2012 06:09 AM
Thank you for your response Paolo. Yes, no ports use vlan1, is this a problem ?
I'll try to drop the mss-adjust to see. But even with the following setup it doesn't work
interface Dialer0
ip nat inside
!
ip nat inside source route-map isp1 interface dialer0 overload
ip nat inside source route-map isp2 interface FastEthernet0/1 overload
!
route-map isp1 permit 10
match ip address LAN_RANGE
match interface Dialer0
Any idea ?
PS: Tthe problem is only with the NAT because I can ping the world from the router with the ADSL link. It just doesn't work from the LAN.
Message was edited by: Adrien Pujol
07-23-2012 06:25 AM
I see now that vlan2 is in bridge group 1, so that is OK. Anyway, the ip nat comment in my previous post still apply.
And alos, it's unlikey that you can assing an arbitraty address to dialer, should be ip address negotiated.
Please refraing from leaving half-scale ratings to posts made with the will to to help when the issue has just begun being worked on.
07-23-2012 06:50 AM
Sorry for the rating, it was a miss-click on the page, I've tried to remove/change it but there's no way, really sorry .
The dialer have the IP address of the BVI. It's a fixed IP address from the subnet of my ISP.
I've made all the changes you've say but it still doesn't work, any idea ? I've really no idea remaining..
Here is the updated config:
version 12.4
!
ip cef
!
((( here I've stripped ok track config )))
!
bridge irb
!
interface FastEthernet0/0
description LAN /w NAT inet and failover
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Demon's network 193.195.220.x
ip address 193.195.220.236 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/2/0
switchport access vlan 2
!
interface FastEthernet0/2/1
switchport access vlan 2
!
interface FastEthernet0/2/2
switchport access vlan 2
!
interface FastEthernet0/2/3
switchport access vlan 2
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Vlan1
no ip address
!
interface Vlan2
description BT's network 217.36.70.x
no ip address
no ip unreachables
bridge-group 1
!
interface Dialer0
ip unnumbered BVI1
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXX
ppp chap password 7 XXXXXXXXXX
ppp pap sent-username XXXXXXXXXX password 7 XXXXXXXXXX
!
interface BVI1
description BT's network 217.36.70.x
ip address 217.36.70.157 255.255.255.248
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 track 101
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250
ip route 8.8.4.4 255.255.255.255 Dialer0
ip route 109.159.248.158 255.255.255.255 Dialer0
!
ip nat inside source route-map isp1 interface Dialer0 overload
ip nat inside source route-map isp2 interface FastEthernet0/1 overload
!
ip access-list extended LAN_RANGE
permit ip 10.0.0.0 0.0.0.255 any
!
route-map isp2 permit 10
match ip address LAN_RANGE
match interface FastEthernet0/1
!
route-map isp1 permit 10
match ip address LAN_RANGE
match interface Dialer0
!
bridge 1 protocol ieee
bridge 1 route ip
!
end
Again, thank you for your help and sorry for the rating.
07-23-2012 07:14 AM
The thing is that dialer0 is not referenced anywhere. It should be under vlan 2.
Also you have to check if the connction and address to 'main wan' d is PPPoE or bridge. It can't be both.
07-23-2012 07:51 AM
I don't know how to add a dialer to a vlan, so I've tried to add bridge-group 1 to the ATM interface as vlan 2 is member of the bridge group.. But it doesn't work. Is there other way to do that ?
The main wan works, I can ping the world through it. It's just the NAT who doesn't work.
Thank you of keep trying helping me and my weird thing
07-23-2012 07:59 AM
Can you send "show ip int brief"
07-23-2012 08:09 AM
#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.0.0.1 YES NVRAM up up
FastEthernet0/1 193.195.220.236 YES NVRAM up down
FastEthernet0/2/0 unassigned YES unset up down
FastEthernet0/2/1 unassigned YES unset up down
FastEthernet0/2/2 unassigned YES unset up down
FastEthernet0/2/3 unassigned YES unset up down
ATM0/1/0 unassigned YES NVRAM down down
ATM0/1/0.1 unassigned YES unset down down
Vlan1 unassigned YES NVRAM up down
Vlan2 unassigned YES NVRAM up down
NVI0 unassigned NO unset up up
BVI1 217.36.70.157 YES manual up up
Virtual-Access1 unassigned YES unset up up
Dialer0 217.36.70.157 YES TFTP up up
07-23-2012 08:15 AM
I think the router is confused having the same address on two interfaces. Also note virtual access interface dos not receive an address.
If your "main wan" connection is PPP, coinfigure pppoe-client under vlan interface.
If it is regular ethernet, configure ip address unde vlan interface.
But not the two things at the same time, and you don't need BVI at all.
07-23-2012 08:34 AM
But I do need to have the public range of my ISP bridged on the WIC card plugged in (HWIC-4ESW). I'll plug some devices on it as soon as it work !
This is actually part of my question. I know how to configure a router in failover with two "classic" interfaces, I need help for the NAT on a bridged interface.
If anyone have a suggestion... Thanks.
07-23-2012 08:38 AM
That is fine, you don't need to configure bridging, as you have a switch module that does everything, just assing an address on the vlan interface.
You created VLAN 2, but that is not needed, you can use the default of VLAN 1
07-23-2012 09:12 AM
Ok, I think I see where you want to go now. But I didn't know we can do that and I still can't make it work.
Thank you a lot. If it work, let me buy you a beer
I need to change the route on vlan 1, do I ?
Here is the new *lighter* config...
ip cef
!
interface FastEthernet0/0
description LAN /w NAT inet and failover
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description Demon's network 193.195.220.x
ip address 193.195.220.236 255.255.255.240
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/2/0
!
interface FastEthernet0/2/1
!
interface FastEthernet0/2/2
!
interface FastEthernet0/2/3
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
ip route-cache flow
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Vlan1
description BT's network 217.36.70.x
ip address 217.36.70.157 255.255.255.248
!
interface Dialer0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxxx
ppp pap sent-username xxxxx password 7 xxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 track 101
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 193.195.220.225 250
ip route 8.8.4.4 255.255.255.255 Dialer0
ip route 109.159.248.158 255.255.255.255 Dialer0
!
!
ip nat inside source route-map isp1 interface Dialer0 overload
ip nat inside source route-map isp2 interface FastEthernet0/1 overload
!
ip access-list extended LAN_RANGE
permit ip 10.0.0.0 0.0.0.255 any
!
route-map isp2 permit 10
match ip address LAN_RANGE
match interface FastEthernet0/1
!
route-map isp1 permit 10
match ip address LAN_RANGE
match interface Dialer0
----------------------------------------------------------------
#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.0.0.1 YES NVRAM up up
FastEthernet0/2/0 unassigned YES unset up down
FastEthernet0/2/1 unassigned YES unset up down
FastEthernet0/2/2 unassigned YES unset up down
FastEthernet0/2/3 unassigned YES unset up up
ATM0/1/0 unassigned YES NVRAM up up
ATM0/1/0.1 unassigned YES unset up up
Vlan1 217.36.70.157 YES manual up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up down
Dialer0 unassigned YES TFTP up up
07-23-2012 12:06 PM
You should be able to ping default gateway as given to you by ISP.
If you don't, take a step back, can you post the connections detail as given to you by ISP ?
07-24-2012 01:01 AM
I can ping the web through the DSL, yes. Everything also work fine on the lan Fa0/0.
But when I try to plug a device on the WIC switch (HWIC-4ESW) It doesn't work (I want these ports to serve the /28 of my ISP). Have I missed something ? Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: