We are having some problems with out cisco 2800 router.
This is what we want:
We have 2 ISP's 1 fast (120mbit) and a backup (12mbit), the primary connection will be the fast isp on GigabitEthernet0/0.
The other connecting is on FastEthernet1/0 this connection is always online cause there are some route's over this uplink duo the permanent ip.
The routing is not working correctly. If the FastEthernet1/0 is going down the tracking system will remove the route and all traffic will go over GigabitEthernet0/0. When the FastEthernet1/0 is up again the tracking system will add the route again and the traffic that needs to go over the secondary isp is working agian. So till so far everything works
But when the GigabitEthernet 0/0 is going down/unreachable he removes the route and tells the router that all traffic needs to go over FastEthernet1/0 this works perfect for NEW connections, the current connections will fail cause he reminders some how that it needs to be over GigabitEthernet0/0
When i clear the cache all traffic will route over the second isp. Also when the primairy is back online again, All new traffic will work, current traffic is still over FastEthernet1/0
GigabitEthernet0/0 = Uplink fast ISP ip by DHCP
GigabitEthernet0/1 = Internal Traffic 10.1.0.x
FastEthernet1/0 = Uplink backup ISP ip by DHCP
Can please someone assist me and tell me whats wrong or whats needed to get this work fully.
HCRouter#show run Building configuration...
Current configuration : 4052 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret *********** enable password *********** ! no aaa new-model dot11 syslog ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.1.0.1 10.1.0.99 ! ip dhcp pool Office import all network 10.1.0.0 255.255.255.0 default-router 10.1.0.3 dns-server 10.1.0.3 ! ! ip domain name Local.Domain ip name-server 220.127.116.11 ip name-server 18.104.22.168 ip name-server 22.214.171.124 ip name-server 126.96.36.199 ! multilink bundle-name authenticated async-bootp gateway 10.1.0.3 async-bootp dns-server 10.1.0.3 vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 l2tp tunnel receive-window 1024 ! ! ! crypto pki trustpoint local enrollment selfsigned revocation-check crl rsakeypair my_key 1024 1024 ! ! ! ! username root privilege 15 password ***********
archive log config hidekeys ! ! ! ! ip ssh version 2 track timer interface 5 ! track 1 rtr 1 reachability delay down 5 up 3 ! track 2 rtr 2 reachability delay down 5 up 3 ! ! ! interface GigabitEthernet0/0 description Primary UPC ip address dhcp ip dns view-group name ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable no mop enabled ! interface GigabitEthernet0/1 ip address 10.1.0.3 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto no cdp enable ! interface FastEthernet1/0 ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/1 peer default ip address pool vpn-pool no keepalive ppp encrypt mppe auto ppp authentication pap chap ms-chap ms-chap-v2 ! ip local pool vpn-pool 10.1.0.70 10.1.0.99 no ip forward-protocol nd ip route 188.8.131.52 255.255.255.255 GigabitEthernet0/0 254 track 1 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 track 1 ip route 184.108.40.206 255.255.255.255 FastEthernet1/0 track 2 ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 254 track 2 ip route 220.127.116.11 255.255.255.255 FastEthernet1/0 ip route 18.104.22.168 255.255.255.255 GigabitEthernet0/0 ! ! ip http server ip http secure-server ip dns server ip nat translation timeout 3 ip nat translation icmp-timeout 3 ip nat inside source static tcp 10.1.0.14 22 interface FastEthernet1/0 7966 ip nat inside source route-map upc interface GigabitEthernet0/0 overload ip nat inside source route-map xs4all interface FastEthernet1/0 overload ip nat inside source static tcp 10.1.0.30 3389 22.214.171.124 3389 extendable ! ip access-list extended MyNetwork permit ip 10.1.0.0 0.0.0.255 any ! ip sla 1 icmp-echo 126.96.36.199 source-interface GigabitEthernet0/0 timeout 1000 threshold 40 frequency 3 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 188.8.131.52 source-interface FastEthernet1/0 timeout 1000 threshold 40 frequency 3 ip sla schedule 2 life forever start-time now no cdp run ! ! route-map xs4all permit 10 match ip address MyNetwork match interface FastEthernet1/0 ! route-map upc permit 10 match ip address MyNetwork match interface GigabitEthernet0/0 ! ! ! control-plane ! banner login ^C ##################################################^C ! line con 0 exec-timeout 0 0 password 7 02050D480809 logging synchronous line aux 0 line vty 0 4 session-timeout 120 privilege level 15 logging synchronous login local transport input ssh ! scheduler allocate 20000 1000 no process cpu extended no process cpu autoprofile hog ! ! webvpn install svc flash:/webvpn/svc.pkg ! webvpn install csd flash:/webvpn/sdesktop.pkg end
I think that's because the dynamic NAT entries for existing connections. One solution I can think right now is to use EEM ; when your lose primary connection, router will clear ip nat transaction; when primary connection comes back, router will clear ip nat transaction again. That requires IOS version 12.4(2)T or later. If your router running 12.4(2)T or later code, you can try to implement the following configuration.
event manager applet UP event track 1 state up action 1 cli command "enable" action 1.1 cli command "no file prompt quiet" action 2 cli command "clear ip nat translation *" pattern "#" action 2.1 cli command "no file prompt quiet" event manager applet DOWN event track 1 state down action 1 cli command "enable" action 1.1 cli command "no file prompt quiet" action 2 cli command "clear ip nat translation *" pattern "#" action 2.1 cli command "no file prompt quiet"
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...