Hi everyone, so this is my first post here. I am hoping that an expert (because I certainly am not one) can take a look at my config and tell me if I am achieving the goals that I have for routing. I have changed all the IP Addresses to 5.5.5.X so as to not post our actual IPs
4x Bonded T-1's
1x Cisco 2911 Router with IP Base license
1x HWIC-4T1 interface card for the Four T-1's in Slot 0
1x DSL Connection connected to port GI0/0 on the 2911
Port GI0/1 is connected to my ASA 5512
I have the ASA 5512 doing NAT for the following:
If traffic is coming from my VoIP subnet, then Translate it to 126.96.36.199
If traffic is coming from my Guest WiFi subnet, then Translate it to 188.8.131.52
If traffic is coming from any other subnet translate it to 184.108.40.206
Note that all traffic is coming into the router via port GI0/1
Bond all 4 t-1's into 1 "big" 6MB pipe
Configure Policy Based Routing to achieve the following:
* All VoIP traffic should be marked as critical for precendence (5)
* All Guest WiFi traffic should be routed to the DSL connection and never touch the T-1 connections
* If My T-1 connection fails, switch over all traffic to the DSL connection temporarily
I think I have all of this down (except for the backup WAN connection) and I was hoping that someone can tell me if I did this right? I am NOT a CCNA, and I literally used logic and pieced all of this together myself, so please be gentle!!! Here is my Sh Run Output...
sh run Building configuration...
Current configuration : 4977 bytes ! ! Last configuration change at 21:03:44 UTC Fri Feb 7 2014 by gbundy ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname 2911 ! boot-start-marker boot system flash0:c2900-universalk9-mz.SPA.154-1.T.bin boot system flash0:c2900-universalk9-mz.SPA.152-4.M4.bin boot-end-marker ! ! card type t1 0 0 logging buffered 51200 warnings enable secret 4 >>REMOVED<< ! no aaa new-model no network-clock-participate wic 0 ! ! ! ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ! no ip domain lookup ip domain name >>REMOVED<<.com no ip mfib ip cef no ipv6 cef multilink bundle-name authenticated ! ! ! crypto pki trustpoint TP-self-signed-1149088280 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1149088280 revocation-check none rsakeypair TP-self-signed-1149088280 ! ! crypto pki certificate chain TP-self-signed-1149088280 certificate self-signed 01 >>REMOVED<< quit license udi pid CISCO2911/K9 sn FGLXXXXXXXX ! ! username >>REMOVED<< privilege 15 secret 4 >>REMOVED<< ! redundancy ! ! controller T1 0/0/0 fdl both cablelength long 0db channel-group 0 timeslots 1-24 ! controller T1 0/0/1 fdl both cablelength long 0db channel-group 0 timeslots 1-24 ! controller T1 0/0/2 fdl both cablelength long 0db channel-group 0 timeslots 1-24 ! controller T1 0/0/3 fdl both cablelength long 0db channel-group 0 timeslots 1-24 ! ! ! ! ! interface Multilink1 description connection to AT&T circuit with bonded T1s bandwidth 6144 ip address 220.127.116.11 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ppp multilink ppp multilink group 1 no cdp enable ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$ ip address 10.10.10.1 255.255.255.248 duplex auto speed auto ! interface GigabitEthernet0/1 ip address 18.104.22.168 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map TPR_Default duplex auto speed auto no cdp enable ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/0/1:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/0/2:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/0/3:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! ip forward-protocol nd ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ! route-map TPR_Default permit 10 match ip address 100 set ip precedence critical set interface Multilink1 ! route-map TPR_Default permit 20 match ip address 101 set interface GigabitEthernet0/0 ! ! access-list 23 permit 10.10.10.0 0.0.0.7 access-list 100 permit ip host 22.214.171.124 any access-list 101 permit ip host 126.96.36.199 any ! control-plane ! ! ! line con 0 login local line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 login local transport input telnet ssh ! scheduler allocate 20000 1000 ! end
Any and all advice is appreciated as I only have one shot to make this work right
Configure Policy Based Routing to achieve the following:
1. All VoIP traffic should be marked as critical for precendence (5)
Following config should do the job, reason for using verify-availability is explained in point no. 3
route-map TPR_Default permit 10
match ip address 100
set ip precedence critical
set ip next-hop verify-availability 1.1.1.x 10 track 10
set ip next-hop verify-availability 10.10.10.x 20
2. All Guest WiFi traffic should be routed to the DSL connection and never touch the T-1 connections
You should change the config with following, using multiaccess interface can cause issues with proxy-arp.
route-map TPR_Default permit 20
match ip address 101
set ip next-hop 10.10.10.x
3. If My T-1 connection fails, switch over all traffic to the DSL connection temporarily
Following config tracks all serial links and track 6 will go down only if all serial links go down; following that track 10 will go down if either Multilink or all serial links go down and as result all traffic will be switched through G0/1 via next hop 10.10.10.x
ip route 0.0.0.0 0.0.0.0 multilink1 track 10
ip route 0.0.0.0 0.0.0.0 10.10.10.x 200
track 1 interface Serial0/0/0:0 line-protocol
track 2 interface Serial0/0/1:0 line-protocol
track 3 interface Serial0/0/2:0 line-protocol
track 4 interface Serial0/0/3:0 line-protocol
track 5 interface Multilink1 line-protocol
track 6 list boolean or
track 10 list boolean and
For more information about Policy Based Routing with the Multiple Tracking Options Feature
In second statement we won't need track as its seq number is 20 (secondary next-hop) so as long as track 10 is up only 1 next-hop would be used. It will fallback to the primary once the track comes up after Multilink comes up.
SLA can also be used for tracking, but is not essential with your requirements.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.