Announcement

Collapse
No announcement yet.

WAN Ethernet Port Failover in a single Cisco Router 2821

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WAN Ethernet Port Failover in a single Cisco Router 2821

    Hi,
    I have a cisco Rourter 2821 with two-WAN-Ethernet Port are connected to two different ISP and 4-port-HWIC card for LAN connection.

    i want to configure Port Failover between Two WAN Ports. How to configure it??

    Senario:
    1. if the one WAN port down other WAN port will take over automatically


    Please Help with any idea

    Thanks
    Karzon

  • #2
    Re: WAN Ethernet Port Failover in a single Cisco Router 2821

    Based on my understanding of your post, the following link might point you in the right direction. NOTE: There are different flavors of PBR (so to speak), so search cisco.com for "Policy Based Routing".

    Policy Based Routing with the Multiple Tracking Options Feature Configuration Example

    Comment


    • #3
      Re: WAN Ethernet Port Failover in a single Cisco Router 2821

      hi,
      Thanks for reply....
      will your tips work on IPSEC VPN?
      can we configure the two WAN Port Faiover using OSPF ?

      thanks
      karzon

      Comment


      • #4
        Re: WAN Ethernet Port Failover in a single Cisco Router 2821

        Policy routing will let you enginner traffic regardless of what the routing table says. If you want true failover you can always use Enhanced object tracking with IP SLA monitoring. Another option would be to use the backup interface feature. The issue with the backup interface way would be the failover would only happen if the line protocol on the interface went down. This can be an issue with Frame Relay and ethernet networks as you have a middle device connecting the circuit. (In FR u have a FR switch and ethernet you may have a switch in between your site and the provider. So it really comes down to what is going to bring down the line protcol on the interface with the backup interface option. Also with the backup interface option the interace in standby isnt passing any traffic. The better option would be to use the IP SLA feature with enhanced object tracking. With this we can send echo requests to your next hop (your provider) and trigger a tracked object to say bring down an interface if those echos time out. Then the backup interface in standby would kick in and start forwarding traffic. The issue with the policy routing way is that if your using the ip next-hop feature in your route-map your router has no way of knowing if that next hop is reachable as it doesnt have to have a route in the routing table to forward to that next hop so if end to end connectivity isnt there you are essentially blackholing your traffic .Sorry for the long winded post but some of these configs can get rather complex.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: WAN Ethernet Port Failover in a single Cisco Router 2821

          Hi,
          we did the below confguration on Head Office (Core Router) and Branch Router for port failover in a single router.



          Core Router
          ========================================
          interface Loopback0
          ip address 10.0.0.1 255.255.255.255
          interface Tunnel3
          description Connect to Chandnighat(BracNet)
          bandwidth 128
          ip address 10.10.10.9 255.255.255.252
          ip ospf cost 1500
          tunnel source 172.21.35.78
          tunnel destination 172.21.35.74
          !
          interface Tunnel4
          description Connect to Chadnighat(DhakaCom)
          bandwidth 128
          ip address 10.10.10.13 255.255.255.252
          ip ospf cost 2000
          tunnel source 10.10.17.18
          tunnel destination 10.10.22.30
          !
          interface GigabitEthernet0/0
          ip address 10.10.17.18 255.255.255.252
          duplex auto
          speed auto
          crypto map wasa
          !
          interface GigabitEthernet0/1
          ip address 172.21.35.78 255.255.255.252
          duplex auto
          speed auto


          interface Vlan1
          ip address 172.16.32.6 255.255.255.252

          router ospf 1
          log-adjacency-changes
          redistribute static subnets
          network 10.0.0.1 0.0.0.0 area 0
          network 10.10.10.0 0.0.0.3 area 0
          network 10.10.10.4 0.0.0.3 area 0
          network 10.10.10.8 0.0.0.3 area 0
          network 10.10.10.12 0.0.0.3 area 0
          network 172.16.32.4 0.0.0.3 area 0
          access-list 102 permit ip 192.168.0.0 0.0.255.255 192.168.102.0 0.0.0.255
          access-list 102 permit ip 172.16.32.4 0.0.0.3 192.168.102.0 0.0.0.255

          Branch Router:
          ============================================

          interface Tunnel1
          description Connect to Kawranbazar(BracNet)
          bandwidth 128
          ip address 10.10.10.10 255.255.255.252
          ip ospf cost 1500
          tunnel source 172.21.35.74
          tunnel destination 172.21.35.78
          !
          interface Tunnel2
          description Connect to KawranBazar(DhakaCom)
          bandwidth 128
          ip address 10.10.10.14 255.255.255.252
          ip ospf cost 2000
          tunnel source 10.10.22.30
          tunnel destination 10.10.17.18
          !
          interface Loopback0
          ip address 10.0.0.3 255.255.255.255
          !
          interface FastEthernet0
          description Connected to ISP
          ip address 10.10.22.30 255.255.255.252
          duplex auto
          speed auto
          !
          interface FastEthernet1
          ip address 172.21.35.74 255.255.255.252
          duplex auto
          speed auto

          description Local_LAN
          ip address 192.168.102.1 255.255.255.0
          ip tcp adjust-mss 1452
          !
          interface Async1
          no ip address
          encapsulation slip
          !
          router ospf 1
          log-adjacency-changes
          network 10.0.0.3 0.0.0.0 area 0
          network 10.10.10.8 0.0.0.3 area 0
          network 10.10.10.12 0.0.0.3 area 0
          network 192.168.102.0 0.0.0.255 area 0
          !
          ip route 0.0.0.0 0.0.0.0 10.10.22.29
          ip route 172.21.0.0 255.255.0.0 172.21.35.73
          ip route 202.168.224.0 255.255.224.0 172.21.35.73


          access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.100.0 0.0.0.255
          access-list 102 permit ip 192.168.102.0 0.0.0.255 172.16.32.4 0.0.0.3
          no cdp run

          =============================================


          avobe configuration have solved the problem.
          is it possible with IPSEC VPN service??


          Thanks
          Karzon

          Comment

          Working...
          X