Announcement

Collapse
No announcement yet.

Multihomed SMB router - Anyone fany cleaning my config?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multihomed SMB router - Anyone fany cleaning my config?

    Hi,

    We have a Cisco 1800 series router, its config was copied from an old 1700 a year or so ago. Most of it I have hashed together from internet forums and cisco's website & the SDM web interface on the old 1700.

    Some of the lines of config my not be doing anything, some may be conflicting with others etc so if anyone fancys a challenge or wants to share their oppinion please feel free.

    Also this might help some people who are looking trying to setup a router in a similar situation.



    Heres a brief description of what we have connected and what the config currently achieves.
    • We have 2 WAN links
      • The primary connection is a cable connection to Virgin Media
      • The secondry connection is and ADSL connection (through an external adsl modem)
    • We have redundant failover to the secondary link if the primary link goes down by tracking the connectivity to the primary link next hop router.
    • We have a VPN connection for client computers
      • Authentication provided by RADIUS
      • this falls over to the backup link if the primary link goes down as the crypto map is on both WAN interfaces
    • Vlan 20 is our main vlan for all traffic
    • Vlan 30 is for WiFi and guest acces (protected by an ACL)
    Heres a few things that dont work / or work the way I would want.
    • If I simulate an outage on the primay WAN link by shutting down the interface my my default route to the secondary WAN link is installed in the routing table but I the tracked object status is still UP.
      • The pings must be going out of the second link, i have tried to get around this with local policy routing but it doesnt fix the problem.
    • I would like to have VPN clients be able to connect to both interfaces when they are both up.
      • if i install both default routes in the routing table with the same admin distance the packets are routed randomly throught one interface or the other braking the VPN connection. - Again i think some route map trickery is needed here

    The config is in an .xls in the attached zip files
    Last edited by chillobill; 1st March 2012, 11:39.

  • #2
    Re: Multihomed SMB router - Anyone fany cleaning my config?

    So your saying that if you loose reachability to your primary next hop router then the "tracked" object is removed from the routing table and the backup route is installed? But then you say the tracked object shows as up still? Are you specifying any delay on the tracked object? I have seen ip sla and tracked objects act funny in certain IOS versions.

    If you want to utilize both links then you could use policy based routing. You could say any http traffic go over the backup ADSL link etc.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Multihomed SMB router - Anyone fany cleaning my config?

      So your saying that if you loose reachability to your primary next hop router then the "tracked" object is removed from the routing table and the backup route is installed?
      Yes this is correct

      But then you say the tracked object shows as up still? Are you specifying any delay on the tracked object?
      Yes this is also correct, if i enable 'debug ip sla trace' i see that the pings are being sent from primary WAN IP as the sla is configured to send the pings from fa0.

      Code:
      rt1#debug ip sla trace
       IP SLAs TRACE debugging for all operations is on
      rt1#term mon
      rt1#
      106679: *Feb 21 14:01:38.604 London: IP SLAs(1) Scheduler: saaSchedulerEventWakeup
      106680: *Feb 21 14:01:38.604 London: IP SLAs(1) Scheduler: Starting an operation
      106681: *Feb 21 14:01:38.604 London: IP SLAs(1) echo operation: Sending an echo operation - destAddr=82.23.216.1, sAddr=8.2.2.3
      106682: *Feb 21 14:01:38.604 London: IP SLAs(1) echo operation: Sending ID: 1
      106683: *Feb 21 14:01:38.612 London: IP SLAs(1) echo operation: RTT=8
      106684: *Feb 21 14:01:38.612 London: IP SLAs(1) Scheduler: Updating result
      106685: *Feb 21 14:01:38.612 London: IP SLAs(1) Scheduler: start wakeup timer, delay = 2992
      rt1#

      The strange thing that happens when i shut down the interface is the sAddr=0.0.0.0 and a guess this means that they are sent from any interface and routed through the routing table. (think this is because the interface is DHCP)

      Im not sure why the backup route is added to the routing table but it is.

      Comment


      • #4
        Re: Multihomed SMB router - Anyone fany cleaning my config?

        I would remove the interface from the SLA and use the source ip address.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Multihomed SMB router - Anyone fany cleaning my config?

          Cheers auglan,

          I changed the SLA to use the source IP address and can confim that the tracked oobject now shows as down when the interface f0 is shutdown!

          Thanks

          Comment


          • #6
            Re: Multihomed SMB router - Anyone fany cleaning my config?

            Glad its working.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment

            Working...
            X