1720 router as a dual wan router, satellite backup

[toy4two2]

Does anyone know the best way to approach setting up a 1720 router (IOS v12.3(26)) that has 2 Ethernet WICs and the single built in Ethernet port to switch between the WICs if one goes down?

Each WIC will have a different satillite technology connected to it, VSAT for one and BGAN for the other. The VSAT will be the primary and the BGAN the backup. The BGAN unit is smart enough to automatically connect to the BGAN network should the VSAT lose connectivity.

The only reason for the BGAN is for when the VSAT fails I can remotley connect to the site for troubleshooting purposes. I would manually turn off the BGAN when done.

The IP addresses would be on different networks, VSAT vs BGAN but they both need to be NAT'd into a private network (switch plugged into the built-in Ethernet port). When the VSAT loses connectivity the 1720's port will still be up/up.

Any suggestions? To head off the questions I know I am going to get, why not use a better router, answer I will if I can prove that this is feasible in a lab first using what we have on hand. Why SAT for both connections? Going to Africa area has no telco, cell, wireless, or cable, sat is the only technology available.

 

[ISPKing]

Without setting up sla's which i cant remember if the 1720's even support. You can do default floating routes.

So assuming eth0 has the sat and eth1 has the bgan.

ip route 0.0.0.0 0.0.0.0 eth0 150
ip route 0.0.0.0 0.0.0.0 eth1

That will make the first static route have a higher ad meaning it will only kick into action if the Bgan experiences a physical line Failure, remember physical.

If you need help with the config i can draft it for you, but i need more specifics.


CCNP

 

[toy4two2]

floating routes, that is great! I've never used those and would never have thought of it. It will work perfectly because when I shut down the BGAN it will set the port to down/down.

I just hooked everything up in a lab and started the config. Don't need any security etc just using it to show a co-worker this can be done. Thanks for taking a look and adding your mods:

Current configuration : 638 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SatRouter
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
!
!
!
interface Ethernet0
description VSAT_WAN
ip address 10.0.0.1 255.255.255.0
full-duplex
!
interface Ethernet1
description BGAN_WAN
ip address 172.16.0.1 255.255.255.0
full-duplex
!
interface FastEthernet0
description LAN
ip address 192.168.0.1 255.255.255.0
speed auto
!
ip classless
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

 

[toy4two2]

Version 2 - With ISPKing's fantastic suggestion:

Current configuration : 638 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SatRouter
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
!
!
!
interface Ethernet0
description VSAT_WAN
ip address 10.0.0.1 255.255.255.0
full-duplex
!
interface Ethernet1
description BGAN_WAN
ip address 172.16.0.1 255.255.255.0
full-duplex
!
interface FastEthernet0
description LAN
ip address 192.168.0.1 255.255.255.0
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip route 0.0.0.0 0.0.0.0 Ethernet0 150
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end

 

[toy4two2]

I have one concern. When the VSAT fails and the BGAN takes over, all customer traffic will also get routed over the BGAN in this setup. The BGAN is just supposed to be for out of band access for myself to connect to the network and service the VSAT modem via a telnet to the modem.

BGAN service charges per meg and it could get expensive quick if customer data started getting sent to that interface.

ACL on the bgan interface to only allow telnet traffic?

 

[toy4two2]

I drew out a diagram, it also appears that since the VSAT modem is plugged into eth0, when the BGAN is active, I wouldn't be able to get to the VSAT modem since all packets would be bypassing eth0 and going eth1.

 

[burtsbees]

Uh, you would not be able to get to the VSAT if it were down anyway...

Where would you telnet from?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[toy4two2]

I will have to make a network diagram to make it clear.

 

[Viconsul]

It sounds like all you want to do is, use the Bgan as backup access to the router for maintenance only. Is that correct?
Can you confirm this is the case.

 

[toy4two2]

we want to use the BGAN as a backup for access to the VSAT modem (telnet). But heck, if I can use the BGAN to access the router, from the router I can telnet to the VSAT modem and perform settings changes.