Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

1941w Router WAN fail-over works, but fail-back stopped working???

Status
Not open for further replies.

chevy372

Programmer
Nov 5, 2011
2
US
I haven't seen a setup like this before, and it just stopped working a couple months ago from the person before who set it up. I have changed the config to not show the hostname, external ip's, certificate, usernames, password hashes, and serial number. If anyone knows why this configuration would work when failing-over to the serial connection when the cable modem fails, but doesn't fail-back to the cable modem when the route becomes available again, I would appreciate any input. I tried many things, even updating to the most recent IOS, and this was working before. Thanks.

show run and show version output:


ROUTER#sh run
Building configuration...

Current configuration : 6747 bytes
!
! No configuration change since last restart
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot system flash c1900-universalk9-mz.SPA.152-1.T.bin
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone Arizona -7 0
!
no ipv6 cef
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.30
ip dhcp excluded-address 10.0.1.101 10.0.1.254
!
ip dhcp pool MainIP
import all
network 10.0.1.0 255.255.255.0
domain-name inlandmarketing
dns-server 8.8.8.8
default-router 10.0.1.1
lease 5
!
!
ip domain name yourdomain.com
ip name-server 10.0.1.202
ip name-server 8.8.8.8
ip cef
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1898501780
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1898501780
revocation-check none
rsakeypair TP-self-signed-1898501780
!
!
crypto pki certificate chain TP-self-signed-1898501780
certificate self-signed 01
{cert here}
quit
license udi pid CISCO1941/K9 sn FTX1428809G
!
!
username {userhere} privilege 15 secret 5 {passwordhere}
username {userhere} privilege 15 secret 5 {passwordhere}
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-LAN$
ip address 10.0.1.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Cable-Modem0/0/0
ip address {staticIPhere w/subnet}
ip flow ingress
ip nat outside
ip virtual-reassembly in
!
interface Serial0/1/0
ip address {staticIPhere w/subnet}
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
service-module t1 fdl ansi
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source route-map cable-modem interface Cable-Modem0/0/0 overload
ip nat inside source route-map t1 interface Serial0/1/0 overload
ip nat inside source static tcp 10.0.1.200 1723 {staticIPcablemodemhere} 1723 extendable
ip nat inside source static tcp 10.0.1.200 1723 {staticIPserialhere} 1723 extendable
ip route 0.0.0.0 0.0.0.0 Cable-Modem0/0/0
ip route 0.0.0.0 0.0.0.0 Serial0/1/0 50
!
ip access-list extended udp_rtp
permit udp host 10.0.1.27 any range 10000 20000
ip access-list extended udp_trp
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 2 permit 10.0.1.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
!
route-map cable-modem permit 10
match ip address 1
match interface Cable-Modem0/0/0
!
route-map t1 permit 10
match ip address 2
match interface Serial0/1/0
!
route-map sip_nat permit 10
match ip address udp_rtp
!
!
snmp-server community ROUTER RW
snmp-server location ServerRoom
snmp-server enable traps entity-sensor threshold
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end

ROUTER#sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(1)T, RELEASE SOFTWARE (fc1)
Technical Support: Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 21-Jul-11 16:40 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)

ROUTER uptime is 3 weeks, 2 days, 4 hours, 55 minutes
System returned to ROM by power-on
System restarted at 08:38:25 Arizona Wed Oct 12 2011
System image file is "flash:c1900-universalk9-mz.SPA.152-1.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO1941/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID {serialhere}
2 Gigabit Ethernet interfaces
1 Serial interface
1 terminal line
1 Cable Modem interface
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 {serialhere}


Technology Package License Information for Module:'c1900'

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
data None None None

Configuration register is 0x2102
 
Hello,
At work we had the same conf for a client.The only difference is that we used the same access list.Can't guarantee you that it ever work properly becauseI never really got the chance to test the conf fully.All I can say is that the customer ask for a redesign a few weeks ago,maybe for the instability of this implementation.If it doesn't work after you change the access-list,I am sure this is a design flaw on Cisco part and you should try to contact cisco TAC or look for another solution.

route-map SECWAN permit 10
match ip address 1 <------------------------
match interface ATM0/2/0.100
!

route-map PRIWAN permit 10
match ip address 1 <------------------------
match interface ATM0/IMA1.1

Regards
 
I made that change you mentioned, and also changed the administrative distance to 50, and everything is working. I also followed the article here:


I am going to purchase the data feature package since I only have ipbase now and use IP SLA to track traceability and perform failover since this configuration only works when the link state changes and not when reachability to the internet is lost.

Thanks for your help!
 

Good way to go! So it does work!!Hands up for Cisco they do know their stuff.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top