Cisco 1720 router failover question

[nobeemk]

Hello Everyone,

Sorry for the long post. I'm pretty much a newbie when it comes to Cisco routers, so any help that you can provide would be much appreciated.

I currently have a Cisco 1720 router that is configured with 2 active WAN interfaces (primary and secondary) and 1 LAN interface. The router was actually configured by someone else to use the secondary WAN interface as a failover in case the primary WAN interface went down. Sounds good in theory. However, the failover portion never worked.

My main question is, does the router have to be configured for dynamic routing (RIP, OSPF), or, can I successfully do this using static routes? Currently, from what I can tell, the router is set up for static routes.

Near the bottom of the config, I have a couple of lines of text reading what I believe to be static routes to use for internet access. I am using fictional IPs as an example. They read:

ip route 0.0.0.0 0.0.0.0 99.88.77.1
ip route 0.0.0.0 0.0.0.0 88.77.66.1 10

From what I can surmise on the config, the top ip route command line is using the primary WAN interface. The bottom ip route is using the secondary WAN interface. The only real difference that I can see between the 2 lines is the addition of the number 10 in the bottom line. This, I assume, is probably some type of routing priority?

The router works great when the primary WAN interface connection is up. Just so happens that when the primary WAN interface fails, the secondary WAN interface connection does not "kick" in.

Also, I noticed a discrepancy in the IP config of the secondary WAN interface. Seems the broadcast IP address is incorrect, so I am wondering if this could cause a failover problem? I will use fictional IPs as an example again.

interface Ethernet0
ip address 88.77.66.2 255.255.255.240
ip broadcast-address 88.77.66.31

If memory serves, I think the actual broadcast-address should be 88.77.66.15. I have not fixed this as of yet. Still, I am wondering if this would cause my failover not to work?

Anyways, to summarize:

How can I get the router to failover to the secondary WAN interface when the primary WAN interface fails on a Cisco 1720 router? Can the router be set up for static routing or do I have to configure the router for dynamic routing to make the failover work?

IP broadcast address is incorrect on the secondary WAN interface... can this affect the failover functionality?

Again, sorry for the long post and any help would be much appreciated!

Thanks,

goober

 

[Saeed42]

Can you post the config (obviously take out the IP, P/W, U/N and so on)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[nobeemk]

Hi Saeed42,

Thanks for the reply. Listed below is the edited config. The IP addresses I have entered are all fictional, but similar in configuration to the original (subnet config).

Another strange thing I discovered is the first IP route line/setting which has Serial0 instead of an actual IP address. At the moment, we are able to access the internet, although I don't really understand why. The reason for my confusion is that I believe that there should be a default gateway address there, not Serial0. Anyway, here is the edited config:

Using 1283 out of 29688 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxxxxxx
!
no logging buffered
no logging buffered
logging rate-limit console 10 except errors
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
memory-size iomem 20
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip finger
ip domain-name xxxxx.net
ip name-server xxx.xx.x.xx
ip name-server xxx.xx.x.xx
ip name-server xxx.xx.xx.xx
!
!
!
!
interface Ethernet0
ip address 88.77.66.2 255.255.255.240
ip broadcast-address 88.77.66.31
ip nat outside
half-duplex
!
interface FastEthernet0
description Local Ethernet
ip address 66.55.44.2 255.255.255.248
ip broadcast-address 66.55.44.7
ip nat inside
speed auto
half-duplex
!
interface Serial0
description Link to ispxxxx
bandwidth 1536
ip address 99.88.77.2 255.255.255.252
no fair-queue
service-module t1 timeslots 1-24
!
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 0.0.0.0 0.0.0.0 88.77.66.1 10
no ip http server
!
access-list 1 permit any
!
line con 0
transport input none
line aux 0
line vty 0 4
password xxxxxxx
login
!
sntp server xxx.xx.x.xx
end


Serial0 is my primary WAN interface
Ethernet0 is my secondary WAN interface
FastEthernet0 is my LAN interface

Please let me know if you have any other questions. Again, thanks for your help.

goober

 

[MrvNDMrtN]

The 2nd ip route information is a floating static route.

You could use hsrp interface tracking to do the failover to the 2nd interface.

What the?!?!

 

[Guest_imported]

The ip route commands configure your static routes.
In your config, Serial0 is the preferred route. If the router looses connection with Serial0 (simulate this by disconnecting the cable from the router serial0 port)it installs the route to the ethernet port.
You need to verify that the connection via the ethernet port really works first.
Disconnect the serial0 cable from your router.
From the router console EXEC prompt try to ping 88.77.66.1
If this does not reply it may be because the link to this ISP is down, or possibly this address is not a valid device.
This address should be the next hop IP address of a router on the ISP network.
Check if this address is valid with the ISP.
You could change the route statement to
ip route 0.0.0.0 0.0.0.0 ethernet0 10
in this way the next hop address does not matter.

 

[Saeed42]

I'm slightly confused how the nat is setup, if you have nat and your FastEthernet0 is your inside nat, and your outside nat is e0 how does the SO come into the picture, if the router is doing nat shouldn't both interfaces (S0, E0) be outside nat
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[nobeemk]

Hi Everyone,

Thanks for your input. I really appreciate it.

MrvNDMrtN - can you explain what a floating static route is? HSRP is something I will also look into. Thanks for that info.

edkeogh - I was able to verify from within the router the ability to ping the gateway of Ethernet0. It is working. Do you think that I should change the second IP route from:

ip route 0.0.0.0 0.0.0.0 88.77.66.1 10 to
ip route 0.0.0.0 0.0.0.0 Ethernet0?

I'm just wondering if the way it is set up now is incorrect?
Also, in the routers current config, unplugging S0 does not cause a failover, so that is why I am wondering if changing the route command to reflect Ethernet0 instead of 88.77.66.1 would work. I thank you, too, for your input.

Saeed42 - Sorry bout the confusion on the nat commands. As I mentioned before, I was not the one who set this stuff up. In fact, the router was preconfigured from the ISP. The only non-ISP configured settings and hardware on this router was the addition of Ethernet0 for the second WAN interface, and this was installed to act as a failover in case the S0 interface went down.

For what it's worth, all I can tell you is that all the interfaces (S0, E0, F0) are using public IP's. There are no private address schemes directly associated with this router. So, whether the NAT commands are actually doing something, I could not tell you.

Again, thank you all for your input.

 

[badbadzt]

Hi,

Following up on saeed42's query about your NAT setup, are you using private address's schemes (i.e 192.168.x.x .. 10.x.x.x .. 172.16 x. x) on your internal lan interface (fastethernet0)? If you are using private addresses, then you will need to setup NAT on your serial interface as well, as private addresses cannot not be routed onto the external network (internet/public wan). My guess is you are using private addresses and that currently only your etho0 wan route is working and your ser0 route is redundant because of your NAT setup. You can test this by performing a traceroute from a workstation on your internal network and see what the hops are. They should indicate that your next hop should be the gateway on your ethernet0 interface
(88.77.66.1 ).

 

[KY]

Is your main problem getting the failover to work?

 

[nobeemk]

Badbadzt,

To answer your question regarding private IP address schemes, no, there are not any private IP address schemes on FastEthernet0. I do, however, have a firewall connected to Fastethernet0 which is performing NAT for the computers located behind the firewall.

Also, the main/primary WAN port is Serial0 and it is working fine.

I ran a tracert from within the router and it showed only 1 hop to 88.77.66.1. Will try it from a workstation behind the router when I get the chance.

 

[nobeemk]

KY,

To answer your question, yes, the problem that I am having is getting the failover to work.

 

[jhouser79]

If you set the failover card set up with a BACKUP command with the first interface using the second interface as the back up that should work.


This would be the set up for the first interface. with the back up command in line

interface Serial0.50 point-to-point
description AT&T CircuitID:
bandwidth 56
backup interface Serial1
ip address 000.000.000.000 255.0.0.0
frame-relay interface-dlci 50
!