Cisco 2811 configure ISP failover

[blazt3red]

Hi,

I configure a cisco 2811 router to have a my two ISP failover. But router do the failover but it has a very slow internet connection. My Primary line is a Leased Line 6MB and backup DSL of up to 11MB. And i can't telnet also via the public ip address.

Please help me.

Here's My config

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
enable secret 5 test
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool LAN_IP
network 192.168.2.0 255.255.255.0
dns-server 202.78.97.41 210.4.2.61
default-router 192.168.2.1
!
ip dhcp pool LAN2_IP
network 192.168.3.0 255.255.255.0
dns-server 4.2.2.2 8.8.8.8
default-router 192.168.3.1
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username sam privilege 15 password 0 test
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
description Bayantel
ip address 121.97.91.98 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/1
ip address 122.52.52.146 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 121.97.91.97
ip route 0.0.0.0 0.0.0.0 122.52.52.145
ip http server
no ip http secure-server
!
!
ip nat inside source list NAT2_IP interface FastEthernet0/0/1 overload
ip nat inside source list NAT_IP interface FastEthernet0/0/0 overload
!
ip access-list extended NAT2_IP
permit ip 192.168.3.0 0.0.0.255 any
ip access-list extended NAT_IP
permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
password test
login
line aux 0
line vty 0 4
privilege level 15
password test
login
!
scheduler allocate 20000 1000
end

 

[tcasw05]

Hello,

You currently have two equal cost default routes configured, meaning both routes would go into the routing table, load balancing between them. This is what most likely is causing the poor performance.

To correctly configure fail-over to configure an IP SLA, which will ping out to an address on the internet, then use an track to test reachability to the ip, finally you would apply the track to your primary default route (with a higher admin distance). Once the track detects the internet IP is not reachable it will remove the tracked default route from the routing table and put the back up route into the table.

See the following for specific configuration example:

http://docwiki.cisco.com/wiki/IP_SLA_Tracking_with_Configuration_Example

 

[imbadatthis]

should also add that once one of your isp connections fail - one of your lab subnets will lose access to the internets.
your nat statement should allow but lan subnets out of both connections. Unless you have manual failover of a user connecting to a different plug and getting on the right connection again..


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[blazt3red]

Hi i reconfigure the router this is my new config

dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool LAN_IP
network 192.168.2.0 255.255.255.0
dns-server 202.78.97.41 210.4.2.61
default-router 192.168.2.1
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username sam privilege 15 password 0 Online2013
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
description Bayantel
ip address 121.97.91.98 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/1
description PLDT
ip address 122.52.52.146 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 121.97.91.97
ip route 0.0.0.0 0.0.0.0 122.52.52.145 10
ip http server
no ip http secure-server
!
!
ip nat inside source route-map Bayantel interface FastEthernet0/0/0 overload
ip nat inside source route-map PLDT interface FastEthernet0/0/1 overload
!
ip access-list standard NAT_IP
permit any
!
!
!
!
!
route-map PLDT permit 10
match ip address NAT_IP
match interface FastEthernet0/0/1
!
route-map Bayantel permit 10
match ip address NAT_IP
match interface FastEthernet0/0/0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
password p
login
line aux 0
line vty 0 4
privilege level 15
password
login
!
scheduler allocate 20000 1000
end

it do the failover but it has a very slow internet connection and i did not create the ip sla because it has no rtr command.

 

[imbadatthis]

once you 'fail over' can you do a sho ip route and copy it here?

also can you ping the 'active gateway' with a few large packets?

also -
assuming no other traffic is on the router it self except your labs..

do a sho int on the interface you are failing over to before fail over (look for packet count).
then fail over, send a few pings from your pc to say google or something, and do another show int and see if the counters have gone up as expected...

post all of it here..


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.