I mostly tried to follow this page:
.. but it focuses on a DHCP and PPPoE WAN connections and it turns out both of mine have static IPs. You'd think it would be easier to configure but I'm having trouble translating that example into my configuration.
Both WANs seem are up.. but traffic is only going through one connection. Here is my configuration:
Current configuration : 7249 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2077438888
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2077438888
revocation-check none
rsakeypair TP-self-signed-2077438888
!
!
crypto pki certificate chain TP-self-signed-2077438888
certificate self-signed 01
quit
!
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.140.1 192.168.140.99
ip dhcp excluded-address 192.168.140.150 192.168.140.254
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool lan-pool
import all
network 192.168.140.0 255.255.255.0
domain-name ACMEsolutions.com
!
!
ip cef
ip domain name yourdomain.com
ip name-server 64.105.199.74
ip name-server 64.105.159.250
ip name-server 64.105.199.75
ip name-server 71.242.0.12
ip name-server 71.252.0.12
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username root privilege 15 secret 5 $1$ifix$nrWAT5zZIA13Av41XLjMm/
archive
log config
hidekeys
!
!
track timer interface 5
!
track 123 ip sla 1 reachability
delay down 15 up 10
!
track 345 ip sla 2 reachability
delay down 15 up 10
bridge irb
!
!
!
interface FastEthernet0
no ip address
duplex auto
speed auto
bridge-group 240
!
interface FastEthernet1
no ip address
duplex auto
speed auto
bridge-group 250
!
interface FastEthernet2
switchport access vlan 239
!
interface FastEthernet3
switchport access vlan 239
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
interface Vlan239
ip address 192.168.140.2 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
interface BVI240
ip address 68.161.175.26 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface BVI250
ip address 67.163.69.7 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 68.161.175.25 track 123
ip route 0.0.0.0 0.0.0.0 67.163.69.1 track 345
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface BVI240 overload
ip nat inside source route-map fixed-nat interface BVI250 overload
ip nat inside source route-map fixed-nat2 interface BVI240 overload
!
ip sla 1
icmp-echo 67.163.69.1 source-interface BVI250
timeout 1000
threshold 40
frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 68.161.175.25 source-interface BVI240
timeout 1000
threshold 40
frequency 3
ip sla schedule 2 life forever start-time now
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.140.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.140.0 0.0.0.255
access-list 110 permit ip 192.168.140.0 0.0.0.255 any
no cdp run
!
!
!
route-map fixed-nat2 permit 10
match ip address 110
match interface BVI240
!
route-map fixed-nat permit 10
match ip address 110
match interface BVI250
!
!
!
!
control-plane
!
bridge 240 protocol ieee
bridge 240 route ip
bridge 250 protocol ieee
bridge 250 route ip
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
-----------------------------------------------------------------------
^C
banner login ^CC
-----------------------------------------------------------------------
-----------------------------------------------------------------------
^C
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
webvpn cef
end
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml
.. but it focuses on a DHCP and PPPoE WAN connections and it turns out both of mine have static IPs. You'd think it would be easier to configure but I'm having trouble translating that example into my configuration.
Both WANs seem are up.. but traffic is only going through one connection. Here is my configuration:
Current configuration : 7249 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2077438888
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2077438888
revocation-check none
rsakeypair TP-self-signed-2077438888
!
!
crypto pki certificate chain TP-self-signed-2077438888
certificate self-signed 01
quit
!
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.140.1 192.168.140.99
ip dhcp excluded-address 192.168.140.150 192.168.140.254
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool lan-pool
import all
network 192.168.140.0 255.255.255.0
domain-name ACMEsolutions.com
!
!
ip cef
ip domain name yourdomain.com
ip name-server 64.105.199.74
ip name-server 64.105.159.250
ip name-server 64.105.199.75
ip name-server 71.242.0.12
ip name-server 71.252.0.12
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username root privilege 15 secret 5 $1$ifix$nrWAT5zZIA13Av41XLjMm/
archive
log config
hidekeys
!
!
track timer interface 5
!
track 123 ip sla 1 reachability
delay down 15 up 10
!
track 345 ip sla 2 reachability
delay down 15 up 10
bridge irb
!
!
!
interface FastEthernet0
no ip address
duplex auto
speed auto
bridge-group 240
!
interface FastEthernet1
no ip address
duplex auto
speed auto
bridge-group 250
!
interface FastEthernet2
switchport access vlan 239
!
interface FastEthernet3
switchport access vlan 239
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
interface Vlan239
ip address 192.168.140.2 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
interface BVI240
ip address 68.161.175.26 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface BVI250
ip address 67.163.69.7 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 68.161.175.25 track 123
ip route 0.0.0.0 0.0.0.0 67.163.69.1 track 345
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface BVI240 overload
ip nat inside source route-map fixed-nat interface BVI250 overload
ip nat inside source route-map fixed-nat2 interface BVI240 overload
!
ip sla 1
icmp-echo 67.163.69.1 source-interface BVI250
timeout 1000
threshold 40
frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 68.161.175.25 source-interface BVI240
timeout 1000
threshold 40
frequency 3
ip sla schedule 2 life forever start-time now
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.140.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.140.0 0.0.0.255
access-list 110 permit ip 192.168.140.0 0.0.0.255 any
no cdp run
!
!
!
route-map fixed-nat2 permit 10
match ip address 110
match interface BVI240
!
route-map fixed-nat permit 10
match ip address 110
match interface BVI250
!
!
!
!
control-plane
!
bridge 240 protocol ieee
bridge 240 route ip
bridge 250 protocol ieee
bridge 250 route ip
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
-----------------------------------------------------------------------
^C
banner login ^CC
-----------------------------------------------------------------------
-----------------------------------------------------------------------
^C
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
webvpn cef
end
