Cisco 1841 with ISDN backup

Discussion in 'Cisco' started by j.kost@solcon.nl, Aug 14, 2007.

  1. Guest

    Hello,

    I'm trying to implement a Cisco 1841 with 2 modules, 1 SDSL + 1 ISDN.
    The SDSL interface is the primary inteface. The ISDN interface is
    meant as a backup interface in case the ISDN interface fails.

    The problem is that the SDSL interfaces rarely goes doen. If there is
    a problem with the ISP, the link rarely goes doen, and the ISDN
    doesn't take over.
    Therefor, the backup interface <interface> command is no use.

    The second problem i am having, when i pull out the DSL cable, is that
    i'm using Dialer interfaces. Because Dialer interfaces a virtual, they
    never go down.
    As a result of that, i'm having problems with my static routes. Both
    static routes are up, and traffic is also sent over the interface that
    is down.

    Now i lookup at discussion groups, and some tips i saw were:

    PBR:

    The link should be:

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gtpbrtrk.pdf

    In this documentation, some of the commands don't work, so i can't
    implement that. I'm using IOS version 1841 Software (C1841-IPBASEK9-
    M), Version 12.4(9)T, RELEASE SOFTWARE (fc1), and according to Cisco,
    the PBR Support for Multiple TrackingOptions shoud be available with
    this.

    Here below is my config. This is a standard config, with no backup
    settings here. Can someone take a look, en possibly help me with
    this?:

    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret <password>
    !
    no aaa new-model
    !
    resource policy
    !
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    ip cef
    !
    !
    username <username> password <password>
    !
    !
    controller DSL 0/0/0
    mode atm
    line-term cpe
    line-mode 2-wire line-zero
    dsl-mode shdsl symmetric annex B
    line-rate auto
    !
    interface FastEthernet0/0
    description LAN klant
    ip address <ip> <subnetmask>
    duplex auto
    speed auto
    no keepalive
    !
    interface BRI0/1/0
    description Inbel interface
    no ip address
    encapsulation ppp
    no ip route-cache
    no ip mroute-cache
    dialer pool-member 2
    no fair-queue
    no shutdown
    !
    interface ATM0/0/0
    no shutdown
    no ip address
    no atm ilmi-keepalive
    pvc 0 0/36
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface Dialer 0
    mtu 1492
    ip unnumbered FastEthernet0/0
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication pap callin
    ppp pap sent-username <username> password <password>
    !
    interface Dialer1
    ip unnumbered FastEthernet0/0
    encapsulation ppp
    dialer remote-name <name>
    dialer idle-timeout 300
    dialer wait-for-carrier-time 10
    dialer string XXXXXXXXXX
    dialer pool 2
    dialer-group 2
    no fair-queque
    no cdp enable
    ppp authentication pap callin
    ppp pap sent-username <username> password <password>
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    dialer-list 1 protocol ip permit
    !
    no ip http server
    ip http authentication local
    ip http timeout-policy idle 5 life 86400 requests 10000
    !
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    !
    line con 0
    login local
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    privilege level 15
    login local
    transport input telnet
    !
    end
     
    , Aug 14, 2007
    #1
    1. Advertising

  2. Merv Guest

    Merv, Aug 14, 2007
    #2
    1. Advertising

  3. Al Guest

    On Aug 14, 12:38 pm, Merv <> wrote:
    > see Reliable Static Routing Backup Using Object Tracking
    >
    > http://cco.cisco.com/en/US/products/sw/iosswrel/ps5413/products_featu...


    The IP SLA functionality is only, iirc, available in the 'broadband'
    feature set & up - not the base image which the OP has.
    I ran into a similar issue at a customer site & ended up using EIGRP
    across the LES connection instead, which doesn't help here much.

    Is the ISDN backup for the Internet connection, or are you connecting
    via VPN to another site which you would then be dialling into directly
    for backup? If so, can you use a dynamic routing protocol over the VPN
    with floating statics on the dialer for backup?

    Just my 2p worth....
     
    Al, Aug 15, 2007
    #3
  4. Guest

    On 15 Aug, 18:05, Al <> wrote:
    > On Aug 14, 12:38 pm, Merv <> wrote:
    >
    > > see Reliable Static Routing Backup Using Object Tracking

    >
    > >http://cco.cisco.com/en/US/products/sw/iosswrel/ps5413/products_featu...

    >
    > The IP SLA functionality is only, iirc, available in the 'broadband'
    > feature set & up - not the base image which the OP has.
    > I ran into a similar issue at a customer site & ended up using EIGRP
    > across the LES connection instead, which doesn't help here much.
    >
    > Is the ISDN backup for the Internet connection, or are you connecting
    > via VPN to another site which you would then be dialling into directly
    > for backup? If so, can you use a dynamic routing protocol over the VPN
    > with floating statics on the dialer for backup?
    >
    > Just my 2p worth....


    Ah yes. That is the classic solution.

    Dynamic routing protocol on the main link
    with floating static routes for the dial up one.

    ip route 0.0.0.0 0.0.0.0 dialer <ISDN> 200

    That's what I would do before going for the
    SLA one - never having used either:))
     
    , Aug 16, 2007
    #4
  5. Guest

    On 16 aug, 01:40, wrote:
    > On 15 Aug, 18:05, Al <> wrote:
    >
    >
    >
    > > On Aug 14, 12:38 pm, Merv <> wrote:

    >
    > > > see Reliable Static RoutingBackupUsing Object Tracking

    >
    > > >http://cco.cisco.com/en/US/products/sw/iosswrel/ps5413/products_featu...

    >
    > > The IP SLA functionality is only, iirc, available in the 'broadband'
    > > feature set & up - not the base image which the OP has.
    > > I ran into a similar issue at a customer site & ended up using EIGRP
    > > across the LES connection instead, which doesn't help here much.

    >
    > > Is the ISDNbackupfor the Internet connection, or are you connecting
    > > via VPN to another site which you would then be dialling into directly
    > > forbackup? If so, can you use a dynamic routing protocol over the VPN
    > > with floating statics on the dialer forbackup?

    >
    > > Just my 2p worth....

    >
    > Ah yes. That is the classic solution.
    >
    > Dynamic routing protocol on the main link
    > with floating static routes for the dial up one.
    >
    > ip route 0.0.0.0 0.0.0.0 dialer <ISDN> 200
    >
    > That's what I would do before going for the
    > SLA one - never having used either:))


    Both connections are for the internet connection, so i don't think i
    will be able to use routing protocol. Or can i use them?
     
    , Aug 17, 2007
    #5
  6. Merv Guest

    Ask your ISP if they can send you default route via any dynamic
    routing protocol

    If so then you can float a default route to point to the ISDN dialer
    interface
     
    Merv, Aug 17, 2007
    #6
  7. Guest

    On 17 aug, 10:02, wrote:
    > On 16 aug, 01:40, wrote:
    >
    >
    >
    > > On 15 Aug, 18:05, Al <> wrote:

    >
    > > > On Aug 14, 12:38 pm, Merv <> wrote:

    >
    > > > > see Reliable Static RoutingBackupUsing Object Tracking

    >
    > > > >http://cco.cisco.com/en/US/products/sw/iosswrel/ps5413/products_featu...

    >
    > > > The IP SLA functionality is only, iirc, available in the 'broadband'
    > > > feature set & up - not the base image which the OP has.
    > > > I ran into a similar issue at a customer site & ended up using EIGRP
    > > > across the LES connection instead, which doesn't help here much.

    >
    > > > Is the ISDNbackupfor the Internet connection, or are you connecting
    > > > via VPN to another site which you would then be dialling into directly
    > > > forbackup? If so, can you use a dynamic routing protocol over the VPN
    > > > with floating statics on the dialer forbackup?

    >
    > > > Just my 2p worth....

    >
    > > Ah yes. That is the classic solution.

    >
    > > Dynamic routing protocol on the main link
    > > with floating static routes for the dial up one.

    >
    > > ip route 0.0.0.0 0.0.0.0 dialer <ISDN> 200

    >
    > > That's what I would do before going for the
    > > SLA one - never having used either:))

    >
    > Both connections are for the internet connection, so i don't think i
    > will be able to use routing protocol. Or can i use them?



    Ok, so i followed your advise! (Reliable Static Routing Backup Using
    Object Tracking)Thanx.
    I'm trying to set it up now, and i'm running into the following:

    I have configured the following:

    Configuring the Primary Interface for PPPoE
    Configuring the Primary Interface for Static Routing
    Configuring the Backup Interface for Reliable Static Routing Backup
    Using Object Tracking
    Configuring Cisco IOS IP SLAs for Cisco IOS Release 12.3(14)T, 12.4
    and 12.4(2)T

    Now i have to set up a routing policy for PPPoE.
    The problem is, as you can see in my config, in both Dialer interfaces
    i'm refering to my FastEthernet 0/0 for the IP-address.

    In the routing policy i have to set up an source IP to ensure the
    tracking is only done over the primary interface.

    Is there any way to work around that? I won't be able to set up
    another IP-adres for the backup interface.

    Thanx.
     
    , Aug 17, 2007
    #7
  8. Guest

    On 17 aug, 11:12, wrote:
    > On 17 aug, 10:02, wrote:
    >
    >
    >
    > > On 16 aug, 01:40, wrote:

    >
    > > > On 15 Aug, 18:05, Al <> wrote:

    >
    > > > > On Aug 14, 12:38 pm, Merv <> wrote:

    >
    > > > > > see Reliable Static RoutingBackupUsing Object Tracking

    >
    > > > > >http://cco.cisco.com/en/US/products/sw/iosswrel/ps5413/products_featu...

    >
    > > > > The IP SLA functionality is only, iirc, available in the 'broadband'
    > > > > feature set & up - not the base image which the OP has.
    > > > > I ran into a similar issue at a customer site & ended up using EIGRP
    > > > > across the LES connection instead, which doesn't help here much.

    >
    > > > > Is the ISDNbackupfor the Internet connection, or are you connecting
    > > > > via VPN to another site which you would then be dialling into directly
    > > > > forbackup? If so, can you use a dynamic routing protocol over the VPN
    > > > > with floating statics on the dialer forbackup?

    >
    > > > > Just my 2p worth....

    >
    > > > Ah yes. That is the classic solution.

    >
    > > > Dynamic routing protocol on the main link
    > > > with floating static routes for the dial up one.

    >
    > > > ip route 0.0.0.0 0.0.0.0 dialer <ISDN> 200

    >
    > > > That's what I would do before going for the
    > > > SLA one - never having used either:))

    >
    > > Both connections are for the internet connection, so i don't think i
    > > will be able to use routing protocol. Or can i use them?

    >
    > Ok, so i followed your advise! (Reliable Static Routing Backup Using
    > Object Tracking)Thanx.
    > I'm trying to set it up now, and i'm running into the following:
    >
    > I have configured the following:
    >
    > Configuring the Primary Interface for PPPoE
    > Configuring the Primary Interface for Static Routing
    > Configuring the Backup Interface for Reliable Static Routing Backup
    > Using Object Tracking
    > ConfiguringCiscoIOS IP SLAs forCiscoIOS Release 12.3(14)T, 12.4
    > and 12.4(2)T
    >
    > Now i have to set up a routing policy for PPPoE.
    > The problem is, as you can see in my config, in both Dialer interfaces
    > i'm refering to my FastEthernet 0/0 for the IP-address.
    >
    > In the routing policy i have to set up an source IP to ensure the
    > tracking is only done over the primary interface.
    >
    > Is there any way to work around that? I won't be able to set up
    > another IP-adres for the backup interface.
    >
    > Thanx.



    OK, here the deal.

    I tried implementing the config is a working enviroment.
    The primary link is coming up, no problem. But when pull out the
    primary (DSL) connection, it gives the following message:

    *Aug 17 10:49:44.559: Track: 1 Change #3 rtr 1, reachability Up->Down
    *Aug 17 10:49:44.559: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down

    As far as i can tell, that's good. But after that, nothing happens.
    The BRI interface is not coming up.

    Here is my most recent config:

    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname XXXX
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret <password>
    !
    no aaa new-model
    ip cef
    !
    !
    !
    !
    ip sla monitor 1
    type echo protocol ipIcmpEcho 212.45.32.3 <----- DNS server of
    provider!
    timeout 1000
    threshold 2
    frequency 3
    ip sla monitor schedule 1 life forever start-time now
    username <username> password <password>
    !
    !
    controller DSL 0/0/0
    mode atm
    line-term cpe
    line-mode 2-wire line-zero
    dsl-mode shdsl symmetric annex B
    line-rate auto
    !
    !
    track 1 rtr 1 reachability
    !
    !
    interface FastEthernet0/0
    description LAN klant
    ip address 10.31.0.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    no keepalive
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    pvc 0 0/36
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface BRI0/1/0
    description Inbel interface
    no ip address
    encapsulation ppp
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    dialer pool-member 2
    no fair-queue
    !
    interface Dialer0
    mtu 1492
    ip unnumbered FastEthernet 0/0
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication pap callin
    ppp pap sent-username <username> password <password>
    !
    interface Dialer1
    ip unnumbered FastEthernet 0/0
    encapsulation ppp
    dialer pool 2
    dialer remote-name solcon
    dialer idle-timeout 300
    dialer wait-for-carrier-time 10
    dialer string 0676034583
    dialer-group 2
    no cdp enable
    ppp authentication pap callin
    ppp pap sent-username <username> password <password>
    !
    ip local policy route-map test
    ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
    ip route 0.0.0.0 0.0.0.0 Dialer1 254
    !
    no ip http server
    ip http authentication local
    ip http timeout-policy idle 5 life 86400 requests 10000
    !
    access-list 101 permit icmp 10.31.0.0 0.0.0.255 any echo
    dialer-list 1 protocol ip permit
    route-map test permit 10
    match ip address 101
    set interface Dialer0 Null0
    !
    !
    control-plane
    !
    !
    line con 0
    login local
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    privilege level 15
    login local
    transport input telnet
    !
    scheduler allocate 20000 1000
    end

    Anybody got any ideas about it?

    Thanx
     
    , Aug 17, 2007
    #8
  9. Merv Guest

    1. post the output of sh ip route after disconnecting the DSL link

    2. enable logging buffer
     
    Merv, Aug 17, 2007
    #9
  10. Merv Guest

    3. post output of sh isdn status

    4. enable debug isdn q921

    5. enable debug isdn q931

    6. disconnect DSL to see what is occurring or not occuring with
    repsect to ISDN call initiation
     
    Merv, Aug 17, 2007
    #10
  11. Merv Guest

    also

    7. debug ppp negotiation

    8. debug ppp authentication
     
    Merv, Aug 17, 2007
    #11
  12. Guest

    On 17 aug, 13:27, Merv <> wrote:
    > also
    >
    > 7. debug ppp negotiation
    >
    > 8. debug ppp authentication


    Ok, here are the results:

    IP-route without the DSL link:

    10.0.0.0/24 is subnetted, 1 subnets
    C 10.31.0.0 is directly connected, FastEthernet0/0
    S* 0.0.0.0/0 is directly connected, Dialer1

    Seems good, the 0.0.0.0 is pointing towards the Dialer1 (ISDN). When
    the DSL is connected, the 0.0.0.0 is pointing towards the Dialer0.

    show isdn status:

    Global ISDN Switchtype = basic-net3
    ISDN BRI0/1/0 interface
    dsl 2, interface ISDN Switchtype = basic-net3
    Layer 1 Status:
    DEACTIVATED
    Layer 2 Status:
    Layer 2 NOT Activated
    Layer 3 Status:
    0 Active Layer 3 Call(s)
    Active dsl 2 CCBs = 0
    The Free Channel Mask: 0x80000003
    Total Allocated ISDN CCBs = 0

    When i pull down out the DSL cable, the DSL goes down, and nothing
    happens. This is an output of the debug:

    solcon#
    *Aug 20 08:03:22.603: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down
    *Aug 20 08:03:24.331: %CONTROLLER-5-UPDOWN: Controller DSL 0/0/0,
    changed state
    to down
    *Aug 20 08:03:26.331: %LINK-3-UPDOWN: Interface ATM0/0/0, changed
    state to down
    *Aug 20 08:03:27.307: %LINK-3-UPDOWN: Interface Virtual-Access2,
    changed state t
    o down
    *Aug 20 08:03:27.307: Vi2 IPCP: Remove link info for cef entry
    212.45.33.132
    *Aug 20 08:03:27.307: Vi2 PPP: Sending Acct Event[Down] id[3]
    *Aug 20 08:03:27.307: Vi2 IPCP: State is Closed
    *Aug 20 08:03:27.307: Vi2 PPP: Phase is ESTABLISHING, renegotiate LCP
    *Aug 20 08:03:27.307: Vi2 PPP: Authorization required
    *Aug 20 08:03:27.307: Vi2 PPP: No remote authentication for call-out
    *Aug 20 08:03:27.307: Vi2 LCP: O CONFREQ [Closed] id 8 len 14
    *Aug 20 08:03:27.307: Vi2 LCP: MRU 1492 (0x010405D4)
    *Aug 20 08:03:27.307: Vi2 LCP: MagicNumber 0x138E8A93
    (0x0506138E8A93)
    *Aug 20 08:03:27.307: %DIALER-6-UNBIND: Interface Vi2 unbound from
    profile Di0
    *Aug 20 08:03:27.307: Di0 IPCP: Remove route to 212.45.33.132
    *Aug 20 08:03:27.311: Vi2 PPP: Sending Acct Event[Down] id[3]
    *Aug 20 08:03:27.311: Vi2 LCP: State is Closed
    *Aug 20 08:03:27.311: Vi2 PPP: Phase is DOWN
    *Aug 20 08:03:27.331: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    ATM0/0/0,
    changed state to down
    *Aug 20 08:03:28.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    Virtual-Ac
    cess2, changed state to down

    It seems that the ISDN is not triggered to connect, even tough i am
    constantly pinging from my pc.
     
    , Aug 20, 2007
    #12
  13. Merv Guest


    > show isdn status:
    >
    > Global ISDN Switchtype = basic-net3
    > ISDN BRI0/1/0 interface
    > dsl 2, interface ISDN Switchtype = basic-net3
    > Layer 1 Status:
    > DEACTIVATED
    > Layer 2 Status:
    > Layer 2 NOT Activated
    > Layer 3 Status:
    > 0 Active Layer 3 Call(s)
    > Active dsl 2 CCBs = 0
    > The Free Channel Mask: 0x80000003
    > Total Allocated ISDN CCBs = 0




    Layer 1 status of DEACTIVATEDi s not a good sign


    follow the steps in the Cisco troubleshooting doc for ISN BRI layer 1:

    http://cco.cisco.com/en/US/tech/tk801/tk379/technologies_tech_note09186a0080094b76.shtml


    AFAIK layer 1 and layer 2 must be in ACTIVATED state before a call can
    be placed
     
    Merv, Aug 20, 2007
    #13
  14. Guest

    On 20 Aug, 10:42, Merv <> wrote:
    > > show isdn status:

    >
    > > Global ISDN Switchtype = basic-net3
    > > ISDN BRI0/1/0 interface
    > > dsl 2, interface ISDN Switchtype = basic-net3
    > > Layer 1 Status:
    > > DEACTIVATED
    > > Layer 2 Status:
    > > Layer 2 NOT Activated
    > > Layer 3 Status:
    > > 0 Active Layer 3 Call(s)
    > > Active dsl 2 CCBs = 0
    > > The Free Channel Mask: 0x80000003
    > > Total Allocated ISDN CCBs = 0

    >
    > Layer 1 status of DEACTIVATEDi s not a good sign
    >
    > follow the steps in the Cisco troubleshooting doc for ISN BRI layer 1:
    >
    > http://cco.cisco.com/en/US/tech/tk801/tk379/technologies_tech_note091...
    >
    > AFAIK layer 1 and layer 2 must be in ACTIVATED state before a call can
    > be placed


    This is correct.

    All ISDN interfaces that I have seen look like this when no call is in
    progress.

    Layer 1 Status:
    ACTIVE
    Layer 2 Status:
    TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
    Layer 3 Status:
    0 Active Layer 3 Call(s)
    (This is a voice PRI but that does not matter)

    When calls are active the Layer 3 count increments with each call.

    There are a number of "debug isdn ....". they are hard to interpret
    though,
    since I do not understand ISDN:)
     
    , Aug 20, 2007
    #14
  15. Merv Guest

    The OP{ may want to power cycle the router to ensure the BRI interface
    was truly reset from when it was configured with backup interface
    command.
     
    Merv, Aug 20, 2007
    #15
  16. Guest

    On 20 aug, 13:44, Merv <> wrote:
    > The OP{ may want to power cycle the router to ensure the BRI interface
    > was truly reset from when it was configured with backup interface
    > command.


    Ok, the config works now. I was missing:

    dialer-list 2 protocol ip permit

    My traffic wasn't allowed over the dialer1 interface, so my ISDN never
    saw 'interesting' traffic

    Now the following problem comes to light:

    When i pull out my DSL cable, i get the following message:

    *Aug 20 14:08:38.935: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down

    After this, the ISDN connection starts dialing in.
    The problem is, that both my dialers are pointing to the same IP-
    adres. And as soon as the ISDN interface is online, since i'm tracking
    a DNS server, the tracking seems to think that the DSL connection is
    up again, and starts routing the traffic over the Dialer 0 interface
    which in fact is down.

    After that, i keep getting the following:

    *Aug 20 14:08:38.935: %TRACKING-5-STATE: 1 rtr 1 reachability Down->Up
    *Aug 20 14:08:43.935: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down
    *Aug 20 14:08:38.935: %TRACKING-5-STATE: 1 rtr 1 reachability Down->Up
    *Aug 20 14:08:53.935: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down

    Pff, i 1 thing works, i keep getting another problem :)
     
    , Aug 20, 2007
    #16
  17. Al Guest

    On Aug 20, 3:44 pm, wrote:
    > On 20 aug, 13:44, Merv <> wrote:
    >
    > > The OP{ may want to power cycle the router to ensure the BRI interface
    > > was truly reset from when it was configured with backup interface
    > > command.

    >
    > Ok, the config works now. I was missing:
    >
    > dialer-list 2 protocol ip permit
    >
    > My traffic wasn't allowed over the dialer1 interface, so my ISDN never
    > saw 'interesting' traffic
    >
    > Now the following problem comes to light:
    >
    > When i pull out my DSL cable, i get the following message:
    >
    > *Aug 20 14:08:38.935: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down
    >
    > After this, the ISDN connection starts dialing in.
    > The problem is, that both my dialers are pointing to the same IP-
    > adres. And as soon as the ISDN interface is online, since i'm tracking
    > a DNS server, the tracking seems to think that the DSL connection is
    > up again, and starts routing the traffic over the Dialer 0 interface
    > which in fact is down.
    >
    > After that, i keep getting the following:
    >
    > *Aug 20 14:08:38.935: %TRACKING-5-STATE: 1 rtr 1 reachability Down->Up
    > *Aug 20 14:08:43.935: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down
    > *Aug 20 14:08:38.935: %TRACKING-5-STATE: 1 rtr 1 reachability Down->Up
    > *Aug 20 14:08:53.935: %TRACKING-5-STATE: 1 rtr 1 reachability Up->Down
    >
    > Pff, i 1 thing works, i keep getting another problem :)


    I was going to suggest adding a static host route through the dialer0
    interface, but of course as it is the DNS server (which I assume you
    will need to be reachable over ISDN) this might break more stuff :eek:)

    Is there anything else you can ping instead, which would be OK to
    route over the Di0 interface, even if that connection is down?

    One word of caution about this whole setup though: you're at the mercy
    of the admins of whatever system you are pinging & if they decide to
    suddenly block ICMP inbound, you could get a large ISDN bill unless
    you monitor the line. (The users would almost certainly complain about
    speed issues I guess).
    This does happen - when Cisco acknowledged a vulnerability to
    specifically crafter ICMP packets, a lot of people I think took it as
    an opportunity to block ICMP. We certainly found this to be the case
    with BT & as we were tracking one or two things based on being able to
    ping their routers, it did break stuff for a short while.
     
    Al, Aug 20, 2007
    #17
  18. Merv Guest

    The IPSLA echo packet must be routed only via the "primary" interface
    for this solution to work.


    config t
    no ip local policy route-map test
    ip local policy LOCAL-POLICY

    no access-list 101
    access-list 101 permit icmp any host 212.45.32.3

    route-map LOCAL-POLICY permit 10
    match ip address 101
    set interface Dialer 0 Null0
    end


    Please post full output of show ip route when the DSL interface is in
    up & up state
     
    Merv, Aug 20, 2007
    #18
  19. Guest

    On 20 aug, 23:36, Merv <> wrote:
    > The IPSLA echo packet must be routed only via the "primary" interface
    > for this solution to work.
    >
    > config t
    > no ip local policy route-map test
    > ip local policy LOCAL-POLICY
    >
    > no access-list 101
    > access-list 101 permit icmp any host 212.45.32.3
    >
    > route-map LOCAL-POLICY permit 10
    > match ip address 101
    > set interface Dialer 0 Null0
    > end
    >
    > Please post full output of show ip route when the DSL interface is in
    > up & up state


    IT WORKS!!! Merv, you're the best.

    sorry for the massive delay, but i had troubles with dialing into a
    specific number, which needed CHAP as authentication instead of the
    regular PAP.
    It works now.
    My DSL connection is primary, with ISDN as backup. When the DSL
    connection fails, the ISDN interface starts dialing, and works.
    When the DSL connection comes up again, after the 300 second timeout
    the ISDN interface goes down.

    Right here is the working config:

    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname <hostname>
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret <password>
    !
    no aaa new-model
    ip cef
    !
    !
    no ip dhcp use vrf connected
    !
    !
    ip sla monitor 1
    type echo protocol ipIcmpEcho <IP-address>
    timeout 1000
    threshold 2
    frequency 3
    ip sla monitor schedule 1 life forever start-time now
    isdn switch-type basic-net3
    username <username> password <password>
    !
    !
    controller DSL 0/0/0
    mode atm
    line-term cpe
    line-mode 2-wire line-zero
    dsl-mode shdsl symmetric annex B
    line-rate auto
    !
    !
    track 1 rtr 1 reachability
    !
    !
    interface FastEthernet0/0
    description LAN klant
    ip address <IP-address> <subnetmask>
    duplex auto
    speed auto
    no keepalive
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    pvc 0 0/36
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface BRI0/1/0
    description Inbel interface
    no ip address
    encapsulation ppp
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    dialer pool-member 2
    isdn switch-type basic-net3
    isdn point-to-point-setup
    no fair-queue
    !
    interface Dialer0
    mtu 1492
    ip unnumbered FastEthernet0/0
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication pap callin
    ppp pap sent-username <username> password <password>
    !
    interface Dialer1
    ip unnumbered FastEthernet0/0
    encapsulation ppp
    dialer pool 2
    dialer remote-name <name>
    dialer idle-timeout 300
    dialer wait-for-carrier-time 10
    dialer string XXXXXXXX
    dialer-group 2
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname <username>
    ppp chap password <password> (I need CHAP for authentication, but pap
    is also possible here)
    !
    ip local policy route-map LOCAL-POLICY
    ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
    ip route 0.0.0.0 0.0.0.0 Dialer1 254
    !
    no ip http server
    ip http authentication local
    ip http timeout-policy idle 5 life 86400 requests 10000
    !
    access-list 101 permit icmp any host <IP-address>
    dialer-list 1 protocol ip permit
    dialer-list 2 protocol ip permit
    route-map LOCAL-POLICY permit 10
    match ip address 101
    set interface Dialer0 Null0
    !
    !
    control-plane
    !
    !
    line con 0
    login local
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    privilege level 15
    login local
    transport input telnet
    !
    scheduler allocate 20000 1000
    end
     
    , Sep 4, 2007
    #19
  20. sirdick

    Joined:
    Oct 8, 2009
    Messages:
    1
    From
    ip sla monitor 1
    type echo protocol ipIcmpEcho <IP-address>
    timeout 1000
    threshold 2
    frequency 3

    If you change the frequency from 3 to 1 it gives an even more efficient faster rollover that appears seamless. I tried it and the switch over when line1 fails to line2 happens in less than 5 secs.
     
    sirdick, Oct 21, 2009
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. SkY
    Replies:
    0
    Views:
    1,033
  2. arme35
    Replies:
    1
    Views:
    6,287
    amir_mahmood
    Mar 6, 2007
  3. JanKost

    Cisco 1841 xDSL backup

    JanKost, Nov 1, 2006, in forum: Cisco
    Replies:
    1
    Views:
    526
    Doug McIntyre
    Nov 1, 2006
  4. sync
    Replies:
    0
    Views:
    621
  5. Replies:
    7
    Views:
    1,159
    Mike Rahl
    Feb 6, 2008
Loading...

Share This Page