Question

Locked

Cisco 1811 drops connection and failover does not work?

By devitocoke ·
I have a Cisco 1811W router, I also have 2 internet connections. A Cable modem and a DSL connection. The cable Modem provide internet through FE0 and the DSL through FE1. However it seems failover is not working, What I would like is for one internet connection to take over if the other one drops out. How could I go about configuring this? I inherited this system, so bare with me I do not know a thing about IOS codes. Also the Cable Modem internet is always up, but the router loses connection at time and just stays offline and i have to turn it off and on. How do I know if the router is failing, can i pull a log to check that? I appreciate any help I can get with this. Thanks. I need to learn IOS.
Here is the current config, what does all of this mean?
-------------------------
!This is the running config of the router: 10.10.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname companyname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging on
enable secret 5 $1$EqWAQ.
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1 10.10.1.99
ip dhcp excluded-address 10.10.1.151 10.10.1.254
!
ip dhcp pool sdm-pool1
import all
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 10.10.10.50 10.10.1.1
netbios-name-server 10.10.10.50
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name companyname.com
ip name-server 24.X.X.167
ip name-server 24.X.X.168
ip name-server 205.X.X.23
ip name-server 205.X.X.X
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT101 cuseeme
ip inspect name DEFAULT101 ftp
ip inspect name DEFAULT101 h323
ip inspect name DEFAULT101 icmp
ip inspect name DEFAULT101 netshow
ip inspect name DEFAULT101 rcmd
ip inspect name DEFAULT101 realaudio
ip inspect name DEFAULT101 rtsp
ip inspect name DEFAULT101 esmtp
ip inspect name DEFAULT101 sqlnet
ip inspect name DEFAULT101 streamworks
ip inspect name DEFAULT101 tftp
ip inspect name DEFAULT101 tcp
ip inspect name DEFAULT101 udp
ip inspect name DEFAULT101 vdolive
ip sla 1
icmp-echo 24.X.X.168 source-ip 69.X.X.X
timeout 1500
frequency 30
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 205.X.X.23 source-ip 74.X.X.X
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 24.X.X.168 source-ip 69.X.X.139
timeout 1500
frequency 5
ip sla schedule 3 life forever start-time now
!
!
crypto pki trustpoint TP-self-signed-1347290545
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1347290545
revocation-check none
rsakeypair TP-self-signed-1347290545
!
!
crypto pki certificate chain TP-self-signed-1347290545
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333437 32393035 3435301E 170D3037 30333033 32313236
32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33343732
39303534 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CDE3 BEF1EDD4 646F2012 92795A7D 669FC3CE 65F4F042 068DE896 7CEA5288
3921F52F 9CA9EC 936AA9EE C008C4FA AD66D14D 4659878A 6F3C2D17 EC69C864
A19865A7 6AF08E67 3A3B52A7 D2E1EC1B A96AF64A 7719B751 25D36985 AFFADCDA
240178D4 299C307D 7988B88C 1556770C F594D04B 58349E44 DAB010D8 EEC439D8
33370203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 154D4943 5249554D 30322E6D 69637269 756D2E63 6F6D301F
0603551D 23041830 168014C8 98665892 2A6E3342 E4D306AC 0536F3E6 B9568F30
1D060355 1D0E0416 0414C898 6658922A 6E3342E4 D306AC05 36F3E6B9 568F300D
06092A86 4886F70D 01010405 00038181 0006BB97 529F8AE8 1651D5B8 A1CED454
EEFCE038 765F5421 A2CA0533 AF599798 67826AEC 480F8CA2 7EF31162 B625B781
ABC1232E 9CC049E7 CED817D7 61CED524 C8F6E148 0CFED3DE 35F015CA F71F98D5
EF4E1FF3 302A059C 4139A606 95DB83F4 07770F35 B6**8C35 8FBE9BC0 22273795
DE2C61F6 6DAA3550 2DF33E56 2CB09BA8 7D
quit
username admin privilege 15 secret 5 $1$0H1v$mJ2CHQjqAmTqzd/xtjpEk1
!
!
track 111 rtr 3 reachability
!
track 122 rtr 2 reachability
delay down 30 up 5
!
track 123 rtr 1 reachability
delay down 30 up 5
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key sabrina1 address 69.X.176.34 no-xauth
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map TUNNEL2 10 ipsec-isakmp
set peer 69.X.176.34
set security-association lifetime seconds 600
set transform-set ESP-3DES-MD5
match address 102
!
crypto map TUNNELMAP 10 ipsec-isakmp
set peer 69.X.176.34
set transform-set ESP-3DES-MD5
match address 102
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0
description Cable_Link
mac-address 0006.25d8.ea24
ip address 69.X.X.139 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map TUNNELMAP
!
interface FastEthernet1
description DSL_Link
ip address 192.168.1.1 255.255.255.0 secondary
ip address 74.X.15.X 255.255.255.0
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map TUNNEL2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1400
ip policy route-map PBR
!
interface Vlan2
no ip address
shutdown
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
ip route 10.10.10.0 255.255.255.0 69.65.81.1 track 111
ip route 69.X.X.34 255.255.255.255 69.65.81.1 track 111
ip route 0.0.0.0 0.0.0.0 74.164.15.1 track 122
ip route 0.0.0.0 0.0.0.0 69.65.81.1 track 123
ip route 10.10.10.0 255.255.255.0 74.164.15.1 250
ip route 24.X.X.168 255.255.255.255 69.X.X.1 permanent
ip route 69.X.X.34 255.255.255.255 74.X.X.1 250
ip route 205.X.X.23 255.255.255.255 74.X.X.1 permanent
!
ip dns server
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map isp1 interface FastEthernet1 overload
ip nat inside source route-map isp2 interface FastEthernet0 overload
ip nat inside source static tcp 10.10.1.50 80 interface FastEthernet1 80
ip nat inside source static tcp 10.10.1.50 3389 interface FastEthernet1 65051
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 23 permit 171.X.X.213
access-list 23 permit 10.10.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 deny ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 permit ip 10.10.1.0 0.0.0.255 any
access-list 102 permit ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 199 permit ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
no cdp run
!
!
!
route-map PBR permit 10
match ip address 199
set ip next-hop 1.1.1.2
!
route-map isp2 permit 10
match ip address 100
match interface FastEthernet0
!
route-map isp1 permit 10
match ip address 100
match interface FastEthernet1
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Note: you might want to remove your VPN shared secret

by robo_dev In reply to Cisco 1811 drops connecti ...

before posting here...not a huge risk, but you never know who is reading this.

Collapse -

Reponse To Answer

by devitocoke In reply to Note: you might want to r ...
Collapse -

Is there a DSL modem hanging off the router?

by robo_dev In reply to Cisco 1811 drops connecti ...

typically there's more to the DSL config than you have listed.

Collapse -

A couple of things I've noticed.

by BroadcastArashi In reply to Cisco 1811 drops connecti ...

I think you may want to look at the following commands. Perhaps moreso because I don't fully understand the syntax. But It seems to me that "rtr 1", "rtr 2", and "rtr 3" are not defined in the config, and I doubt they're DNS entries as they have a space in them.

#This statement determines whether or not the route is up.
track 111 rtr 3 reachability
#This statement indicates that this route is at the default administrative distance of 1, and is determined if it's up by the track 111 command
ip route 10.10.10.0 255.255.255.0 69.65.81.1 track 111
ip route 69.X.X.34 255.255.255.255 69.65.81.1 track 111
#This statement indicates that this route is at a non default administrative distance of 250, meaning that it is only used if all other static and dynamic routing protcols do not have a route, if they're using the default settings. This route is not tracked, and recovery of the primary link is by the route with the superior administrative distance coming back up and taking over.
ip route 10.10.10.0 255.255.255.0 74.164.15.1 250
ip route 69.X.X.34 255.255.255.255 74.X.X.1 250

track 122 rtr 2 reachability
delay down 30 up 5
!
track 123 rtr 1 reachability
delay down 30 up 5
...
#Here the IP route for both of these routes have the same administrative distance. Could this be the cause of your problem? Set the Cable default route with the default administrative distance by not changing it, and set the DSL administrative distance higher using the "ip route <network> <subnet-mask> <next-hop> <administrative-distance> track <tracking-number>" command. Don't forget to no the command first to delete it.
ip route 0.0.0.0 0.0.0.0 74.164.15.1 track 122
ip route 0.0.0.0 0.0.0.0 69.65.81.1 track 123

#These forwardings are only on the DSL interface. If the DSL goes down, these forwardings will not work. I've always wondered how to fix this.
ip nat inside source static tcp 10.10.1.50 80 interface FastEthernet1 80
ip nat inside source static tcp 10.10.1.50 3389 interface FastEthernet1 65051

Also, don't forget to share your experiences with us, including what worked and what you discovered.

Collapse -

Reponse To Answer

by devitocoke In reply to A couple of things I've n ...

Thank you, this explanation was great of you.

Collapse -

Reponse To Answer

by devitocoke In reply to A couple of things I've n ...

I think I need to dig in a learn Cisco IOS. Anyone can point at some resources that will get me going quickly?

Collapse -

RTFM

by Spitfire_Sysop In reply to Cisco 1811 drops connecti ...

It's a big book but it has all you need to know:
CCNA: Cisco Certified Network Associate Study Guide: (Exam 640-802)
http://search.barnesandnoble.com/CCNA/Todd-Lammle/e/9780470110089?r=1&cm_mmc=BingShopping-_-YFJ1234-_-9780470110089-_-none

You can skip to the router section if you just want to get the few commands you will need. Having the book will help you out more later on.

Collapse -

Reponse To Answer

by devitocoke In reply to RTFM
Collapse -

IOS assistance

by Pierre M-M In reply to Cisco 1811 drops connecti ...

In addition to Todd Lammle's book (and try Amazon.com as well as Barnes and Noble) I'd suggest that you go to www.cisco.com as Cisco have one of the best documentation sites in all of cyberspace.

A search for IOS give many choices but the following would be a good start.

It's their "Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2" and the links are -

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html

where you can can read the 'book' in html or

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcfbook.pdf

which will download the pdf copy for you and like all Cisco documentation it's free!

All the best and btw I fully agree with the advice to delete passwords (all of them) from your config file before posting it online!

Collapse -

Reponse To Answer

by devitocoke In reply to IOS assistance
Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums