Cisco 1811 drops connection and failover does not work? - TechRepublic
TechRepublic | Forums | Networks
Networks
Question
May 18, 2011 at 08:59 AM
#2209936
devitocoke

Cisco 1811 drops connection and failover does not work?

by devitocoke . Updated 15 years, 1 month ago

I have a Cisco 1811W router, I also have 2 internet connections. A Cable modem and a DSL connection. The cable Modem provide internet through FE0 and the DSL through FE1. However it seems failover is not working, What I would like is for one internet connection to take over if the other one drops out. How could I go about configuring this? I inherited this system, so bare with me I do not know a thing about IOS codes. Also the Cable Modem internet is always up, but the router loses connection at time and just stays offline and i have to turn it off and on. How do I know if the router is failing, can i pull a log to check that? I appreciate any help I can get with this. Thanks. I need to learn IOS.
Here is the current config, what does all of this mean?
————————-
!This is the running config of the router: 10.10.1.1
!—————————————————————————-
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname companyname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging on
enable secret 5 $1$EqWAQ.
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1 10.10.1.99
ip dhcp excluded-address 10.10.1.151 10.10.1.254
!
ip dhcp pool sdm-pool1
import all
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 10.10.10.50 10.10.1.1
netbios-name-server 10.10.10.50
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name companyname.com
ip name-server 24.X.X.167
ip name-server 24.X.X.168
ip name-server 205.X.X.23
ip name-server 205.X.X.X
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT101 cuseeme
ip inspect name DEFAULT101 ftp
ip inspect name DEFAULT101 h323
ip inspect name DEFAULT101 icmp
ip inspect name DEFAULT101 netshow
ip inspect name DEFAULT101 rcmd
ip inspect name DEFAULT101 realaudio
ip inspect name DEFAULT101 rtsp
ip inspect name DEFAULT101 esmtp
ip inspect name DEFAULT101 sqlnet
ip inspect name DEFAULT101 streamworks
ip inspect name DEFAULT101 tftp
ip inspect name DEFAULT101 tcp
ip inspect name DEFAULT101 udp
ip inspect name DEFAULT101 vdolive
ip sla 1
icmp-echo 24.X.X.168 source-ip 69.X.X.X
timeout 1500
frequency 30
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 205.X.X.23 source-ip 74.X.X.X
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 24.X.X.168 source-ip 69.X.X.139
timeout 1500
frequency 5
ip sla schedule 3 life forever start-time now
!
!
crypto pki trustpoint TP-self-signed-1347290545
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1347290545
revocation-check none
rsakeypair TP-self-signed-1347290545
!
!
crypto pki certificate chain TP-self-signed-1347290545
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333437 32393035 3435301E 170D3037 30333033 32313236
32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33343732
39303534 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CDE3 BEF1EDD4 646F2012 92795A7D 669FC3CE 65F4F042 068DE896 7CEA5288
3921F52F 8D9CA9EC 936AA9EE C008C4FA AD66D14D 4659878A 6F3C2D17 EC69C864
A19865A7 6AF08E67 3A3B52A7 D2E1EC1B A96AF64A 7719B751 25D36985 AFFADCDA
240178D4 299C307D 7988B88C 1556770C F594D04B 58349E44 DAB010D8 EEC439D8
33370203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 154D4943 5249554D 30322E6D 69637269 756D2E63 6F6D301F
0603551D 23041830 168014C8 98665892 2A6E3342 E4D306AC 0536F3E6 B9568F30
1D060355 1D0E0416 0414C898 6658922A 6E3342E4 D306AC05 36F3E6B9 568F300D
06092A86 4886F70D 01010405 00038181 0006BB97 529F8AE8 1651D5B8 A1CED454
EEFCE038 765F5421 A2CA0533 AF599798 67826AEC 480F8CA2 7EF31162 B625B781
ABC1232E 9CC049E7 CED817D7 61CED524 C8F6E148 0CFED3DE 35F015CA F71F98D5
EF4E1FF3 302A059C 4139A606 95DB83F4 07770F35 B6918C35 8FBE9BC0 22273795
DE2C61F6 6DAA3550 2DF33E56 2CB09BA8 7D
quit
username admin privilege 15 secret 5 $1$0H1v$mJ2CHQjqAmTqzd/xtjpEk1
!
!
track 111 rtr 3 reachability
!
track 122 rtr 2 reachability
delay down 30 up 5
!
track 123 rtr 1 reachability
delay down 30 up 5
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key sabrina1 address 69.X.176.34 no-xauth
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map TUNNEL2 10 ipsec-isakmp
set peer 69.X.176.34
set security-association lifetime seconds 600
set transform-set ESP-3DES-MD5
match address 102
!
crypto map TUNNELMAP 10 ipsec-isakmp
set peer 69.X.176.34
set transform-set ESP-3DES-MD5
match address 102
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0
description Cable_Link
mac-address 0006.25d8.ea24
ip address 69.X.X.139 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map TUNNELMAP
!
interface FastEthernet1
description DSL_Link
ip address 192.168.1.1 255.255.255.0 secondary
ip address 74.X.15.X 255.255.255.0
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map TUNNEL2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1400
ip policy route-map PBR
!
interface Vlan2
no ip address
shutdown
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
ip route 10.10.10.0 255.255.255.0 69.65.81.1 track 111
ip route 69.X.X.34 255.255.255.255 69.65.81.1 track 111
ip route 0.0.0.0 0.0.0.0 74.164.15.1 track 122
ip route 0.0.0.0 0.0.0.0 69.65.81.1 track 123
ip route 10.10.10.0 255.255.255.0 74.164.15.1 250
ip route 24.X.X.168 255.255.255.255 69.X.X.1 permanent
ip route 69.X.X.34 255.255.255.255 74.X.X.1 250
ip route 205.X.X.23 255.255.255.255 74.X.X.1 permanent
!
ip dns server
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map isp1 interface FastEthernet1 overload
ip nat inside source route-map isp2 interface FastEthernet0 overload
ip nat inside source static tcp 10.10.1.50 80 interface FastEthernet1 80
ip nat inside source static tcp 10.10.1.50 3389 interface FastEthernet1 65051
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 23 permit 171.X.X.213
access-list 23 permit 10.10.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 deny ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 permit ip 10.10.1.0 0.0.0.255 any
access-list 102 permit ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 199 permit ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
no cdp run
!
!
!
route-map PBR permit 10
match ip address 199
set ip next-hop 1.1.1.2
!
route-map isp2 permit 10
match ip address 100
match interface FastEthernet0
!
route-map isp1 permit 10
match ip address 100
match interface FastEthernet1
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

This discussion is locked

All Comments