How To Configure Dual ISP Failover on a Cisco Router With a Dynamic Public IP Address

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone what's going on this is rob here welcome back to the channel and in this video i'm going to show you how to set up redundant internet service provider connections uh out to the internet using a cisco router so in a previous video i covered this but that was more along the lines of if you have a business account where all of the ip addressing is static so it's really easy to just tie your static default route to a tracking object which is withdrawn from the routing table in the event that uh the ipsla monitor fails to uh get a icmp echo reply from a well-known address on the internet uh if that uh service provider were to have problems so with the residential account uh all that ip addressing information is dynamic because you're going to receive it uh from a dhcp server uh so the configuration's a little bit different and that's why i wanted to make this video uh was to show you the configuration uh surrounding uh how to accomplish something like this so i'm going to take one of these routers in my lab here and essentially just uh on each of their interfaces simulating redundant isps i'm going to plug into two different vlans on my production network so that way i can just obtain an ip address via dhcp and then i'll show you how you would set it up okay so let's open up putty and uh connect to the router i believe it's com six i have two uh cables connected here to different pieces of equipment in my lab i'd actually it might become four might become four is it com4 is it column six it's com4 okay so let's do a show ip interface brief okay we have a gig uh zero slash zero and gig zero slash one uh both are up and up uh typically these will be shut down by default uh but i did a quick test before i started recording just to make sure that everything was going to work so i just defaulted the interfaces so but otherwise you would go in there and do a no shutdown so let's start by entering interface configuration mode on each of these interfaces and what i'm going to do is i'm going to designate a gig 0 as the primary uh provider and gig one as the secondary we'll go to interface gigabit zero slash zero let's put a description in there just for fun but lan one and uh so being that uh the isp connected to uh or should i say the uh the isp since uh i i kind of uh faking the scenario by uh plugging uh each of these interfaces into two different vlans on my uh lancor switch to simulate two different providers um um we are going to uh sorry i just uh losing my train of uh train of thought here uh for a second um yeah so anyways yeah so gig zero slash zero being the uh primary uh first we want to issue the ip dhcp client uh client uh what is it client uh client route track i believe yeah client route track okay so ipdhcp client route track and then whatever tracking number we want so what we're going to be doing is tracking a well-known um ip address on the internet to basically see if uh isp1 is up or down and if it goes down uh we're going to fail over to isp2 kind of like what i showed in uh one of my videos where i went over how to do this with uh like if you have a business account where you're going to be um you're going to be working with static ips so the the ip addressing is going to be static typically your provider will assign you like a transit subnet and then route your statics to you and uh with that being said you can just create a default route pointed at the uh the ip address of their router on the other end is your default gateway and then track it that way so since this is um all the addressing information is obtained via dhcp we have to do it this way so ipdhcp client route track and i'm going to say um i'm going to say track three right you can put whatever whatever it is that you want uh it's your choice so uh the next step is to give it an ip address so we'll go ip address dhcp and so we see that we were assigned via dhcp the ip address of 10.0.14.12 with a slash 24 subnet mask now we're not actually going to see a default in the routing table at this point because we issued this command up here so and we didn't we didn't create tracking object three yet we're not tracking anything so as far as the router is concerned this is down there's going to be no static route in the um it's no static default route in the routing table because once you obtain that information via dhcp it will automatically stick a static default uh in the routing table for you and um the reason i chose track three is because i'm going to give you a little bit of a bonus i'm going to track two well-known addresses on the internet and show you how to uh create like an aggregate tracking object to keep track of both of those and the reason for that is it's because say you're pinging um like google's dns server 8.8.8.8 um say that were to go down i mean that's going to be pretty rare but if it did happen that would take down your primary internet connection all because of an issue that another service out there was experiencing so uh to kind of mitigate that uh potential issue i'm going to track two addresses and then create an aggregate tracking object so i'll have track one track two and the aggregate will be track three now you don't have to do it this way like i said it's kind of like a little bit of a bonus uh but this is the way i'm going to do it for this tutorial so um i'm gonna go actually first i'm going to go iprout quad zero quad zero interface or uh not interface uh gigabit zero slash zero dhcp and i'm going to assign this uh an administrative distance of one i should have just left dhcp do its magic in showed you before i added that ipdhcp client route track command because it would have added a static route is the default gateway with an administrative distance of i believe 254. so in order to keep this primary because we haven't configured interface gig zero slash one yet which will be our second ip or isp we want this to have a lower administrative distance so that way it is it is the better choice of routes in the routing table because the uh following the rules of route specificity uh it it goes prefix length uh administrative distance and then metric so uh administrative distance doesn't matter if you have two routes and the prefix length is different so say you had a a slash 27 and then a slash 24 the slash 27 will be the more specific route because it has a longer prefix it's more specific so that will also be in the uh routing table so but if you have two equal routes so like a default here quad zero route uh prefix length is the same so now we're looking at administrative distance so for the primary isp we want to make sure that it is one and then the secondary if this goes down the secondary will have an administrative distance of 254. okay all right so ip route quad zero gig zero zero dhcp administrative distance of one now i'm going to move on to creating the tracking object that is going to be responsible for determining if um this provider is up or down so we'll start with ipsla and i'll give it a number of one we'll go icmp echo and i'll do 8.8.8.8 source interface gig zero zero i'll do frequency 10. exit out of that and then ipsla schedule one start time now life forever then track one so now we want to bind this ipsla probe to tracking object one so i'll go track one ipsla one reachability okay now ipsla now uh like i said before if you wanna stop here if you wanna just track one one address and that be the determining factor if your primary isp is up or down then you could just do this bind it to the tracking object and then stick it um stick it on this command right here so we're going to do a uh create a secondary so i'll go ipsla2 icmp echo and then i'll say 4.2.2.2 source interface gig zero slash zero frequency ten okay ipsla uh schedule two start time now life forever track to ipsla to reachability okay i'll issue a do show track brief we see we have our two ips la monitors which are both down by the way and the reason for that is is because we don't have a default route so after i'm done creating this aggregate tracking object this track three i'm going to show you why that is and how we can steer this traffic these icmp echo requests to make sure they go out the interface for isp1 and the reason we want to do that is well for starters you can see that they're down right now but we haven't configured isp2 so if we did then those icmp echo requests would go out the interface for isp2 and it would think that the route was or the isp1 was up it would take that default route put it back in the routing table which would then fail again because isp1 if if isp1 was really down then uh uh it would fail again which would then cause isp2 to become the default route pointing to isp2 to become active in the routing table icmp echoes would go out or isp2 and uh you know that route would flat back and forth so we will be creating a route map to basically tell the router hey any icmp traffic that you're generating you need to go out gigabit uh zero slash zero for uh isp one and uh the next top will be the dhcp um default gateway that you receive okay so let's create that aggregate object so uh once again we went up here and issued the dhcp client route track three command so we'll go track three whoops list list threshold percentage and then object one object two do show track three so track three being the aggregate object or tracking object is going to be looking at one and two so this needs to be 100 down for track three to be down so say 8.8.8.8 went down for whatever reason uh that would only uh make object one down object two would still be up so track three would remain up you wouldn't fail over you would only fail over if there was actually a problem with uh that service provider and traffic wasn't making its way through unless of course you have the uh unlucky event of um uh 8.8.8.8 going down oh and 4.2.2.2 going down which is extremely rare i don't think that's gonna happen um and then before i move on one last thing let's go back into track three and let's set a delay we'll say and you can put this whatever it's whatever you want sometimes there's going to be a missed icmp echo reply and there might be a now we've kind of like mitigated that by adding two so if one doesn't get a reply the other one will probably still be up but i still like to put a delay just in case especially if there's high traffic a large volume of traffic going through the router it can cause that to happen and i've had instances where i've been um in the middle of large downloads and it's caused the uh on my network the uh providers to switch back and forth from the primary provider in sprint which is my backup provider so you can either qos that traffic or you can just uh implement this delay value to give it some time to work itself out to see if it's really down or not so we'll go delay down i'll just go with 20 seconds on my network i actually have it set to 40. i think that's fair um like i said with with uh large downloads uh uh utilizing a lot of uh ban bandwidth uh for uh uh um you know a long amount of time can actually cause this this psla monitor to time out um quite a few times so i have mine in my production networks at the 40 but you know 20 i'm just going to use 20 for this example again you can put it to whatever you want you can play around with it if you think you have issues you can change it later whatever you want to do and then for up i'm also going to put 20 because you want to make sure that the circuit is stable before it comes back up right so maybe there's like a little like a brief uh period of time where you you get a reply and it's like oh the internet's back and then it's like okay tracking objects back up routes back in the writing table it's like oh actually it's not so um again you could set this to higher you you don't have to put a delay for up but we'll just do delay down 20 up 20. so it's going to take an additional 20 seconds for this to be declared down an additional 20 seconds for it to come back up do show track brief okay and we're down down down we need to create that route map so first um first we need an access control list uh an extended one to be specific because we need to tell the router hey any icmp traffic going to 8.8.8.8 or 4.2.2.2 originating from you you need to send out um this way which is gig zero slash zero in our case so we'll go ip access list extended um i'll put our map primary isp we'll go permit icmp any to host 8.8.8.8 permit icmp any to 4.2.2.2 uh and i forgot the hosts forgot the host there we go do show access list okay access list rmap primary isp we have lines 10 and 20 in there and now we'll move on to sticking that in the route map so we'll go route map primary isp permit 10. match ip address match this access list right here match ip address rmap primary isp and then set interface gigabit zero zero okay and then set ip set ip next hop uh dynamic dhcp okay do show run pipe section route map so here's our route map so route map primary isp permit 10 we want to match this ip address which is an access extended access list that says hey any icmp traffic going to 8.8.8.8 or 4.2.2.2 originating from the route well the route map doesn't say that we're going to add an iplocal policy statement that will say that so once we do that it'll say any icmp traffic coming from the router uh we want to set the um ip next top to the dynamic next top for the default gateway we got via dhcp and make sure that interface is gig zero zero um another thing is you know what sometimes i'll do this as well just just to be extra safe that it's not going to go anywhere else we'll add null zero to the end as well so that way if the cable were to come unplugged well i guess if that were to happen in the scenario it wouldn't matter anyways because even if traffic icmp traffic was then going through isp2 and it would think that was back up it wouldn't come back up because the interface would be down but either way let's put the null zero there to be safe better safe than sorry right okay and then now we're going to apply this to the apply it to the control plane of the router i guess so iplocal policy route map and then primary isp now as soon as we apply this we should have our tracking objects come up it was going a little slow there for a second something in like the i think they should come up and now we have that delay on track three so it's going to be a second i just want to show you really quick we still don't have that default as soon as track three comes up oh it just came up do show iprout boom here's our uh static default route that was placed in the routing table telling us that all traffic is going to go out uh to 10.0.14.1 uh a gigabit zero zero so now i should be able to well i have 8.8.8.8 and 4.2.2.2 for the icmp well i guess it doesn't matter i mean obviously they're getting out to the internet because the tracking object went up but i wanted to show you uh just kind of a test to show you that we do have internet connectivity so i'll go ping i'll do like one open dns dns servers uh one of opendns's dns servers so do ping 208.67.222.22 okay all right so let's configure isp2 which is on gig zero slash one which is really simple do a no shutdown and ip address dhcp that's all you have to do it's going to obtain an ip address via dhcp and the magic is really what we just configured um just a moment ago so that's not going to uh come into play in the routing table unless this goes down and i'll show you really quick by unplugging the unplugging the cable what happens and now even though even though track three is still up we didn't have to wait out that delay because the interface the interface is now down so but do you see that as soon as we pull that now we have a default route going out via 10.0.50.4 and that's that um administrative distance i was talking about of 254. so now we go do paying 208.67222 we have internet connectivity via isp 2. okay but we're not finished yet well it really all depends on how long you want to watch this video if that's all you wanted to know then then you're pretty much all set we still have a nat to worry about and if we wanted to configure a lan side of the router in a dhcp pool on the router so that's something uh i'm not going to go too much in depth with uh because that's not really entirely what this video is about so i'm just going to kind of bang out the configuration really quick but if anybody's interested in seeing how this is done feel free to stick around and uh watch me watch me set it up so we have two two interfaces primary in the secondary so isp1 isp2 we need to configure uh nat and we need to attach uh we need to attach a route map to the nat configuration so uh so that way the router knows what uh address pool or what interface to translate the private rfc 1918 addresses to when they go out so um you can't have addresses from say you have um say you have spectrum and comcast you can't have spectrum addresses going out to comcast your comcast address is going at the spectrum so um we definitely need to um create a policy and not to basically say hey if you're going up the spectrum interface and add it to this if you're going out the comcast interface now to that because the other provider will most likely they'll have a firewall or something like that or access control lists on their end they'll block those addresses and um won't work that way it's not like when you run uh like the way the internet really is when you're running bgp with multiple providers you could actually probably get away with routing addresses through another provider that they're not actually advertised to because in that scenario when you're running bgp you own your own addresses and you advertise them using bgp that totally different scenario not what this video is about at all so anyways i need to quit talking and just get on with the nat configuration so we'll go gig zero slash zero that will be ipnot outside get zero slash one i peanut outside and then we'll say that gig zero slash two is going to be our lan interface where we'll have a switch we'll have a switch connected to uh gig zero slash two so it'll be ip net inside all right and then let's go um let's say that our internal uh address range is going to be a private class c address so i'll go i p access list extended nat and then i'll say permit ip19216 1.0 this will be our internal subnet a wild card mask of zero zero zero two five five to any okay now let's create our first route map so that will be i'll name it nat nat isp1 okay so we'll match match ip address nat so it'll it will only nat addresses that are um source from our uh subnet that we defined in this access control list so one nine two one six eight one dot zero twenty four subnet and then match interface gigabit zero slash zero because remember gigabit zero zero is the primary isp all right so now we'll go route map nat isp2 we're going to match the same uh access list except we're going to match interface gig zero slash one okay now that you've created the route maps the next step is to add them into your nat statement so we'll go ipmat inside source route map and then we'll go nat isp1 and then we'll specify now here you can specify an interface or a pool uh in this case we're going to specify an interface and we are going to translate private addresses to the same address that sits on isp one's gig zero slash zero interface and of course don't forget the overload command so we'll do port address translation all right and then same thing for isp2 except that's on gig zero slash one so we want to overload those private addresses to the address that sits on gig zero slash one uh for isp2 so we'll change the route map so ipnet inside source route map nat isp2 and add it to interface gig zero slash one overload all right um so let's configure gig 0 2 which will be our lan interface and i'll assign an address of 192.168.1.1 24 subnet mask no shutdown i think we already did the ipnet inside we did okay and then what i'm going to do is after i configure the dhcp pool here i'm going to actually plug uh plug into uh port uh or interface gig zero slash two on the router see if i obtain an ip address and uh see if i have internet connectivity and then test uh failover okay so let's just create a really simple dhcp pool so dhcp pool i'll just put lan the network is 192.168. uh what do we have going on here finish processing okay uh 192.168.1.0.20 and i forgot my dot okay uh default router will be 192.168.1.1 and then dns i'll specify 1.1.1.1 8.8.8.8 it's a backup okay so we should be we should be set so we're going to plug in let me just make sure if i uh okay if i unplug this from the network i'm not going to disrupt any communication uh that is needed for this video i hope let's try it okay all right so let's take this cable right here and i'm going to plug it into the computer i'm on right now i'm going to scoot my chair back and plug the other end into gig zero slash two on the router that we're on okay denying protocol and gig zero slash two changed to up this looks promising let's uh go into command prompt do an ipconfig and we have an address ipconfig all um yep there's our dns servers let's um let's see if we can get out to the internet um just looking for one thing okay 1.2 so if there's ever a scenario where you want to avoid certain addresses being allocated from the dhcp pool you would go ip dhcp it already knows not to do the 1.1 because that was set as the default gateway so we would go ipdhcp excluded address and then you put your address ranges there all right so let's see if we have a simple communication up to the internet so i'll ping google nice let's open this and we'll go to google.com speedtest.net perfect okay so the last thing is we're going to test uh failover um i'm trying to think of the best way to do this because uh as you know um i mentioned the fact that this is plug the uh these uh cables simulating the two different isps are plugged into my lan core switch on different vlan so uh there's really no way for me to simulate an isp failure uh except um pulling the cable so which it really isn't a uh you know i mean i guess that's a failure but it's not like uh you know isp one actually went down so i guess what i could do is is i could uh i guess i could get rid of the ipsla probes for um track one and two i guess that will simulate a lack of reachability which will make track three go down we'll fail over to isp2 so let me try that so i'll go no ipsla one or two should be going down down down and then we still have that 20 seconds to wait out to make sure that it's actually down so in the meantime we will still have the primary route out gig zero slash zero no oh it must have just oh no of course it's still going to work because i just isp1 actually isn't down i just deleted the uh tracking objects okay or the ipsla monitor all right so here we go uh we fell over to isp2 uh we see that our new uh default is out to uh 10 050.4 and we should still be good to go all right and that is how you configure uh redundant uh isp connections uh residential isp connections using a cisco router thanks for watching this video i really hoped you learned something and if you have any questions please don't hesitate to reach out you can leave a comment in the comment section below you can use the contact form on my website which is uh rmtechcentral.com or you can send me an email to rob at rmtechcentral.com uh again thanks for watching and i'll see you in the next video
Info
Channel: Robert Mayer
Views: 1,945
Rating: 5 out of 5
Keywords: Cisco, Dual ISP, ISP Failover, WAN Failover, Internet Redundancy, Service Provider Redundancy, Dual WAN, Dual Wan Circuits, Dual WAN Router, DHCP, IP SLA, Cisco Tracking, Cisco Tracking Threshold Percentage, CCNA, CCNP, How configure Dual ISP Failover on a Cisco Router
Id: cbfWjv8s4VA
Channel Id: undefined
Length: 34min 56sec (2096 seconds)
Published: Thu Mar 04 2021
Related Videos
Connect Cisco Router and Switch to ISP Home Router and Access Internet
Cisco Config
14K
BGP Load Sharing Dual router with ISP- Complete Design and Configuration
Sandeep S
9.5K
Configuring and Explaining HSRP + Interface Tracking | Network Redundancy
Robert Mayer
168
Implementing a Multiple ISP Configuration Using VRFs & MP-BGP | Just Another Design to Consider
Robert Mayer
142
Subnet Mask - Explained
PowerCert Animated Videos
94K
Cisco CLI for Beginners | Network Fundamentals Part 10
Network Direction
115K
Standard Access Control Lists (ACLs) | Cisco CCNA 200-301
Keith Barker
19K
Firepower 1010 & Firepower Device Manager
Aaron McDaniel
13K
Port Forwarding Explained
PowerCert Animated Videos
1.6M
Synology First Time Setup Guide for Beginners - 2021
NASCompares
31K
Basic DHCP Setup on Windows Server 2012
Eli the Computer Guy
738K
How to Connect to a Cisco Switch Using Putty (CCNA)
David Bombal
83K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.