Broadbands connectivity topology/config

asfandyar779514494 · ‎09-19-2023

Hi,

I have configured a small topology with 2 x RTRs and 2 x SWs and have 2 ISPs and have configured HSRP for failover. I have connected ISP 1 to RTR 1 and ISP 2 to RTR 2, now vlan 10(ISP 1) that is for ISP 1 is working perfectly fine in SW 1 while not working in SW 2 and same for vlan 20 (ISP 2 vlan) which is working in SW-2 but now in SW-2.

I am giving default route towards the ISPs gateway for both RTRs, RTR 2 configuration is identical to RTR 1 and priority is higer for subif gig0/0.20.

Yes both switches have been connected using trunk carrying both vlans

Below config for your reference and Topology attached

ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool Treasury_ETI
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
dns-server 213.42.20.20
!
ip dhcp pool Treasury_DU
network 192.168.20.0 255.255.255.0
default-router 192.168.20.2
dns-server 91.74.74.74
!
track 1 ip sla 1
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
description *** ETI_Vlan-10 LAN_INT***
encapsulation dot1Q 10
ip address 192.168.10.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 1 ip 192.168.10.1
standby 1 priority 110

standby 1 track 1 decrement 20
!
interface GigabitEthernet0/0.20
description *** DU-Vlan-20 LAN_INT***
encapsulation dot1Q 20
ip address 192.168.20.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 2 ip 192.168.20.1
standby 2 preempt
!
interface GigabitEthernet0/1
description *** WAN - CONNECTED-TO-ETISALAT-ONT***
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
shutdown
duplex auto
speed auto

!
ip nat inside source list NAT_LIST interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!
ip access-list standard NAT_LIST
permit 192.168.10.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
!
ip sla 1
icmp-echo 2.49.8.1
frequency 5
ip sla schedule 1 life forever start-time now

balaji.bandi · ‎09-19-2023

is this router 2 config :

1. your Interface in shutdown mode :

nterface GigabitEthernet0/1
description *** WAN - CONNECTED-TO-ETISALAT-ONT***
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
shutdown
duplex auto
speed auto

2. if this is configured HSRP - make sure Rotuer 2 VLAN 20 is active so that ISP2 can be used for the VLAN 2 ?

3. your DHCP should point to HSRP VIP IP as router IP .1 (not 2)

Note : another question why do you need HSRP - if you decided to use ISP1 Router 1 and Switch and ISP 2 router 2 and switch 2 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

asfandyar779514494 · ‎09-19-2023

Hi

Int gig 0/1 was shut down for testing purpose only.

Yes HSRP is configured for gateway redundancy.

For DHCP I will update the config and test.

I want to use HSRP if incase ISP -1 goes down then I can have secondary ISP for the SW - 1 traffic and vise versa.

balaji.bandi · ‎09-19-2023

Sure you looking Equally use both the ISP and in case one of the fails shift to other ISP

for that one you need add more configuration and test it.

Make sure the end device able to ping Gateway and 8.8.8.8 before proceed next test.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Giuseppe Larosa · ‎09-19-2023

Hello @balaji.bandi

>> 3. your DHCP should point to HSRP VIP IP as router IP .1 (not 2)

this is the key point and this explains why in case of fault of one router things are broken for one subnet

@asfandyar779514494 you need the default static routes towards the ISPs the last specific static routes are useless

Hope to help

Giuseppe

asfandyar779514494 · ‎09-19-2023

Hi,

So I dont have access to the routers right now, but I was thinking to remove the default routes and configure static routes,

will below static routes help in what I am trying to achieve

ip route 192.168.10.0(vlan 10) 0.0.0.0 255.255.255.0 192.168.100.1 (ISP 1)

ip route 192.168.20.0(vlan 20) 0.0.0.0 255.255.255.0 192.168.70.1(ISP 2)

ip route 192.168.10.0(vlan 10) 0.0.0.0 255.255.255.0 192.168.70.1 (ISP 2) 20

ip route 192.168.20.0(vlan 20) 0.0.0.0 255.255.255.0 192.168.100.1(ISP 1) 20

balaji.bandi · ‎09-19-2023

that ok static route point - is the switch in stack ?

Look at the example :

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

asfandyar779514494 · ‎09-19-2023

Switch is not in stack, I am running port channel between switches

asfandyar779514494 · ‎10-30-2023

Hi Guys,

Just an update, this topology/config is working fine but I tried to do one change and got stuck, so I change the WAN interface IP from DHCP to static(tried the same IP that I was getting from DHCP and some other IP as well) but browsing doesnt works, I am able to ping 8.8.8.8, but not able to resolve any webpage.

What could be the issue.