Tech Lab /
Get Started

Take advantage of our commitment to Fanatical Service, enhance your Peace of Mind and get Fully Managed®.

Configuring WAN Interface Failover in Cisco IOS

Luis Giraldoby Luis Giraldo @ Fully Managed™
Posted 6 years ago

In the process of researching how to configure WAN interface failover in IOS (Cisco), I came across a few different ways of doing it, but have opted for the solution below, which relies on a backup static route, using object tracking to keep the primary route up.

Small business with a single router (i.e Cisco 1811 ISR), has two ISPs, and would like to use one ISP as the main provider, and the second ISP as a backup in case the first one fails.

1) Configure each WAN interface to connect to each ISP, respectively:

interface FastEthernet 0/0
description primary-WAN
ip address

interface FastEthernet 0/1
description backup-WAN
ip address

2) Create the Route Maps that will be used for NATting traffic:

route-map isp1-primary permit 10
match ip address 100
match interface FastEthernet0

route-map isp2-backup permit 10
match ip address 100
match interface FastEthernet1

Note: ACL 100 allows traffic from the LAN.

3) Configure the two NAT statements required so that either interface can provide NATting, out each respective WAN interface:

ip nat inside source route-map isp1-primary interface FastEthernet0 overload
ip nat inside source route-map isp2-backup interface FastEthernet1 overload

4) Setup a “Tracking Object”:

ip sla 100
icmp-echo source-interface Fastethernet0
timeout 500
frequency 3

Note: This tracking object will ping (Google’s DNS servers) through Fastethernet0 (Primary WAN interface) every 3 seconds, and will timeout in 500 ms if a response is not received.

5) Create a schedule for the tracking object to run:

ip sla schedule 100 life forever start-time now

Note: This starts the tracking immediately, and stays on indefinitely.

6) Track the object:

track 100 rtr 100 reachability
delay down 10 up 20

7) Update your static routes:

ip route FastEthernet0 <next-hop> track 100
ip route FastEthernet1 <next-hop> 10

Note: The first static route is installed as long as the tracked object (100) doesn’t fail. The second static route would take over traffic if the first route is not installed, since its priority (administrative distance) is lower.

Alberta's Best Workplace 2013

Creating Peace of Mind for businesses and non-profits across North America since 2002.
© 2017 Fully Managed Inc. All rights reserved. Contact Us. Privacy.