Take advantage of our commitment to Fanatical Service, enhance your Peace of Mind and get Fully Managed™.
In the process of researching how to configure WAN interface failover in IOS (Cisco), I came across a few different ways of doing it, but have opted for the solution below, which relies on a backup static route, using object tracking to keep the primary route up.
Small business with a single router (i.e Cisco 1811 ISR), has two ISPs, and would like to use one ISP as the main provider, and the second ISP as a backup in case the first one fails.
1) Configure each WAN interface to connect to each ISP, respectively:
interface FastEthernet 0/0
ip address 10.1.1.1 255.0.0.0
interface FastEthernet 0/1
ip address 10.2.2.2 255.0.0.0
2) Create the Route Maps that will be used for NATting traffic:
route-map isp1-primary permit 10
match ip address 100
match interface FastEthernet0
route-map isp2-backup permit 10
match ip address 100
match interface FastEthernet1
Note: ACL 100 allows traffic from the LAN.
3) Configure the two NAT statements required so that either interface can provide NATting, out each respective WAN interface:
ip nat inside source route-map isp1-primary interface FastEthernet0 overload
ip nat inside source route-map isp2-backup interface FastEthernet1 overload
4) Setup a “Tracking Object”:
ip sla 100
icmp-echo 220.127.116.11 source-interface Fastethernet0
Note: This tracking object will ping 18.104.22.168 (Google’s DNS servers) through Fastethernet0 (Primary WAN interface) every 3 seconds, and will timeout in 500 ms if a response is not received.
5) Create a schedule for the tracking object to run:
ip sla schedule 100 life forever start-time now
Note: This starts the tracking immediately, and stays on indefinitely.
6) Track the object:
track 100 rtr 100 reachability
delay down 10 up 20
7) Update your static routes:
ip route 0.0.0.0 0.0.0.0 FastEthernet0 <next-hop> track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet1 <next-hop> 10
Note: The first static route is installed as long as the tracked object (100) doesn’t fail. The second static route would take over traffic if the first route is not installed, since its priority (administrative distance) is lower.