 1841 и 2 прова,  visahouse, 14-Ноя-07, 14:07 [смотреть все]Добрый день.
Есть Cisco 1841 с двумя WAN-портами, настроенными на 2 провайдеров.
Всё настроено через ip sla и треки. Перключается автоматически - всё отлично.Но бывает случаи, когда один трек говорит, что он DOWN и тут начинается байда.
Эталонный сервер пингуется с другого интерфейса.
На провайдерской стороне - всё работает. Причём они говорят, что от нас к ним не идёт ни один пакет. Даже если я принудительно пингую через этот интерфейс.
Но это ещё не всё. В итоге-то, самое главное, не срабатывает переключение маршрутов.
То есть если пакет идёт обычным образом, то он всё равно пытается лезть по тому маршруту, который DOWN.
В итоге помогает только возврат к фабричным установкам и залив резервной концигурации.
В чём может быть дело? куда копать? Вот пример нашего конфига:
!
version 12.4
!
ip sla monitor 1
type echo protocol ipIcmpEcho 213.180.204.11 source-interface FastEthernet0/0
timeout 2000
threshold 2
frequency 3
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 81.19.70.1 source-interface FastEthernet0/1
timeout 2000
threshold 2
frequency 3
ip sla monitor schedule 2 life forever start-time now
!
track 123 rtr 1 reachability
track 124 rtr 2 reachability
!
!
!
interface FastEthernet0/0
description ISP1$ETH-WAN$
ip address XXX.XXX.XXX.196 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description ISP2$ETH-WAN$
ip address YYY.YYY.YYY.214 255.255.255.248 secondary
ip address YYY.YYY.YYY.210 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description LOCAL
ip address 192.168.77.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map alpha
!
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.193 10 track 123
ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.209 20 track 124
ip route 81.19.70.1 255.255.255.255 YYY.YYY.YYY.209
ip route 213.180.204.11 255.255.255.255 XXX.XXX.XXX.193
!
access-list 1 permit 192.168.77.0 0.0.0.255
access-list 101 permit ip host 192.168.77.202 any
!
route-map ISP1-NAT permit 10
match ip address 1
match interface FastEthernet0/0
!
route-map ISP2-NAT permit 10
match ip address 1
match interface FastEthernet0/1
!
route-map alpha permit 10
match ip address 101
set ip next-hop verify-availability 81.19.70.1 20 track 124
set ip next-hop YYY.YYY.YYY.209
!
route-map alpha permit 20
set ip next-hop verify-availability 213.180.204.11 10 track 123
set ip next-hop YYY.YYY.YYY.193
!
|
- 1841 и 2 прова, dxer, 14:35 , 14-Ноя-07 (1)
gw>sh ver
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) yaros-gw uptime is 47 week, 2 days, 19 hours, 23 minutes
System returned to ROM by power-on
System restarted at 19:11:46 MSK Sun Nov 4 2007
System image file is "flash:c1841-advipservicesk9-mz.124-15.T1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to
export@cisco.com. Cisco 1841 (revision 5.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ091924BW
6 FastEthernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62592K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102
- 1841 и 2 прова, dxer, 14:36 , 14-Ноя-07 (2)
На такой же железке работает пару лет без проблем SLA + OBJ.TRACKING.
Не замечал проблем.
- 1841 и 2 прова, visahouse, 14:45 , 14-Ноя-07 (3)
У меня чёть отличается:
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 10:44 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1) SHL uptime is 19 hours, 2 minutes
System returned to ROM by reload at 19:41:16 Moscow Tue Nov 13 2007
System image file is "flash:c1841-advipservicesk9-mz.124-12.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to
export@cisco.com. Cisco 1841 (revision 6.0) with 115712K/15360K bytes of memory.
Processor board ID FCZ103990Q1
6 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102
- 1841 и 2 прова, GolDi, 15:43 , 14-Ноя-07 (4)
>[оверквотинг удален]
>!
>interface Vlan1
> description LOCAL
> ip address 192.168.77.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
> ip policy route-map alpha
>!
>ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.193 10 track 123
>ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.209 20 track 124 A esli tak sdelat?
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.193
ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.209
>[оверквотинг удален]
>!
>route-map alpha permit 10
> match ip address 101
> set ip next-hop verify-availability 81.19.70.1 20 track 124
> set ip next-hop YYY.YYY.YYY.209
>!
>route-map alpha permit 20
> set ip next-hop verify-availability 213.180.204.11 10 track 123
> set ip next-hop YYY.YYY.YYY.193
>!
- 1841 и 2 прова, dxer, 17:43 , 14-Ноя-07 (5)
>[оверквотинг удален]
>>!
>>route-map alpha permit 10
>> match ip address 101
>> set ip next-hop verify-availability 81.19.70.1 20 track 124
>> set ip next-hop YYY.YYY.YYY.209
>>!
>>route-map alpha permit 20
>> set ip next-hop verify-availability 213.180.204.11 10 track 123
>> set ip next-hop YYY.YYY.YYY.193
>>! Так нельзя, нужно обязательно метрику указывать и трекинг.
- 1841 и 2 прова, visahouse, 17:12 , 15-Ноя-07 (6)
>
>Так нельзя, нужно обязательно метрику указывать и трекинг.
>А что ж ещё можно сделать?
|
Версия для распечатки
