Configuring Dual WAN Failover on Single Cisco Router

1. Overview

 

For network today, WAN redundancy with multiple internet connections is very important not only in the enterprise networks but even in some small networks also need two ISP for dual WAN connection. To achieve the objective of having redundant WAN connectivity for a network, it must have different connections with two ISP.

In this article will show how to configure dual WAN failover on single Cisco router with IP SLA tracking to have redundancy with multiple internet connections.

2. Prerequisites

 

In this article of how to configure dual WAN failover on single Cisco router, it is assumed that:

a. you already have GNS3 VM virtual server installed up and running on your computer. In case that you don’t, please refer to this link. Installing GNS3 VM on VMware Workstation

b.  You know how to configure NAT, network address translation, on Cisco router. If you do not, you can refer this link Configuring Network Address Translation (NAT) on Cisco Router.

3. Lab Scenario Setup

 

To demonstrate how to configure dual WAN failover on single Cisco router , we will set up a GNS3 lab as the following IP network diagram.

Configuring Dual WAN Failover on Single Cisco Router

There are three Cisco routers. R1 is the router in customer network and the other two routers will act like two different ISP, so we have multiple internet connections for the customer network. ISP01 is the primary connection and ISP02 is the secondary connection for customer router R1. In case that customer router R1 can not reach ISP01, it will automatically switch over to ISP02 to achieve WAN redundancy. There is one router PC1 within the LAN network acting as computer client.

Now let configure the IP address setting on PC1

# int f0/0
    ip add 10.10.10.20 255.255.255.0
    no sh
# ip route 0.0.0.0 0.0.0.0 10.10.10.1

On customer router R1 configure the following IP address settings

# int f0/0
      ip add 10.10.10.1 255.255.255.0
      no sh
# int f1/0
     ip add 100.100.100.1 255.255.255.252
     no sh
# int f1/1
    ip add 200.200.200.1 255.255.255.252
    no sh

On ISP01 router, configure the following IP address settings

# int f0/0
    ip add 100.100.100.2 255.255.255.252
    no sh
# int f0/1
    ip add 102.102.102.1 255.255.255.252
    no sh

On ISP02 router, configure the following IP address settings

# int f0/0
    ip add 200.200.200.2 255.255.255.252
    no sh
# int f0/1
    ip add 102.102.102.2 255.255.255.252
    no sh

To connect ISP01 to ISP02 we need to configure a routing protocol. It can be the static routing or dynamic routing protocol, but in our case now let use OSPF dynamic routing protocol to connect these two ISP.

On ISP01 router, configure OSPF dynamic routing protocol as the below.

# router ospf 1
    net 102.102.102.0 0.0.0.3 area 1
    net 100.100.100.0 0.0.0.3 area 1

On ISP02 router, configure OSPF dynamic routing protocol as the below.

# router ospf 1 
    net 102.102.102.0 0.0.0.3 area 1
    net 200.200.200.0 0.0.0.3 area 1

4. Configure Dual WAN Failover on Single Cisco Router

 

The first thing that we need to do here to have WAN redundancy with multiple internet connections is to configure dynamic NAT, dynamic network address translation, on Cisco router that connected directly to two ISP. So, clients computer within the internal network can reach to internet.

To configure dynamic NAT on Cisco router,  we need to create an ACL to contain the IP address to be NATed. In below ACL, we allow all IP in the LAN can access to the internet.

# ip access-list standard ACL-DNAT
     permit 10.10.10.0 0.0.0.255

For multiple internet connections of WAN redundancy we need to configure route maps to select which traffic to be NATed for each WAN interface of these two ISP.

# route-map RM-NAT-ISP01 10
    match ip add ACL-DNAT
    match int f1/0

# route-map RM-NAT-ISP02 10
    match ip add ACL-DNAT
    match int f1/1

After configured an access control list , then we need to configure dynamic NAT with the created ACL above.

# int f0/0
    ip nat inside
# int f1/0
    ip nat outside
# int f1/1
    ip nat outside
# ip nat inside source route-map RM-NAT-ISP01 int f1/0 overload
# ip nat inside source route-map RM-NAT-ISP02 int f1/1 overload

Now we need to configure IP SLA on Cisco router with dual wan connection,  to ping the public IP address of ISP01 since we had decided to use this ISP as the primary connection.

# ip sla 20
     icmp-echo 100.100.100.2 source-interface f1/0
     timeout 1000
     frequency 10
# ip sla schedule 20 life forever start-time now
# track 1 rtr 20 reachability

Then, we need to apply the IP SLA configured above with default routes configuration on our  dual wan connection Cisco router. So, we can have WAN redundancy for our network.

# ip route 0.0.0.0 0.0.0.0 100.100.100.2 track 1
# ip route 0.0.0.0 0.0.0.0 200.200.200.2 2

The track number which is specified with default routes configuration will be installed only if Cisco router with dual wan connection can reach the public IP of ISP01. So, if ISP01 cannot be reached by our dual wan connection Cisco router, the secondary default routes will be used to forward all the traffic to ISP02.

5. Verify and Test

 

To test if the configuration of  WAN redundancy of multiple internet connections work or not,  we can ping to the public IP address these two ISP which is 102.102.102.1 or 102.102.102.2 for our case now. We should get the following successful result.

# ping 102.102.102.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 102.102.102.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/148/524 ms

After we know that ping to the public IP address of these two ISP is successful, we can check the traceroute command to see which path that it go to reach that  public IP address. Base on the following traceroute result, it reach 102.102.102.2 via ISP01.

# traceroute 102.102.102.2

Type escape sequence to abort.
Tracing the route to 102.102.102.2

 1 10.10.10.1 988 msec 540 msec 812 msec
 2 100.100.100.2 1884 msec 356 msec 32 msec
 3 102.102.102.2 44 msec 40 msec 64 msec

If we check the routing table on our dual wan connection Cisco router, the default routes must be pointing to the public IP address of ISP01 which is 100.100.100.2. So, this means that right now our dual wan connection Cisco router is forwarding all the traffic to the internet vial ISP01.

# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route
Gateway of last resort is 100.100.100.2 to network 0.0.0.0

200.200.200.0/30 is subnetted, 1 subnets
C 200.200.200.0 is directly connected, FastEthernet1/1
 100.0.0.0/30 is subnetted, 1 subnets
C 100.100.100.0 is directly connected, FastEthernet1/0
 10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 100.100.100.2

Let also check the NAT configuration of  WAN redundancy of multiple internet connections work or not. It should be NATed to the IP address of ISP01 as the following.

# sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 100.100.100.1:38916 10.10.10.20:38916 102.102.102.2:33440 102.102.102.2:33440
udp 100.100.100.1:39257 10.10.10.20:39257 102.102.102.2:33437 102.102.102.2:33437
udp 100.100.100.1:40320 10.10.10.20:40320 102.102.102.2:33439 102.102.102.2:33439
udp 100.100.100.1:40736 10.10.10.20:40736 102.102.102.2:33438 102.102.102.2:33438
udp 100.100.100.1:40966 10.10.10.20:40966 102.102.102.2:33442 102.102.102.2:33442
udp 100.100.100.1:41214 10.10.10.20:41214 102.102.102.2:33441 102.102.102.2:33441

Now we need to test if it is failover to ISP02 or not in case that ISP01 not reachable from our dual wan connection Cisco router. So, can know that our configuration for WAN redundancy with multiple internet connections work or not. To test this, we can remove the IP address configuration on the interface f0/0 of  ISP01 router.

# int f0/0
    no ip address 100.100.100.2 255.255.255.252

After finished removing the IP address on the interface f0/0 of  ISP01 router, we should get the follow message log on our dual wan connection Cisco router.

*Jan 14 09:40:48.331: %TRACKING-5-STATE: 1 rtr 20 reachability Up->Down

If we check the routing table on our dual wan connection Cisco router, the default routes must be pointing to the public IP address of ISP02 which 200.200.200.2. So, this means that right now our dual wan connection Cisco router is forwarding all the traffic to the internet vial ISP02.

# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 200.200.200.2 to network 0.0.0.0

200.200.200.0/30 is subnetted, 1 subnets
C 200.200.200.0 is directly connected, FastEthernet1/1
 100.0.0.0/30 is subnetted, 1 subnets
C 100.100.100.0 is directly connected, FastEthernet1/0
 10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [2/0] via 200.200.200.2

Now let check the traceroute result again. As we can we below, our dual wan connection Cisco router can reach that  public IP address 102.102.102.1 via ISP02 connection.

# traceroute 102.102.102.1
Type escape sequence to abort.
Tracing the route to 102.102.102.1

 1 10.10.10.1 488 msec 736 msec 728 msec
 2 200.200.200.2 1388 msec 1964 msec 2892 msec
 3 102.102.102.1 804 msec 32 msec 32 msec

Let check the NAT configuration of  WAN redundancy of multiple internet connections again. It should be NATed to the IP address of ISP02 as the following for now.

# sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 200.200.200.1:34969 10.10.10.20:34969 102.102.102.1:33442 102.102.102.1:33442
udp 200.200.200.1:36557 10.10.10.20:36557 102.102.102.1:33437 102.102.102.1:33437
udp 200.200.200.1:38514 10.10.10.20:38514 102.102.102.1:33440 102.102.102.1:33440
udp 200.200.200.1:39853 10.10.10.20:39853 102.102.102.1:33441 102.102.102.1:33441
udp 200.200.200.1:40102 10.10.10.20:40102 102.102.102.1:33438 102.102.102.1:33438
udp 200.200.200.1:42359 10.10.10.20:42359 102.102.102.1:33439 102.102.102.1:33439

6. Conclusion

 

That’s all about how to configure dual WAN failover on single Cisco router from Tech Space KH. This is a cheap and simple method to achieve the objective of WAN redundancy with multiple internet connections. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.

Comments

comments