Cisco Dual ISP Failover: No More Internet DownTime!
HTML-код
- Опубликовано: 27 июн 2023
- Have a project and need my help?
hire.davidgodibadze.com/
Buy me a Coffee! ko-fi.com/davidgodibadze
Hey there, tech lovers!
We all know how crucial a steady internet connection is these days, right? Well, imagine if you could say goodbye to those frustrating internet outages for good.
In this video, we're tackling the awesome world of network reliability with a deep dive into Cisco's Dual ISP Failover.
We'll walk you through:
- Setting up a primary and backup internet service provider (ISP)
- Making sure your network automatically switches to the backup when the primary one goes AWOL
- Switching back as soon as your main ISP is back in action
- And a few cool advanced tricks and troubleshooting tips
No matter if you're a network pro or a tech newbie, this tutorial's got something for everyone. You'll come out the other side knowing how to keep your network online no matter what your ISP throws at you.
Don't forget to hit that like and subscribe button if(!) you find this helpful, and drop any questions or problems in the comments - we're here to help! 
Наука
Thanks. I have a Cisco 3560 switch at home. I used the sla and track configuration. Tested and it worked. I have a MicroTek router connected to Gi0/1 on the switch and that then goes out to the primary ISP. The secondary is Gi0/24 and that connects to an old Wifi router (wifi disabled) ... and then out to 2ndary ISP. This config is just what I needed.
This is gold! Thank you! Please keep them coming like these ones
Thank you!
Wow, this is exactly what I needed. I thought I was going to need two routers with HSRP. This will save me a lot of money. Thank you!
Glad to hear that, thanks for wathching!
I will do this these days and that was excellent guide that will help me a lot.
Thank you for sharing this great video.
Great Video... Thanks a lot
Thank you.
Brilliant, thank you for sharing. Question how could ge leverage some non critical traffic to use backup Internet, such as maybe FTP, SMTP, RSYNC for slow backups, while both connections up. this way have primary failover backup, and some backup failover primary. Also what version of IOS is required for SLA.
THX Dinooz
1. If the FTP/etc services are not published, then you can use policy based routing to catch the traffic using route-map and force it to go out using the backup internet.
2. IP SLAs was introduced by Cisco in IOS 12.3(14)T however, the features you get with IP SLAs can vary based on the specific IOS version and platform. Always check the specifics for your setup.
Quick question though, I see you cleared nat table after the interface goes down, but somehow the NAT translation does not have to be cleared when the primary link comes up. What's reason for that? Thanks..
Excellent
Thanks.
Great explanaition! What if ISP IP set by DHCP? Possible to use port and not IP?
Thanks for the KNowledge
can we have the configuration as a file
hi @IT Solutions Network does it is possible to monitor more that only one ip (isp 1 or 2 ) on the interfaces? that's because what happens when google get down for it self?
Yes, it is possible.
Configure IP SLA Operations: You'll set up two separate IP SLA operations, each pinging one of the IP addresses you want to monitor.
Define Tracking Objects: Create tracking objects for each IP SLA operation. These objects will track the state (up or down) of each operation.
Logical AND Tracking: This is key for your requirement. You'd configure a boolean track statement that combines the two tracking objects with a logical AND condition. This means the failover will only be triggered when both tracked objects are down.
Integrate with Routing: Use the tracking configuration in your routing protocol or static route configuration to modify routing decisions based on the status of the boolean track object.
Remember, the specific commands and configurations might vary depending on your Cisco device's model and IOS version.
Here is the example:
! Configure IP SLA operations
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 1.1.1.1 source-interface GigabitEthernet0/0
timeout 1000
frequency 5
ip sla schedule 2 life forever start-time now
! Define tracking objects
track 10 ip sla 1 reachability
track 20 ip sla 2 reachability
! Configure logical AND tracking
track 30 list boolean and
object 10
object 20
! Use the tracking in routing (example with a static route)
ip route 0.0.0.0 0.0.0.0 12.34.56.1 track 30
@@ITSolutionsNetwork Thanks a lot! you are a genius , greetings from Monterrey México.
Hello again, could you please do a video where the secondary failover is Starlink which is in different VRF please? thanks!!!
I'll check if there is a demand for it.
is it possible to do this if your secondary ISP(starlink) is on a different vrf? how difficult is this? could you please do a video regarding that?
Hi, I haven't had the chance to try this setup before.
Could you elaborate on the benefits of using a different VRF for your secondary ISP in this context?
Is there a specific reason you need two separate routing tables with their own default routes? I'm curious to understand your use case better.
2 questions: 1- does it is possible add a VPN setup here to take advantage of the failover and 2- when it should be used other routing protocols like OSPF or BGP?
1. Yes, but you gotta understand that at any point of time, you should only connect to the IP address of the ISP that is active at that moment. For example use IPS1 IP address and if that won't work, then use second profile from vpn to connect to ISP2 IP address.
2. When there is a need to exchange routes dynamically instead of using static routes.
How would we do this for router that's running S2S VPN and internet traffic? Is there a way to track both?
There is a way, and also depends on the VPN config.
If the remote site has only one ISP, the local configuration can get a little ugly, but it’s doable.
It’s easier if you do route-based VPN instead of policy- based routing, and then do a routing on the top of it.
@@ITSolutionsNetwork remote side is data centre and we have 2 x - I was thinking maybe if VPN to one data centre goes down, connect to the other data centre vpn
Why can't enable my route-map?
whats the specific error you get man ??? whats the config you're using ???