Alternate Routing for a backup router??

Heres the scoop,

Primary and Secondary router. Secondary is not in used till the Primary Fails. This is monitored by HSRP and HSRP is working...I've tested it.

Primary and Secondary connect to a Layer 3 switch (as outlined below)

2821

3560 (1)

3560 (2)

3560 (3)
1841

The 2821 connects to our MPLS network
The 1841 connects to a local ISP via a DSL connection, we have an IPSec running to the MPLS network via static routes(also working)

On the LAN side the 2821 is advertising EIGRP and the 3560's (1-2-3) are also all running EIGRP.

Heres the problem....

When the 2821 fails HSRP works like a charm. However the clients off of the switches can't get out. Now this is probably due to a routing problem but im stuck on what to do.
Being remote from this network i cant see the routing table on the 3560 once failover has taken place.

Im thinking the following would fix the problem:

Create static routes on the 3560 which have a higher administrative distance than EIGRP.

However im not sure if this will work.....

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dtlokee

I think you will need to provide more information to get a good answer. You are running the 3560's as L3 devices but the 2821 and the 1841 are using HSRP, this would lead me to guess the clients aren't using the IP of the HSRP group as their default gateway but the IP of the 3560? Also you are using a DSL link as the backup, are you somehow sharing routes across this from the site at the other end? Is this where you are proposing to use a floating static route to provide this routing table information?

rossonieri#1

mattsthe2 wrote:

Heres the problem....

When the 2821 fails HSRP works like a charm. However the clients off of the switches can't get out. Now this is probably due to a routing problem but im stuck on what to do.
Being remote from this network i cant see the routing table on the 3560 once failover has taken place.

Im thinking the following would fix the problem:

Create static routes on the 3560 which have a higher administrative distance than EIGRP.

However im not sure if this will work.....

same as dtlokee,

not clear enough which way out? mpls for intranet - and dsl for internet?
if thats the case - then question is are both links in the same network boundary? i mean can you access the mpls net from dsl line?

mattsthe2

dtlokee wrote:

I think you will need to provide more information to get a good answer. You are running the 3560's as L3 devices but the 2821 and the 1841 are using HSRP, this would lead me to guess the clients aren't using the IP of the HSRP group as their default gateway but the IP of the 3560? Also you are using a DSL link as the backup, are you somehow sharing routes across this from the site at the other end? Is this where you are proposing to use a floating static route to provide this routing table information?

Hi Dtloke,

Yeah i didnt want to flood on my first post so I'll try to answer each question as they come along.

You are good, how do you know such things lol... yes clients use the hsrp address of the 3560's.

Yes the dsl connection on the 1841 is not used at all except if the 2821 is down. I can ping our other offices on the 1841.

I dont know if this matters but the 2821 is running OSPF out on the WAN side and to re-state EIGRP on the LAN side.

Well our MPLS provider does the magic somehow of sharing the routes. We redistrubute our internal EIGRP via whatever WAN routing protocol we are running, usually BGP at our other office.

The 2821 is redistributing the EIGRP via OSPF though out to the MPLS.

I am proposing floating static routes on the 3560's so when its EIGRP neighbor in this case the 2821 fails, it sends all of its WAN traffic whether it be internet traffic or our offices over to the 1821...
I might be able to get away with a single 0.0.0.0 route but not sure how to do it.

I was also thinking about running EIGRP on the 1841, but not sure if that would work.

This all goes above my current CCNA knowledge.
Queue experts...

mattsthe2

rossonieri#1 wrote:

same as dtlokee,

not clear enough which way out? mpls for intranet - and dsl for internet?
if thats the case - then question is are both links in the same network boundary? i mean can you access the mpls net from dsl line?

Hi Rossonieri,

MPLS for internet and WAN traffic.
The DSL connection is only used to connect to the MPLS network.
All traffic leaving that 1841 whether it be internet traffic of WAN traffic goes down the IPSec tunnel to our MPLS provider.

Hope that clears it up a bit.

dtlokee

Sounds like you're not getting routes over the IPSec tunnel fron the provider, if the 2800 fails there are no routes to the rest of the network. You may need to add a static route (possibly a default route) with a higher AD than ospf. It's still hard to make an exact determination of the problem.

mattsthe2

dtlokee wrote:

Sounds like you're not getting routes over the IPSec tunnel fron the provider, if the 2800 fails there are no routes to the rest of the network. You may need to add a static route (possibly a default route) with a higher AD than ospf. It's still hard to make an exact determination of the problem.

Yes i know its hard, thanks for your educated guess. I would agree with you though.
No routing protocols are being passed across the WAN on the 1841.

We are running EIGRP on the WAN side so on the 3560's I'd have to give higher static AD than EIGRP? How do you do that?

So when the 2821 fails. The 3560 table should be more or less empty (because its lost its neighbor).
Currently the 3560 is learning its default route via EIGRP of the primary router.

dtlokee

To add the static route with a higher AD just put it at the end.

ip route 0.0.0.0 0.0.0.0 1.1.1.1 121

121 will be higher than EIGRP, OSPF, and RIP. You can also have the router advertise this to the 3560's via EIGRP or whatever protocol, just use a very high metric so they don't choose it over the primary connection.

mattsthe2

dtlokee wrote:

To add the static route with a higher AD just put it at the end.

ip route 0.0.0.0 0.0.0.0 1.1.1.1 121

121 will be higher than EIGRP, OSPF, and RIP. You can also have the router advertise this to the 3560's via EIGRP or whatever protocol, just use a very high metric so they don't choose it over the primary connection.

Excellent...

How would i do your second suggestion using eigrp?

config t
router eigrp 100
distance 121
redistrubute static ?

im venturing into new grounds with the redistrubute statement here....im guessing thats CCNP stuff...

Please fill in the gaps.

sunil_vishnani

Hi ,

Do not use AD of 121 because the routes will be the redistributed routes commig from OSPF domain and redistributed in to eigrp so will carry as AD of "170"(redistributed EIGRP AD 170)

The effective & more dynamic approach will be to use OSPF as your IGP and originate the default from both the core routers (2821 & 1814) in such a way that your secondary router (1814) should originate the default in you IGP only when the 2821 router fails .

If You think this suites your requirement and you have no problems with running OSPF than i can guide on how to go abt it .