Setting up a failover ADSL connection on a Cisco Router

This method will monitor a connection via ICMP ping and, on failure, it will bring up the ADSL line. Below is my setup – you may need to tailor this guide to yours. This method is useful if both connections cannot be up at the same time (possibly because they share an IP address).

Cisco 1841 Router

Cisco 1841 Router with HWIC1-ADSL

  • Dialer0 is a PPPoE dialer to a VDSL modem via fa0/0
  • Dialer1 is a PPPoATM dialer of ADSL via ATM0/1/0
  • The IP I am pinging to detect failure is 83.218.143.225
  • The ATM0/1/0 interface is shutdown when not in use

First we’ll add a Track and IP SLA to monitor our primary connection (Dialer0) by pinging our monitor IP (83.218.143.225). This track configuration delays actioning a failure for 10 seconds and a restore by 60 seconds. This is to prevent flip-flopping on the lines:

  1. track 1 rtr 123 reachability
  2. delay down 10 up 60
  3.  
  4. ip sla 123
  5. icmp-echo 83.218.143.225 source-interface Dialer0
  6. timeout 2000
  7. frequency 4
  8. ip sla schedule 123 life forever start-time now

Next we’ll add default routes for Dialer0 (linked to Track1) and Dialer1 (with a higher metric). If you already have default routes, remove these first:

  1. ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
  2. ip route 0.0.0.0 0.0.0.0 Dialer1 254

Finally we’ll use EEM applets to monitor track 1 and bring up the ATM interface on failure (and visa versa). This also e-mails us about the event:

  1. event manager applet TRACK-1-TIMEOUT
  2. event track 1 state down
  3. action 1.0 cli command "enable"
  4. action 2.0 cli command "config terminal"
  5. action 3.0 cli command "interface atm0/1/0"
  6. action 4.0 cli command "no shutdown"
  7. action 5.0 mail server "55.33.44.22" to "to@mail.com" from "from@mail.com" subject "IP SLA 123 Timeout" body "Timeout on primary line"
  8. event manager applet TRACK-1-OK
  9. event track 1 state up
  10. action 1.0 cli command "enable"
  11. action 2.0 cli command "config terminal"
  12. action 3.0 cli command "interface atm0/1/0"
  13. action 4.0 cli command "shutdown"
  14. action 5.0 mail server "55.33.44.22" to "to@mail.com" from "from@mail.com" subject "IP SLA 123 Restored" body "Primary line restored"

You should replace 55.33.44.22 with a valid SMTP server that this router has access to send through and change to@mail.com/from@mail.com to the to/from e-mail addresses respectively.

 

A full example config (with some bits redacted) can be found here.

How to set up Internet connection (WAN) failover in Cisco IOS including e-mail notifications

As a revision to my earlier post on the matter, here’s a better constructed way to achieve the same effect with a little more accuracy.

Here’s a diagram of the approximate topology that this will cater to:

Network Diagram

Network Diagram

I shall assert the following facts:

  1. The “ISP’s Router” is IP address 1.1.1.1
  2. The DSL model is IP address 2.2.2.2
  3. The source interface that connects to the ISP router is FastEthernet0/0
  4. There is an SMTP server that this router has permission to send via at 99.99.99.99
  5. Your e-mail address is you@mail.com

First we use “track” to create 2 track entries to do route tracking. The first defines a “reachability” track which will be used to monitor for and perform actions on the failure of the primary route. This also delays the actions it performs on failure and restore by 20 and 60 seconds respectively to negate the effect of temporary blips. The second is a stub which allows us to take the secondary route up or down.

  1. track 1 rtr 123 reachability
  2. delay down 20 up 60
  3. track 2 stub-object
  4. default-state down

Next we add the routes. There’s 2 default gateways added, each associated with the track entries. There is also a route to ensure that all traffic to the “ISP’s Router” is sent out of the fa0/0 interface. This is for monitoring.

  1. ip route 0.0.0.0 0.0.0.0 1.1.1.1 name FIBRE track 1
  2. ip route 0.0.0.0 0.0.0.0 2.2.2.2 254 name ADSL_BACKUP track 2
  3. ip route 1.1.1.1 255.255.255.255 FastEthernet0/0

Now we use ip sla to provide the details for our reachability track regarding what it should test. In this case, it pings the “ISP’s Router” every 4 seconds:

  1. ip sla 123
  2. icmp-echo 1.1.1.1 source-interface FastEthernet0/0
  3. timeout 2000
  4. frequency 4
  5. ip sla schedule 123 life forever start-time now

Finally we add some event handling to perform some actions on the failure and restore of the primary line. These bring up the second route and e-mail you a notification:

  1. event manager applet TRACK-1-TIMEOUT
  2. event track 1 state down
  3. action 1.0 track set 2 state up
  4. action 1.1 mail server "99.99.99.99" to "you@mail.com" from "monitor@router.local" subject "IP SLA 123 Timeout" body "Timeout on the primary line"
  5. event manager applet TRACK-1-OK
  6. event track 1 state up
  7. action 1.0 track set 2 state down
  8. action 1.1 mail server "99.99.99.99" to "you@mail.com" from "monitor@router.local" subject "IP SLA 123 Restored" body "Primary line restored"

That’s largely it. It contrasts with my earlier post in such that it ignores the effect of temporary blips in the line and also sends e-mail notifications.

 

Cisco IOS: Disable Telnet access… or enable SSH

Telnet access is enabled by default on some IOS releases. See this article for why this is bad.

If you don’t need Telnet access, you should disable it. The commands are as follows:

  1. line vty 0 4
  2. transport input none

If you do need remote terminal access, you should switch Telnet to SSH where possible. Be sure to set a secure password.

  1. ip domain-name your.domain.com
  2. crypto key generate rsa
  3. username yourusername secret supersecretpassword
  4. line vty 0 4
  5. transport input ssh
  6. login local

The crypto key generate rsa command will ask you “How many bits in the modulus”. It is recommended to use at least 2048.

Configuring Cisco IOS switches for Cisco VOIP phones

Some Cisco switches, such as our Catalyst 3560 series, have Smartports which can be configured via the switch’s web interface to have roles. These roles provide the ports with typical settings for network security and QOS. If your switch doesn’t have Smartports these are Cisco’s recommended settings for each switch interface which is supporting a Cisco VOIP phone. It is taken in the content of interface fa0/1

  1. interface FastEthernet0/1
  2. switchport access vlan 14
  3. switchport mode access
  4. switchport voice vlan 5
  5. switchport port-security maximum 2
  6. switchport port-security
  7. switchport port-security aging time 2
  8. switchport port-security violation restrict
  9. switchport port-security aging type inactivity
  10. macro description cisco-phone
  11. auto qos voip cisco-phone
  12. spanning-tree portfast
  13. spanning-tree bpduguard enable

 

You’ll need to change the access VLAN ID and voice VLAN ID to relate to your own PCs VLAN and voice VLAN.

United Kingdom Dial Plan XML for Cisco Phones

United Kingdom Dial Plan XML for Cisco Phones

Being too cheap to pay for the Cisco support contract for our Cisco 7961 series phones and thus not being able to download the dialplan.xml, we’ve constructed one based on this Wikipedia page. The UK telephone numbering plan is seemingly moderately complex and not entirely possible to make a perfect dialplan from. For example, you can have 10 and 11 digit 0800 numbers meaning that the 10 digit ones will have to wait on the timeout of the “Anything else” rule.

The below UK dialplan.xml is tested and shown to work though tweaks and corrections are definitely welcome.

  1. <DIALTEMPLATE>
  2. <TEMPLATE MATCH="999" Timeout="0"/> <!-- Emergency -->
  3. <TEMPLATE MATCH="112" Timeout="0"/> <!-- Emergency -->
  4. <TEMPLATE MATCH="101" Timeout="0"/> <!-- Almost an Emergency -->
  5.  
  6. <TEMPLATE MATCH="100" Timeout="0"/> <!-- Operator -->
  7. <TEMPLATE MATCH="155" Timeout="0"/> <!-- International Operator -->
  8. <TEMPLATE MATCH="123" Timeout="0"/> <!-- Speaking Clock -->
  9.  
  10. <TEMPLATE MATCH="118..." Timeout="0"/> <!-- Men with moustaches et al -->
  11. <TEMPLATE MATCH="116..." Timeout="0"/> <!-- Pan-European Social Help -->
  12.  
  13. <TEMPLATE MATCH="08001111" Timeout="0"/> <!-- Childline. lol -->
  14. <TEMPLATE MATCH="0845464." Timeout="0"/> <!-- NHS Direct et al -->
  15. <TEMPLATE MATCH="0500......" Timeout="0"/> <!-- Apparently 0500 is always 10 digits -->
  16.  
  17. <!-- Uncomment if you care about this one. Worst case, you'll wait 5 seconds -->
  18. <!-- <TEMPLATE MATCH="016977...." Timeout="0"/> --> <!-- Brampton, Carlisle. Also 10 digits -->
  19.  
  20. <TEMPLATE MATCH="00*" Timeout="5"/> <!-- International, 00 prefixed. No fixed length -->
  21. <TEMPLATE MATCH="0.........." Timeout="0"/> <!-- UK 11 digit, 0 prefixed -->
  22.  
  23. <TEMPLATE MATCH="\*.." Timeout="0"/> <!-- Asterisk *.. codes -->
  24.  
  25. <TEMPLATE MATCH="1.." Timeout="0"/> <!-- 1 prefixed 3 digit (internal extensions) -->
  26. <TEMPLATE MATCH="2.." Timeout="0"/> <!-- 2 prefixed 3 digit (internal extensions) -->
  27. <TEMPLATE MATCH="3.." Timeout="0"/> <!-- 3 prefixed 3 digit (internal extensions) -->
  28. <TEMPLATE MATCH="4.." Timeout="0"/> <!-- 4 prefixed 3 digit (internal extensions) -->
  29. <TEMPLATE MATCH="5.." Timeout="0"/> <!-- 5 prefixed 3 digit (internal extensions) -->
  30. <TEMPLATE MATCH="6.." Timeout="0"/> <!-- 6 prefixed 3 digit (internal extensions) -->
  31. <TEMPLATE MATCH="7.." Timeout="0"/> <!-- 7 prefixed 3 digit (internal extensions) -->
  32. <TEMPLATE MATCH="8.." Timeout="0"/> <!-- 8 prefixed 3 digit (internal extensions) -->
  33. <TEMPLATE MATCH="9.." Timeout="0"/> <!-- 9 prefixed 3 digit (internal extensions) -->
  34.  
  35. <TEMPLATE MATCH="*" Timeout="5"/> <!-- Anything else -->
  36. </DIALTEMPLATE>

 

You can also get it at dialplan.xml.