Network Diagram

How to set up Internet connection (WAN) failover in Cisco IOS

Posted by

This technique makes a Cisco router monitor connectivity to an IP address, over the primary connection and switch to using a backup gateway if the primary were to fail. The common network set up for this is as follows:

In essence, the Cisco router is connected via a leased line directly to the ISP’s off site router. The Cisco router can also be connected to the Internet, via an on site DSL modem, as a backup.

This tutorial assumes that you already have your interfaces configured and it is possible for the router to ping both your primary and backup gateways.

First we’ll configure our two default gateways. Delete any existing default gateways you have, as follows:

no ip route 0.0.0.0 0.0.0.0

Lets say our primary is 3.3.3.3 and our backup is 99.99.99.99. Add your two routes as follows:

ip route 0.0.0.0 0.0.0.0 3.3.3.3 1 track 1
ip route 0.0.0.0 0.0.0.0 99.99.99.99 254 name DSL_Backup

This adds a tracked route with a metric of 1 and an additional route with a metric of 254. The routing table will use the route with the lowest metric by default (i.e. the primary).

Next, add an ip sla entry to monitor the connection. This will ping a given IP address every 10 seconds. I recommend using the IP address of the next hop (i.e. “ISP’s Router” in the above diagram) as this monitor IP, providing it accepts pings. In this example, we’ll use 50.50.50.50. The 123 is just a numerical identifier for the SLA. This can be whatever you want, within the allowed range.

ip sla 123
 icmp-echo 50.50.50.50 source-interface FastEthernet0/0
 frequency 10

Now, add an sla schedule so that your sla starts now and runs forever.

ip sla schedule 123 life forever start-time now

Finally, we’ll add a track entry for the SLA to cause the gateway switch to happen:

track 1 rtr 123 reachability

You should now have connectivity through your primary gateway. You can monitor the SLA using this command:

show ip sla statistics 123

This will show you the  “Number of successes” and “Number of failures” the sla had.

Using this command, you can see the current default gateway (gateway of last resort):

show ip route

It should be your primary gateway. Disrupt the primary connection such that it is unable to reach the monitor IP address. Within 10 seconds, the gateway of last resort as shown by the above command will have changed to your backup gateway. Reconnect the primary connection and it will have switched back again.

6 comments

    1. Hi,

      Thank you for the useful post.
      I have a question concerning the “Cisco Router” (refer to your figure) is it possible to use a layer 3 switch instead of this router?
      Please help it’s an urgent matter 🙁

      Regards,
      Jlassi Fida

  1. Hi,

    Please it’s an urgent matter.
    I start the purchase procedure of the layer 3 cisco switch, did you have an idea with the CLI command of the SF300 switch?

    Regards,
    Jlassi Fida

  2. Hello, I would like to help me with something.

    I would like to do failover on my cisco router like you did. but the problem is that i have two isp but one of them is DSL. I meam that It learns gateway for dhcp an this is my main gateway.

    I tried to do the same thing but I can´t put track in this ip route 0.0.0.0 0.0.0.0 dhcp..

    I also use “ip dhcp-client default-route 25” but It didn´t work..

    could you help me ? please

Leave a Reply

Your email address will not be published. Required fields are marked *