I believe it is necessary to make a few changes for clarification purposes. We will assume that interface ethernet 0/1 is associated with the primary default route, and interface ethernet 0/2 is used as the backup.
set your interfaces up:
interface eth 0/1
description WAN
ip address <IP Address> <Netmask>
no shutdown
!
!
interface eth 0/2
description DSL/Cable
ip address <IP Address> <Netmask>
no shutdown
!
create a probe and track:
!
probe <NAME> icmp-echo
remark ping probe
destination <Gateway IP address>
source-address <eth 0/1 IP Address>
tolerance consecutive fail 3 pass 1
no shutdown
!
!
track <NAME>
remark track ping probe
test if probe <Probe NAME>
no shutdown
!
create an ACL, route map, and local policy:
!
ip access-list extended <NAME>
remark ACL for ping
permit ip host <eth 0/1 IP address> host <primary gateway IP address>
!
route-map <NAME> permit 10
remark forces ping probe to static route
match ip address <ACL NAME>
set ip next-hop <primary gateway IP address>
set interface null 0
!
ip local policy route-map <route-map NAME>
!
set up your routes:
!
ip route 0.0.0.0 0.0.0.0 <primary gateway IP address> track <Track NAME> (primary default route)
ip route 0.0.0.0 0.0.0.0 <backup gateway IP address> 10 (backup default route)
!
A few areas of importance:
- <NAME> is an arbitrary place holder for a user defined parameter. It is important, however, to keep track of these names as they are referenced by various other configuration aspects.
- The backup default route has a higher administrative distance than the primary default route. In this example, the primary route has an administrative distance of 0, and the backup route has an administrative distance of 10.
- It may be necessary to make changes to the firewall. These changes are:
- a new public policy for the backup interface, and
- an added source NAT in the LAN facing policy class.
- The main functionality being implemented is Network Monitoring. Further information can be found in the following guide.
