BoXeR
Guest
|
 Posted:
Sun Nov 07, 2004 6:06 pm Post subject:
Problem with ISDN backup |
|
|
Hi,
after one week of investigating the behaviour of ISDN backup calls, I decide
to use this group knowledge and finally solve the problem.
The configuration and scenario is applied to the following devides:
1. The Cisco router ## 1751 with 12.3(11)T equipped with WIC-1B-S/T ##
acting as CPE device with double GRE +IPSec tunnels configured on it and
ISDN backup connection.
2. Cisco AS5300 acting as LAC that terminates PPP form CPE and originates
L2TP in case of backup connections
3. 2 Cisco 7206/NPE-G1 routers acting as IPSec aggrgators (and LNS that
terminates L2TP from AS5300 in case of backup connections).
The scenario is:
CPE establishes 2 GRE +IPSec tunnels (each one to separate Aggregator for
redundancy purposes).
Both GRE +IPSec tunnels are configured inside dedicated VRF (It can be
important information - maybe there are any known incommpatibilies with
dialler and vrf configuration)
If primary GRE+IPsec tunnels for some reasons goes down, the second one
takes its responsibilities and starts forwarding the traffic to redundant
aggregator.
Untill that point everything is correct.
But my idea was to run isdn backup connection when also redundant GRE+IPSec
tunnel for some reasons will go down. :-)
And here starts my problem.
After one week of tests I realized that that configurations stays very
unstable, I mean:
The Dialer interface from time to time recognize the both primary links down
and starts dialling out to LAC (then the lac should establish l2tp tunnel to
LNS and terminate the backup connection. etc)
I have noticed that for some reason, after the primary link is up again the
ISDN stays "connected"":
Global ISDN Switchtype = basic-net3
ISDN BRI0/0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
CCB:callid=8097, sapi=0, ces=1, B-chan=1, calltype=DATA,
hdlctype=HDLC-TRUNK
CCB:callid=8098, sapi=0, ces=1, B-chan=2, calltype=DATA,
hdlctype=HDLC-TRUNK
Active dsl 0 CCBs = 2
The Free Channel Mask: 0x80000000
Total Allocated ISDN CCBs = 2
And if again the primary links go down, the Dialer informs that there is no
free B channels.
I wrote "connected" in quota because, the PSTN switch does not see that
channels as connected.
The LED on WIC-1B-S/T also do not indicate that any of B channels is busy
(?)
When I shutdown and un-shutdown the BRI interface, that "state" is cleared
and ISDN can again be used for backup.
Following is the config of CPE device (I think here is the problem, so no
other configs are required).
(text omitted)
!
interface Tunnel1
ip vrf forwarding vpn
ip address 3.3.3.2 255.255.255.252
tunnel source Vlan10
tunnel destination 111.111.111.111
!
interface Tunnel2
bandwidth 4
ip vrf forwarding vpn
ip address 3.3.3.6 255.255.255.252
tunnel source Vlan10
tunnel destination 112.112.112.112
!
interface BRI0/0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication pap
!
interface FastEthernet1/1
switchport access vlan 10
no ip address
!
interface FastEthernet1/2
switchport access vlan 20
no ip address
!
interface FastEthernet1/3
switchport access vlan 20
no ip address
!
interface FastEthernet1/4
switchport access vlan 20
no ip address
!
interface Vlan10 /I use WIC-4ESW if
someone would ask for it/
ip address 10.10.10.2 255.255.255.0
ip nat outside
!
interface Vlan20
ip address 20.20.20.1 255.255.255.0
ip nat inside
!
interface Dialer1
ip vrf forwarding vpn
ip address 3.3.3.10 255.255.255.252
encapsulation ppp
dialer pool 1
dialer remote-name LAC
dialer idle-timeout 10
dialer string 1234567
dialer watch-group 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username ipsec-cpe password 0 ipsec-cpe
!
router ospf 333 vrf vpn
/both GRE tunnels works with OSPF to get the network 99.99.99.99/
log-adjacency-changes
redistribute connected metric 10 subnets
network 3.3.3.0 0.0.0.7 area 0
!
ip route vrf vpn 99.99.99.99 255.255.255.255 Dialer1 200 /connected
Dialer int. uses static route to network 99.99.99.99/
!
ip access-list extended primary
permit gre host 10.10.10.2 host 111.111.111.111 log
ip access-list extended redundant
permit gre host 10.10.10.2 host 112.112.112.112 log
access-list 188 permit ip 20.20.20.0 0.0.0.255 any
dialer watch-list 1 ip 99.99.99.99 255.255.255.255 vrf vpn
******************************
END
As I said, afrer the BRI status is cleared, everything works fine, but afres
the backup connection is no longer needed, the BRI status make the Dialer1
interface imposible to dial-up once again.
In such cases the: debug dialer displays the following output:
Neighbor Down: Interface down or detached
*Nov 5 13:53:51.011: DDR: Dialer Watch: watch-group = 1
*Nov 5 13:53:51.011: DDR: network 99.99.99.99/255.255.255.255 DOWN,
*Nov 5 13:53:51.011: DDR: primary DOWN
*Nov 5 13:53:51.011: DDR: Dialer Watch: Dial Reason: Primary of group 1
DOWN
*Nov 5 13:53:51.011: DDR: Dialer Watch: watch-group = 1,
*Nov 5 13:53:51.011: DDR: Dialer Watch: No free dialer on Di1
and show isdn stat shows again:
lobal ISDN Switchtype = basic-net3
ISDN BRI0/0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
CCB:callid=8099, sapi=0, ces=1, B-chan=1, calltype=DATA,
hdlctype=HDLC-TRUNK (???)
CCB:callid=809A, sapi=0, ces=1, B-chan=2, calltype=DATA,
hdlctype=HDLC-TRUNK (???)
Active dsl 0 CCBs = 2
The Free Channel Mask: 0x80000000
Total Allocated ISDN CCBs = 2
BTW, why HDLC-TRUNK, when I use PPP encapsulation ???
I believe someone got such problems before and will be able to help.
Regards
Sebastian |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in