Cisco router WAN Redundancy / DUAL WAN Failover and Change Routing dynamicaly Using IP SLA Route Tracking

In this article, I will explain how we can configure Cisco routers for WAN redundancy and automatic change routing using IP SLA (Service level agreement).

IP SLA is a feature that enable the network administrators to analyze ip service levels for ip applications and services, and understand the network performance. It measures some parameters such as delay, jitter, packet loss, path, connectivity and other parameters, thus creating accurate statistics and depending on these measurements or statistics, the routers can take an action as we will see in this article.

In our Scenario, we have branch site connected to the main site using two links, one of them will be used as primary link that will carry all the data from the branch to the main site, and backup link (Secondary link) that will be used if the primary link goes down. in this article we will be covering just the icmp-echo feature used by IP SLA.

The idea of this lab is configuring two routes on the branch router R3 to get the the main site -destination network 192.168.40.0/24, and using SLA icmp-echo feature to send icmp-echo to R1. if R3 didn't receive reply from R1, R3 will consider it down and automatically uses the other route or link to reach the main site network.

Configuration Steps

1-Conguring IP SLA to ping a target : the target is R1 in the main site that has ip 192.168.20.2.This ping that shown in the image below will be sent every 10 second using frequency 10 command. R3 will consider R1 down if it didn't receive reply from it within 6 seconds using timeout 6000 command. It is possible schedule the SLA operation in different ways but in this article I want to start the ip SLA operation immediately and forever.

2-Track the state of the IP SLA Reachability: the “track state” will be down only in case of a ICMP timeout using track 1 ip sla 1 reachability command.

By using the above command, we define an object that tracks the SLA probe (track object number is 10 in this example). This can be accomplished by using the IOS Track Object as shown above. The above command will track the state of the IP SLA operation. If there are no ping responses from the next-hop IP -defined in sla 1-  the track will go down and it will come up when the ip sla operation starts receiving ping response.

To show the state of the Reachability use sh track command.

3- Define the tracked route :  add the track statement to the route pointing to R1 , The track number specifies that the static route will be installed only if the state of the configured track object is up. Hence if the track status is down the secondary route will be used to forward all the traffic.

4- verify your configuration : The commands in the image below are issued after making sure that all the links (primary and secondary is up) between the branch and the main site. The image below shows that R3 can ping to R1, the track state is up as shown in the show track command,  and the router uses R1 IP address 192.168.20.2 as a next hop to reach the main site destination network 192.168.40.0/24.

Now , i removed the link between R3 and R1, Let's see what happened in R3. As you see in the image below, R3 changes the route automatically to R2 ip address 192.168.30.2.

More explanation about the configuration, watch the video at top of this article or visit the following links

Cisco router dual wan redundancy/failover using ip sla tracking

https://youtu.be/x3xZhbrX7Ww

To download the configuration file, click on the following link

cisco router wan failover configuration file

Keywords:

cisco wan redundancy design ; cisco wan failover ; cisco wan failover config ; cisco wan failover configuration ; cisco wan failover ip sla ; cisco wan failover to vpn ; cisco wan failover nat ; cisco wan link redundancy ; cisco failover wan connections ; cisco wan redundancy ; cisco wan failover configuration via ip sla ; cisco dual wan failover config single router ; cisco dual wan redundancy ; cisco wan failover example ; cisco wan link failover ; cisco wlc redundancy over wan ; cisco dual wan failover using sla tracking ; cisco asa wan failover vpn in the upcoming articles ; cisco wan failover configuration ; cisco wan failover ip sla ; cisco wan failover config ; cisco failover wan connections ; cisco asa wan failover in the upcoming articles ; cisco dual wan failover ; cisco router wan failover ; cisco 1921 wan failover ; cisco 881 wan failover ; cisco 2911 wan failover ; cisco wan failover ; cisco wan failover configuration via ip sla ; cisco dual wan failover config single router ; cisco 1811 dual wan config failover ; cisco dual wan failover using sla tracking ; cisco router dual wan failover ; cisco asa dual wan failover in the upcoming articles ; cisco ios dual wan failover ; cisco 891w dual wan failover ; cisco 881 dual wan failover ; cisco rv042 dual wan failover ; cisco 1841 dual wan failover ; cisco wan failover example ; wan failover in cisco router ; cisco wan link failover ; cisco multi wan failover ; cisco wan failover nat ; cisco dual wan failover config on single router ; wan failover on cisco router ; cisco asa failover over wan in the upcoming video ; cisco dual wan router failover ; cisco router automatic wan failover ; cisco wan failover to vpn ; cisco asa wan failover vpn in the upcoming articles ; cisco dual wan vpn failover ; cisco router with wan failover ; cisco 1941 wan failover ; cisco 1841 wan failover ; cisco 1812 wan failover ; cisco 2811 wan failover ; cisco 5505 wan failover ; cisco asa 5510 wan failover in the upcoming articles ; cisco asa 5500 wan failover in the upcoming articles ; cisco 871 wan failover ; cisco 861 wan failover ; cisco wan failover configuration via ip sla ; cisco failover ip sla ; isco wan failover ip sla ; cisco dual wan failover using sla tracking ;

Cisco Named Access Control List (ACL) Editing and Resequence - Adding or deleteing individual lines

This article demonstrates on how to insert a line into an existing access control list (ACL) in the top of the list or in between the lines in the list. Also, will clarify how to renumber the ACL to increase the flexibility of adding line in between the existing lines in the acl.

The numbered (standard or extended) acl is non-ediable, can't remove sepecific lines from the acl, and can't insert lines at the top of the list or in between the lines in the acl. But named (standard or extended) acl can insert lines in between the lines of an existing acl, and delete individual lines from the acl.

Create Named Standard ACL

To create Named standard access control list, identify the acl by the name not the number. The following acl permit the networks 2,3, and 4 and deny all the other networks.

Add a line in between the lines of the ACL

After that, if you want to deny the host 192.168.2.10 by using the command deny host 192.168.2.10. you can't add it at the bottom of the acl. Because the host 192.168.2.10 will not be denied since the acl find a match in the first line of the acl that permit this host.

So, you have to insert the command before the first line, means the number of the inserted line must be before number 10 (The number of the first line)

In this way you can insert lines in between the existing lines of the acl.

Delete individual lines

To delete individual lines from the acl, for example to delete line number 20, issue the command no 20 as you show in the image below.

ACL Resequence

By default, ACL start with number 10, and the increment value is 10,  means the difference between the successive lines is 10. so, by default you can add 9 lines between two successive lines. for more flexibility you increase this number. So, if you want your acl starting with 10 and the increment value is 20.

For more details and explanation , watch this video on youtubeYoutube - Editing Named ACL+ ACL Resequence
http://youtu.be/RToV6h2rGeM

To get automatic updates on your facebook, join a facebook group
https://www.facebook.com/groups/netsyshorizon/

To get automatic updates on your youtube guide, subcribe

https://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5w

Connecting GNS3 to Vmware - GNS3 and Vmware virtual machine connection

This article will cover how to connect your  Vmware virtual machine to GNS3, This feature is very helpful because you can use all the features and services on your virtual machine. Also, you can use multiple virtual machines in the same time.

This can be achieved by configuring the host PC in GNS3 to use the virtual network interface card which is created automatically when you install GNS3 or created by the user manually, just right click on the host PC on GNS3 and click on configure, then choose the vmware network interface card, as shown in the image below.

Watch this short video that shows how to connect  your vmware virtual machine to gns3 router and how to test this connection.

youtube - Connect GNS3 and Vmware

https://youtu.be/WuLf3ESAx94

To get automatic updates on your Facebook, join NetSysHorizon Facebook group

https://www.facebook.com/groups/netsyshorizon/

Mikrotik router PPPoE client configuration - Mikrotik PPPoE client Setup

In this article, I will explain configuring Mikritk router to work as DSL router by configuring it as pppoe client.In the same time you can use all the router features such as NAT, filter rules similar to ACL in cisco, NTP, SNMP ,Limit traffic speed , etc...

Configuring Mikrotik router as pppoe client requires 

• Configuring DSL modem or router in bridge mode
• Configuring Mikrotik as PPPoE Client

Looking at the above diagram, we have TPLINK dsl router that should be configured as bridge and connected to the DSL service provider. In addition to Mikrotik routerboard that should be configured as pppoe client.

Configuration steps

1.       Configuring the DSL router as bridge, as you show in the image below

2.       Creating a PPPoE interface in the Mikrotik router and configuring the DSL username and password on this interface. Press on the interfaces button and click on the plus icon, you will see a menu, choose a pppoe client and fill the DSL username and password as you show in the image below.

Watch the simple & short video:

More explanation about the configuration, download this video

YouTube - Mikrotik PPPoE Client Configuration

https://youtu.be/aUGL20rjbVA

Adding IOS to GNS3 - How to add IOS to GNS3

This article covers how to add IOS to GNS3. For example, the routers on GNS3 can't be used till you have an IOS, and adding it to GNS3.

To add IOS to GNS3-1.1, from edit menu, choose preference, after that press on IOS routers to add new IOS as you show in the image below.

Watch this simple and short video

For more details, watch this video
Youtube - Adding IOS to GNS3
https://youtu.be/GjxODWeuC5Y

To download Cisco 7200 router IOS image
Cisco 7200 router IOS image

To download cisco router 3660 router IOS image
Cisco router 3660 IOS image

To download cisco router 3640 IOS image
Cisco router 3640 IOS image

To get automatic updates on your YouTube guide, subscribe this channel
https://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5w

to get automatic updates on your Facebook, join a Facebook group
https://www.facebook.com/groups/netsyshorizon/

Connect GNS3 to your Local machine - Connect your PC to GNS3 router

This article will cover the capability of connecting your  local PC or laptop to GNS3, This feature is very helpful because you can use all the features and services on your laptop.

This can be achieved by configuring the host PC in GNS3 to use you network interface card, just right click on the host PC on GNS3, then choose the network interface card of your machine, as shown in the image below.

Watch this short video that shows how to connect your PC to GNS3 router and test this connection.

Youtube-Connect GNS3 to PC
http://youtu.be/c_b_-rGWnJc

For more videos, visit the channel on YouTube
http://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5w

To get automatic updates on your Facebook, join NetSysHorizon Facebook group
https://www.facebook.com/groups/netsyshorizon/

Backup and Restore Configuration files - Cisco routers and switches

This article will show why would we backup the configuration file and how we configure the router to backup and restore the configuration files.

When would you need  backup

• Migrate the configuration file from an existing router to a new router
• The configuration file or part of the configuration is  accidently deleted
• Router hardware failure

Before explaining how to backup and restore the configuration file, you should know that there are two configuration files.

running-config file is stored in the ram which contains the configuration active in the system RAM but not yet saved to NVRAM, this configuration will be lost after a power off. The RAM of the router performs the same functions of the ram of the PC.

Startup-config file is stored in the NVRAM which contains the configurations saved or copied from the running-config file, this configuration will not be lost after a power off.

This article show Backing up the running configuration file to a TFTP server, the TFTP server used in this article and video below is Solarwinds tftp server. Also, you can use another TFTP servers such as tftpd.

Backup the running-config file in the ram to a TFTP server using this command

R1#copy running-config tftp

Backup the startup-config file in the NVRAM to a TFTP server using this command

R1#copy startup-config tftp

Restoring the running config file from TFTP server to the RAM running-config file

R1#copy tftp running-config

Restoring the startup- config file from TFTP server to the NVRAM startup-config file

R1#copy tftp startup-config

The details of how to backup the configuration file from the ram to tftp server, and restore the configuration file to the router, as you show below

1- First  copy the running config file from the ram to the tftp server using the command copy run tftp, the router will ask you about the ip of the tftp server which is 192.168.1.107 in this lab.After that the router will ask you what will be the name of the config file that will be saved in the tftp server, if you press enter means you accept the suggested name r1-config.

                R1#copy run tftp

                Address or name of remote host []? 192.168.1.107

                Destination filename [r1-confg]?

                !!

                1180 bytes copied in 1.200 secs (983 bytes/sec)

                R1#

Now, the backup is done, the image below shows the syslog messages appeared on the tftp server when you make a backup.

2- we want to change the hostname, because i want to make differences between the configuration file before the restore and after the restore.  Since i will restore the backup configuration file in the next step.

                R1#conf t

                R1(config)#hostname cisco1

                cisco1(config)#exit

3- After changing the hostname to cisco1, we want to restore the backup configuration file. After restoring the previous backup configuration file, the host name of the router must be changed to R1 as it was in the backup configuration file  

                cisco1#copy tftp run

                Address or name of remote host [192.168.1.107]? 192.168.1.107

                Source filename [r1-confg]?

                Destination filename [running-config]?

                Accessing tftp://192.168.1.107/r1-confg...

                Loading r1-confg from 192.168.1.107 (via FastEthernet0/0): !

                [OK - 1180 bytes]

                1180 bytes copied in 1.732 secs (681 bytes/sec)

                R1#

A s you see above, after restoring the backup condiguration file from the tftp server, the hostname of the router is changed to R1.

The link below refer to the video that explain how to backup and restore the configuration file and how to use the TFTP server .

YouTube - Backup and Restore Configuration files
http://youtu.be/YMX1EMPjBC0

For more videos, subscribe the channel
https://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5w

To get automatic updates on your facebook, join a facebook group
www.facebook.com/groups/netsyshorizon/

To follow my articles and videos on google+
www.google.com/+tariqabosallout

Round Trip Time (RTT) - Round Trip Delay (RTD)

Round Trip Time is the time required for the packet to move from source to destination plus the time of moving the response or acknowledgment. This represents how much time a packet will take to move from the source to the destination and back again.

 RTT is also called Round Trip Delay (RTD) and measured in milliseconds(ms). The user can determine the RTT by using the ping command, as shown below

The ping command shows that the minimum RTT is 1 ms, means that the minimum time required for the packet to travel from this user to the destination network device 192.168.1.1 and back again is 1 ms, and the maximum time required for the packet to travel from this user to the destination network device 192.168.1.1 and back again is 3 ms.

So, the average time required for the packet to travel from this user to the destination network device 192.168.1.1 and back again is 2 ms.

To get automatic updates on your Facebook, join NetSysHorizon Facebook group

https://www.facebook.com/groups/netsyshorizon/
To get automatic updates on Google plus, follow 
https://plus.google.com/+TariqAbosallout

Difference between telnet and ssh - Telnet and SSH Configuration - Telnet Vs SSH

Telnet and Secure Shell (SSH) protocols have the same purpose. Both of them are used to communicate to a remote device. They are used mostly by network administrators to remotely access and manage devices such as routers, switches, servers.

Telnet is not secure because all the data would be sent in clear text including the passwords without authentication and encryption, but SSH is a secure protocol because it encrypts the data using authentication and encryption protocols.

SSH uses RSA for authentication , and encryption protocols such as DES and 3DES. The differences between telnet and SSH are shown in the table below

Telnet	SSH
Runs on port 23	Runs on port 22
No Authentication	With Authenticaion (public key)
No Encryption	With Encryption
Send data in plain text	Encrypts the data
Not secure	Secure

Configuring Telnet

R(config)#line vty 0 4

R(config-if)#password test!tariq

R(config-if)#login

R(config-if)#exit

Configuring SSH

1-you must have hostname and domain name configured on the router

R(config)#hostname tariq

tariq (config)#ip domain-name test.xwz

2-Create username and password in the router database

tariq(config)#username tariq privilege 15 secret tariq@123

3- Generate an RSA keypair with a key length of 1024 bits for authentication

tariq (config)#crypto key generate rsa modulus 1024

4-Enable login authentication against the local database of the router using the login local command and uses ssh protocol when logging in to a the terminal line using transport input ssh command.

tariq(config)#line vty 0 4

tariq (config-if)#login local

tariq (config-if)#transport input ssh

tariq (config-if)#exit

To show the version of ssh

tariq#sh ip ssh

To change the version of SSH from version 1 to version 2, since  SSH-2 features both security and feature improvements over SSH-1. Better security, for example, comes through Diffie Hellman key exchange and strong integrity checking via message authentication codes.

tariq(config)#ip ssh version 2

The Client uses putty, Tera Term, SecureCrt and others to login into the router using telnet or ssh .

To access a router remotely from another router, use the command

R#ssh -l username IP-address

For more details about how to configure telnet and SSH, watch the video

Youtube - Telnet Vs SSH
http://youtu.be/15pfENww-dk

For more videos, visit my channel on youtube

https://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5w

To get automatic updates on Facebook, join netsyshorizon group
https://www.facebook.com/groups/954180217947066/

Capture Telnet Password - Sniffing Telnet Password - Capture Telnet Traffic

Telnet protocol  is used to communicate to a remote device. It is used mostly by network administrators to remotely access and manage devices such as routers, switches, servers.

Telnet protocol does not use any authentication and encryption protocols, so it sends all the data in clear text including the passwords. All of the above reasons make the telnet not secure because  the data can be easily read by anyone in the network.

We can use wireshark to capture the  telnet packets that transmitted over the network, and therefore you will access the router and hack the system as you will see in the video link below.

Configuring Telnet

R(config)#line vty 0 4

R(config-if)#password test!tariq

R(config-if)#login

R(config-if)#exit

Related Links:

Assign ip address to cisco layer 2 switch / Assign ip address to vlan
https://youtu.be/Q9SUVmyJr80
Telnet Vs SSH - Difference betweenTelnet and SSH Configuration
https://youtu.be/15pfENww-dk
Configure DHCP on Cisco router - Cisco router as a DHCP Server
https://youtu.be/YTCgVn9X4ac
SSH from cisco router and switch to another
https://youtu.be/_I-0Vgc8E9s
OSPF Cost Calculation and Configuring Bandwidth/ip ospf cost/reference bandwidth
https://youtu.be/zgqaVkQe5Sw
EIGRP Composite Metric Calculation and Configuring different delay values and Bandwidth values
https://youtu.be/GsnV4Bc3On8
Configure / Assign IP address to Cisco Layer 3 Switch
https://youtu.be/s9DMZCq27Ys
Configuring cisco extended acl / extended named access control list tutorial using packet tracer
https://youtu.be/Tj6H8pg06f0
Configure Cisco  Extended ACL/ Extended Numbered Access Control List ACL Using Packet Tracer
https://youtu.be/j0CDNAa2Wqg
Port Forwarding and Static Nat on Cisco Routers - Access your private network from the internet
https://youtu.be/8WVWoW86Uhw
Configure Cisco Named Standard Access Control List ACL on Cisco routers
https://youtu.be/u2zmuRZazFw
How Access List works - Numbered Standard Access List configuring
https://youtu.be/rLci6mFg2BA
Cisco router WAN Redundancy/WAN Failover and Change Routing dynamicaly Using IP SLA - Route Tracking
https://youtu.be/x3xZhbrX7Ww
Cisco Named Access Control Lists Editing (add and delete individual lines+resequence)
https://youtu.be/RToV6h2rGeM
Connecting  GNS3 to Vmware
https://youtu.be/WuLf3ESAx94
How to download and install GNS3 1.2 + adding IOS image to GNS3
https://youtu.be/CXVNpERIPo4
Mikrotik router PPPoE client configuration - Mikrotik PPPoE client Setup
https://youtu.be/aUGL20rjbVA
Add IOS images to GNS3
https://youtu.be/GjxODWeuC5Y
Connect your PC to GNS3 - connecting GNS3 to local machine
https://youtu.be/c_b_-rGWnJc
Configuration register value - changing the configuration register
https://youtu.be/YVAKerOmJpk
Backup and Restore Cisco Configuration file -  Cisco backup Config
https://youtu.be/YMX1EMPjBC0
Capture telnet password using wireshark - Sniffing telnet password using wireshark
https://youtu.be/xShwyUq-uHk
Clock Rate vs Bandwidth - Configuring clock rate and bandwidth
https://youtu.be/rntsm5bHagI
Configure Default routes on cisco routers
https://youtu.be/E5-kpZt8LU4
Configure cisco router hostname and ip address
https://youtu.be/1OYMlMzQ1dE
Cisco Router Password Recovery
https://youtu.be/6shdtrAx9l0
Static Routing Configuration Using Packet Tracer
https://youtu.be/v05Jm4h-Zms

Keywords:

capture telnet username and password

sniffing telnet username and password

Capturing telnet password

Sniffing telnet data

sniffing telnet traffic

how to sniff password with wireshark

sniff telnet password
telnet traffic capturing using wireshark
using wireshark to capture telnet traffic or data

easy capturing telnet password using wireshark
sniffing telnet using wireshark
how to capture passwords through the network

wireshark sniffer
capture telnet session
telnet capture output

capture telnet traffic wireshark
wireshark telnet capture