I am working on adding some redundancy to a number of our sites. We have two styles of backhaul: T1 and Ethernet (VLAN over Charter Fiber).
I have two T1's into a dual T1 card on a 1224STR. How can I setup T1 1/1 to be the primary, and have T1 1/2 as the hot standby?
Our primary link is a 10MB Ethernet VLAN trunk over Charter Business class fiber to our HQ. We use VLAN 39xx to a number of sites and at the HQ, in essence creating a flat network. The 1224STR uses GigE#1 as its connection to HQ. The T1 card (or FT1/DSX card) has a T1 connected to HQ. How can I set up the 122STR to use Ethernet as primary, and the T1 as secondary? Can I restrict certain VLAN or switch ports to using the T1 as backup?
T1: Are the T1s coming in as a bonded circuit or are these two individual T1 connections?
If they are two separate connections, then you can use a floating static route to configure the route failover required. An example of the routing statements is below:
ip route 0.0.0.0 0.0.0.0 <T1 1/1 gateway>
ip route 0.0.0.0 0.0.0.0 <T1 1/2 gateway> 10
The '10' at the end of the second route makes the route less preferred. However, if the first T1 connection goes down, the route should be removed allowing the second route to be inserted into the active route table. The only other thing you would need to ensure is that NAT for both internet connections are setup. You can find details on how to set up the firewall in this guide: Configuring Multiple WAN Connection Failover in AOS
If the two T1s are part of a bonded service, then the circuit is acting as a logical 3mbps pipe. In that case traffic will be sent across both T1s. However, if one of the T1s fail, the interface should remain up and routing will continue across the T1 that is still in an up state.
Charter: Unfortunately, the ability to failover from an ethernet-based connection requires Network Monitoring and is not supported on the 1224STR.
Please let us know if you have any further questions.
Thanks for the reply. The T1's are individual ptp circuits, no internet or bonding. I think the T1 solution makes sense, problem is only 2 of the sites have that setup. The rest are teh charter solution! What devices support Network monitoring? We use 1224, 1335, 4305, 4430, 3205, 3305, 5305 etc.
We are investigating the the Network Monitor option on our 4305/1335 and 5305 routers. We use att static routing, will this be an issue? If I used a 1335 with a T1 card, could I limit say 1 ethernet port only to using the T1? We only have one device that needs backup, all other devices on the 1224 (now) are not critical. My thought is to use a 1335 after the 1224 so when ethernet pipe fails (pinging our headquarters FW), it fails over to the T1. I would like to eliminate the 1224 all together, if you say I can dedicate only 1 switchport to use the backup option.
- To answer your question regarding the static routing, no that should not be an issue. In regards to your question about the 1 ethernet port only using the T1, yes I do not see why that wouldn't be possible. Policy-based routing can redirect or filter traffic based on several criteria including:
- Standard or extended access control lists
- IP precedence value
- Differentiated services (DiffServ) Code Point (DSCP)
- Layer 3 packet length
- Traffic originating from the router
More information on how to configure policy-based routing can be found here: Configuring Policy Based Routing in AOS
Also, to find out which devices support network monitoring and/or policy-based routing, please check the AOS Feature Matrix - Product Feature Matrix
Please do not hesitate to let us know if you have any quetions.
Thanks for the info. I am trying to set this up on the bench to simulate the real world, using as much real addressing as I can.
Is there a way to attach a PDF? I am lost on setting up the config file. If I can prove this works, we will continue with Adtran gear. If not, we have to go the dreaded Blue/Green C-word route.
PDF attached of a benchtop trial. Here are the basics:
1. The "critical devices" need to remain up if the Charter cloud goes down. The T1 will take over. Only the "critical" equipment needs to be redundant other misc networks and AMI can remain down.
2. The VLAN address'es are actual addresses. The critical devices talk to each other on their assigned IP's, so the T1 needs to take care of looking transparent to them.
3. The adtran 1335 in Madison is our head end switch for all towers and services. I put a 4305 in Madison for the T1 to terminate, as we want to have about 5 sites end up with this config, and would like to use the 4305 with an Octal card. If that wont work, we could go individual 4305's as needed.
4. I had this setup on the bench, all looked good, pinging around on ethernet. However my T1 HDLC link from 4305 to 1335 wont come back up. The cable is good, tried different ports and NIM's same thing.
In the end I want to bench test this, to prove to the engineers that we can remove ethernet connections and T1 will take over. If that works, we will be placing Adtran orders. If it does not work, they will buy C***0 crap.
I am not a CCNA or network designer. I am a telecom technician who has experience in this stuff, just not all of it. Ive never used NAT, never setup redundant links in routers & switches like this.
ANY help is greatly appreciated!!!
I guess I don't have accurate configs... I was trying to simply get ethernet working (it did) from a 4305 to a 1335. Then a T1 between the two (not working). I need to ultimately integrate that 4305 in the middle for the T1's, as I will have 4 sites that need to share this redundancy. I will attach what I do have though...
Sorry for the routing table mess.. I was trying things to get everything working.
The 4305 and 1335 text files are my benchtop setup.
endpoint4305 is just a device on the end of the 4305 I was using to ping across to, from a laptop on the 1335 side.
Let me know if this is too confusing. If so, I will rebuild it to the scenario in the PDF.
- You will need to set up network monitoring, as I mentioned originally, to failover from the Ethernet connection to the T1 connection. You mentioned that the T1 was not working. Could you provide the output of "show int" and "show ip route" on both T1 routers? This is to verify that the T1 and HDLC is up. If those are up, then the issue becomes the routing at that point.
The static routes on both devices seem to be misconfigured as well. You will not need any static routes to ping from ethernet WAN to ethernet WAN or HDLC interface to HDLC interface. As long as these interfaces are in an up state, they will be added automatically as connected routes. I propose this be the first goal.
Once this is achieved you will need to look into adding the appropriate static routes. What 2 LAN subnets are you planning to test with on your bench?
Also, it may be helpful to see a diagram of how you have it set up on your bench.
Let us know if you have any questions.
I am waiting for another 1335 tomorrow to have the correct bench layout as per my drawing. Then I will start looking at configs again. Before, the T1 interface was UP but HDLC was down.
Here is the latest update. I have the equipment laid out as in the PDF file. I also attached the configs. As I am very new to this, I tried to follow the Adtran document on configuring WAN failover, step by step.
I had to upgrade all three units to the latest FW versions.
I have two problems:
1. (major) I can ping from the HP 8640 laptop to the CF29 laptop fine. I remove the ethernet cable between the two 1335 to simulate the ethernet connection failing, and my connection goes down and ping goes away. I waited about 5 minutes and never saw anything recover. I think it has to do with my 4305 being between the two 1335's. That is there because we will have additional sites that will need to also attach in this manner, to the Madison 1335.
2. (minor) I can ping from the CF29 to the HP 8640 laptop, but I cant ping the other way from the HP to the CF29?! Not sure why not. I can ping all the way to the .198 gateway, but not to .197.
Take a look and see what you find. ANY help is GREATLY appreciated!
- I think the first thing we need to make sure is correctly reflected in your test setup is the addressing. Based on your PDF, the LAN in Beaver Dam and the LAN in Madison HQ are the same (172.17.226.192 /28). These should be different networks unless I misunderstood something. I'm also going on the assumption that the goal of the lab setup is to have the 2 devices marked 'Critical Ethernet Device' be able to talk to each other via the primary ethernet and backup T1 link.
There are other suggestions regarding the configuration I have, but I just want to make sure the IP subnetting is correct first.
Please let us know if you have any questions.
LAN subnets are correct. The charter pipe looks flat to us. We assign an IP in Madison (172.17.226.1 /25) and the field site would be 172.x on the same /25. Same goes for the smaller subnet for the critical devices. They are assign a VLAN xxxx like .193 /28 and the other side is .194 on the same /28.
And correct... the primary ethernet is the current communications for all devices on the field side. If the ethernet fails, then only the "critical ethernet" devices should go across the T1.
I think at this point, it may be more efficient and beneficial to open a ticket with ADTRAN Technical Support, then you can come back to this thread and post the results. You can create a ticket in several ways:
- Over the phone by calling 888-423-8726
- Emailing email@example.com
- Opening a webticket on the ADTRAN website
I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.