Backup configuration of dual uplinks

0

The AR router has two uplinks. If the two uplinks use PPPoE dialup, routing is used to implement backup of the two uplinks. For example, there are two dialup interfaces: Dialer1 and Dialer2. You can configure priorities of static routes to distinguish the primary and backup uplinks.

When PPPoE dialup fails, authentication fails, or an IP address fails to be obtained, the AR router needs to switch services to the backup route. The backup route takes effect only when Dialer1 becomes Down. The dialer interface is a virtual logical interface and is Snoofing Up. Even if PPPoE dialup fails, the dialer interface cannot become Down. The following configuration can be performed to solve this problem:

[Huawei] acl 3000 //Create an ACL.
[Huawei-acl-adv-3000] rule permit ip //Generally, all users are allowed. You can also limit user access according to actual networking.
[Huawei-acl-adv-3000] quit
[Huawei] interface dialer 1 //Create a dialer interface.
[Huawei-Dialer1] link-protocol ppp
[Huawei-Dialer1] ppp chap user 123456 //Configure the CHAP authentication user name.
[Huawei-Dialer1] ppp chap password cipher huawei@123 //Configure the CHAP authentication password.
[Huawei-Dialer1] ppp pap local-user 123456 password cipher huawei@123 //Configure the PAP authentication user name and password.
[Huawei-Dialer1] ip address ppp-negotiate //Configure PPP negotiation for obtaining an IP address.
[Huawei-Dialer1] dialer user user1
[Huawei-Dialer1] dialer bundle 1 //Specify dialer bundle 1.
[Huawei-Dialer1] dialer number 1 autodial //The dialer interface becomes Down when PPPoE dialup fails.
[Huawei-Dialer1] dialer-group 1
[Huawei-Dialer1] nat outbound 3000 //Configure outbound NAT.
[Huawei-Dialer1] quit
[Huawei] dialer-rule
[Huawei-dialer-rule] dialer-rule 1 ip permit
[Huawei-dialer-rule] quit
[Huawei] interface gigabitethernet 0/0/0 //Enter the view of the interface connected to the ISP network.
[Huawei-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 //Enable the PPPoE client function and bind the PPPoE client to the dialer interface.
[Huawei-GigabitEthernet0/0/0] quit
[Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 1 preference 60 //Create the default route pointing to the dialer interface. When the primary uplink is normal, services are transmitted to the external network through dialer1 preferentially.
[Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 2 preference 100 //When the primary uplink is abnormal, services

Other related questions:
Configuration of dual-link uplink backup
AR routers have two uplinks. If the two links both use the PPPoE dial-up method, the route backup method can be used to back up the two links. For example, the AR router has two dial-up interfaces: Dialer 1 and Dialer 2, and the active link and backup link can be determined by configuring the priority of static routes. On field networks, when the PPPoE dial-up or authentication fails, or the IP address cannot be obtained, the router may need to automatically switch over to the backup route. However, the backup route takes over the active route only when the state of the Dialer1 interface changes to Down. In addition, a Dialer interface is a virtual logical interface, whose state is Snoofing Up. Therefore, the state of the Dialer1 interface cannot change to Down even if the PPPoE dial-up fails. A configuration scheme is described as follows to resolve this problem: [Huawei] acl 3000 //Create the ACL list for NAT. [Huawei-acl-adv-3000] rule permit ip //The list can be accessed by all users in general. The access can also be limited based on actual requirements. [Huawei-acl-adv-3000] quit [Huawei] interface dialer 1 //Create the virtual dial-up interface. [Huawei-Dialer1] link-protocol ppp [Huawei-Dialer1] ppp chap user 123456 //Username authenticated by CHAP [Huawei-Dialer1] ppp chap password cipher huawei@123 //Password authenticated by CHAP [Huawei-Dialer1] ppp pap local-user 123456 password cipher huawei@123 //Username and password authenticated by PAP [Huawei-Dialer1] ip address ppp-negotiate //Obtain the IP address by PPP negotiation. [Huawei-Dialer1] dialer user user1 [Huawei-Dialer1] dialer bundle 1 //Set the number of the Dialer bundle to 1. [Huawei-Dialer1] dialer number 1 autodial //This command is added to ensure that the state of the Dialer interface changes to Down when the PPPoE dial-up fails. [Huawei-Dialer1] dialer-group 1 [Huawei-Dialer1] nat outbound 3000 //NAT conversion list [Huawei-Dialer1] quit [Huawei] dialer-rule [Huawei-dialer-rule] dialer-rule 1 ip permit [Huawei-dialer-rule] quit [Huawei] interface gigabitethernet 0/0/0 //Enter the view of the interface connecting to the operator. [Huawei-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 //Enable the PPPoE Client function and bind the PPPoE client to the created Dialer interface. [Huawei-GigabitEthernet0/0/0] quit [Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 1 preference 60 //Create the default route which directs to the Dialer1 interface, which indicates that when the active link is normal, the route to the external networks through the Dialer1 interface is used with higher priority. [Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 2 preference 100 //When the active link is abnormal and the dial-up fails, the active link automatically switches over to the backup link which connects to the external networks through the Dialer2 interface.

How to configure dual uplink interfaces on an AR functioning as the NAT server
A Huawei AR router functioning as a NAT server supports dual outbound interfaces. For the network diagram, see the right side of the page. The web server uses internal IP address 192.168.0.100/24 and port 8080 to provide services. The IP address of GE2/0/0 (outbound interface) on the AR is 202.10.1.2/24, and the IP address of GE3/0/0 is 201.10.1.2/24. The configuration process is as follows: 1. Configure IP addresses of interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 202.10.1.2 24 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 201.10.1.2 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure outbound NAT on GE2/0/0 and GE3/0/0 in NAT server and Easy IP mode. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global 202.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 201.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 [Huawei-GigabitEthernet3/0/0] quit

After an AR is configured with multiple outbound interfaces, the website cannot be accessed
This condition generally occurs on the networking of equal-cost static route with two outbound interfaces. - In V200R003, the web page cannot be opened when online banking services with high security requirements are accessed. - In V200R005 and later versions, run the ip load-balance hash { src-ip | dst-ip | src-dst-ip } command to solve the problem that packets sent and received through different paths.

What precautions should I take when the WLAN dual-link backup solution is deployed
When configuring dual-link backup, set the same heartbeat interval on the active and standby ACs. Additionally, the ACs cannot be used as service gateways, their service configurations must be consistent, and they must use different IP address pools.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top