Configuration of dual-link uplink backup

3

AR routers have two uplinks. If the two links both use the PPPoE dial-up method, the route backup method can be used to back up the two links. For example, the AR router has two dial-up interfaces: Dialer 1 and Dialer 2, and the active link and backup link can be determined by configuring the priority of static routes.

On field networks, when the PPPoE dial-up or authentication fails, or the IP address cannot be obtained, the router may need to automatically switch over to the backup route. However, the backup route takes over the active route only when the state of the Dialer1 interface changes to Down. In addition, a Dialer interface is a virtual logical interface, whose state is Snoofing Up. Therefore, the state of the Dialer1 interface cannot change to Down even if the PPPoE dial-up fails. A configuration scheme is described as follows to resolve this problem:

[Huawei] acl 3000 //Create the ACL list for NAT.
[Huawei-acl-adv-3000] rule permit ip //The list can be accessed by all users in general. The access can also be limited based on actual requirements.
[Huawei-acl-adv-3000] quit
[Huawei] interface dialer 1 //Create the virtual dial-up interface.
[Huawei-Dialer1] link-protocol ppp
[Huawei-Dialer1] ppp chap user 123456 //Username authenticated by CHAP
[Huawei-Dialer1] ppp chap password cipher huawei@123 //Password authenticated by CHAP
[Huawei-Dialer1] ppp pap local-user 123456 password cipher huawei@123 //Username and password authenticated by PAP
[Huawei-Dialer1] ip address ppp-negotiate //Obtain the IP address by PPP negotiation.
[Huawei-Dialer1] dialer user user1
[Huawei-Dialer1] dialer bundle 1 //Set the number of the Dialer bundle to 1.
[Huawei-Dialer1] dialer number 1 autodial //This command is added to ensure that the state of the Dialer interface changes to Down when the PPPoE dial-up fails.
[Huawei-Dialer1] dialer-group 1
[Huawei-Dialer1] nat outbound 3000 //NAT conversion list
[Huawei-Dialer1] quit
[Huawei] dialer-rule
[Huawei-dialer-rule] dialer-rule 1 ip permit
[Huawei-dialer-rule] quit
[Huawei] interface gigabitethernet 0/0/0 //Enter the view of the interface connecting to the operator.
[Huawei-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 //Enable the PPPoE Client function and bind the PPPoE client to the created Dialer interface.
[Huawei-GigabitEthernet0/0/0] quit
[Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 1 preference 60 //Create the default route which directs to the Dialer1 interface, which indicates that when the active link is normal, the route to the external networks through the Dialer1 interface is used with higher priority.
[Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 2 preference 100 //When the active link is abnormal and the dial-up fails, the active link automatically switches over to the backup link which connects to the external networks through the Dialer2 interface.

Other related questions:
Backup configuration of dual uplinks
The AR router has two uplinks. If the two uplinks use PPPoE dialup, routing is used to implement backup of the two uplinks. For example, there are two dialup interfaces: Dialer1 and Dialer2. You can configure priorities of static routes to distinguish the primary and backup uplinks. When PPPoE dialup fails, authentication fails, or an IP address fails to be obtained, the AR router needs to switch services to the backup route. The backup route takes effect only when Dialer1 becomes Down. The dialer interface is a virtual logical interface and is Snoofing Up. Even if PPPoE dialup fails, the dialer interface cannot become Down. The following configuration can be performed to solve this problem: [Huawei] acl 3000 //Create an ACL. [Huawei-acl-adv-3000] rule permit ip //Generally, all users are allowed. You can also limit user access according to actual networking. [Huawei-acl-adv-3000] quit [Huawei] interface dialer 1 //Create a dialer interface. [Huawei-Dialer1] link-protocol ppp [Huawei-Dialer1] ppp chap user 123456 //Configure the CHAP authentication user name. [Huawei-Dialer1] ppp chap password cipher huawei@123 //Configure the CHAP authentication password. [Huawei-Dialer1] ppp pap local-user 123456 password cipher huawei@123 //Configure the PAP authentication user name and password. [Huawei-Dialer1] ip address ppp-negotiate //Configure PPP negotiation for obtaining an IP address. [Huawei-Dialer1] dialer user user1 [Huawei-Dialer1] dialer bundle 1 //Specify dialer bundle 1. [Huawei-Dialer1] dialer number 1 autodial //The dialer interface becomes Down when PPPoE dialup fails. [Huawei-Dialer1] dialer-group 1 [Huawei-Dialer1] nat outbound 3000 //Configure outbound NAT. [Huawei-Dialer1] quit [Huawei] dialer-rule [Huawei-dialer-rule] dialer-rule 1 ip permit [Huawei-dialer-rule] quit [Huawei] interface gigabitethernet 0/0/0 //Enter the view of the interface connected to the ISP network. [Huawei-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 //Enable the PPPoE client function and bind the PPPoE client to the dialer interface. [Huawei-GigabitEthernet0/0/0] quit [Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 1 preference 60 //Create the default route pointing to the dialer interface. When the primary uplink is normal, services are transmitted to the external network through dialer1 preferentially. [Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 2 preference 100 //When the primary uplink is abnormal, services

What precautions should I take when the WLAN dual-link backup solution is deployed
When configuring dual-link backup, set the same heartbeat interval on the active and standby ACs. Additionally, the ACs cannot be used as service gateways, their service configurations must be consistent, and they must use different IP address pools.

Do AR routers support dual SIM cards in being configured as active and backup links
AR routers support the dual SIM cards in being configured as the active and backup links that are connected to different LTE networks. The active SIM card is used for communications in general. If the RSSI of the main SIM card is lower than the threshold, the traffic switches over to the backup SIM card. When the RSSI of the active SIM card is higher than the threshold, the traffic switches over from the backup SIM card to the active SIM card.

How to configure dual uplink interfaces on an AR functioning as the NAT server
A Huawei AR router functioning as a NAT server supports dual outbound interfaces. For the network diagram, see the right side of the page. The web server uses internal IP address 192.168.0.100/24 and port 8080 to provide services. The IP address of GE2/0/0 (outbound interface) on the AR is 202.10.1.2/24, and the IP address of GE3/0/0 is 201.10.1.2/24. The configuration process is as follows: 1. Configure IP addresses of interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 202.10.1.2 24 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 201.10.1.2 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure outbound NAT on GE2/0/0 and GE3/0/0 in NAT server and Easy IP mode. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global 202.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 201.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 [Huawei-GigabitEthernet3/0/0] quit

Differences between firewall hot standby and router dual-link backup
The packet forwarding mechanisms are different. For a router, service packets are forwarded packet by packet. The device looks up the routing table and interface-based ACL. Packets are forwarded only if corresponding match is found. After link switchover, subsequent packets are continuously forwarded. Each packet is independently processed. As a stateful firewall, the USG checks only first packets. If first packets are permitted, the USG creates a quintuple session connection accordingly. Then subsequent packets (including returned packets) matching this session entry are permitted. If link switchover occurs, subsequent packets cannot find correct session entries, resulting in service interruption. When NAT is configured for a router, similar problems may occur, because a new entry is created after NAT.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top