RedundancyCCNA 200-301

Dual ISP Failover Not Switching When Primary ISP Fails

Presenting Symptom

When the primary ISP link fails, traffic does not automatically fail over to the secondary ISP, causing internet connectivity loss.

Network Context

A small branch office with two Cisco ISR routers (primary and backup) connected to two different ISPs via separate Ethernet WAN links. The routers run IOS 15.9 and use static default routes with floating static routes for failover. The network has a single LAN segment with a single router acting as the default gateway for internal hosts.

Diagnostic Steps

Check the routing table for default routes

show ip route | include 0.0.0.0

S*   0.0.0.0/0 [1/0] via 203.0.113.1, GigabitEthernet0/0
S    0.0.0.0/0 [254/0] via 198.51.100.1, GigabitEthernet0/1

The primary default route (administrative distance 1) should be present. If the secondary route (AD 254) is also present, failover may not work because the primary route is still in the table even if the next-hop is unreachable. Look for the primary route's status.

Verify the primary ISP link status

show ip interface brief | include GigabitEthernet0/0

GigabitEthernet0/0  203.0.113.2    YES manual up                    up

If the interface is up/up, the physical link is fine. If it is down/down, the link is physically down. If it is up/down (line protocol down), there may be a Layer 1 or Layer 2 issue. In this scenario, the interface may still be up/up even though the ISP is down, because the local router sees the Ethernet link as up.

Check if the primary next-hop is reachable via ARP

show arp | include 203.0.113.1

Internet  203.0.113.1            -   0020.1234.5678  ARPA   GigabitEthernet0/0

If the ARP entry is present and incomplete, the router cannot reach the next-hop. If the entry is missing or incomplete, the router considers the next-hop unreachable, but the static route may still be in the routing table because the router does not track reachability of static routes by default.

Check if tracking is configured for the static route

show running-config | include track|ip route 0.0.0.0

ip route 0.0.0.0 0.0.0.0 203.0.113.1 track 1
ip route 0.0.0.0 0.0.0.0 198.51.100.1 254

If the primary route does not have a 'track' statement, the router will not remove it from the routing table even if the next-hop becomes unreachable. The secondary route (with higher AD) will never be used. This is the most common root cause.

Root Cause

The primary static default route is not configured with IP SLA tracking or object tracking. Without tracking, the router does not monitor the reachability of the next-hop. When the primary ISP fails, the primary route remains in the routing table (since the interface is still up/up), and the floating static route (with higher administrative distance) is never installed. Traffic continues to be sent to the dead next-hop, causing connectivity loss.

Resolution

Configure IP SLA tracking to monitor the primary ISP next-hop and conditionally remove the static route when the next-hop becomes unreachable. 1. Create an IP SLA probe: ip sla 1 icmp-echo 203.0.113.1 source-ip 203.0.113.2 frequency 10 ip sla schedule 1 life forever start-time now 2. Create a track object that references the SLA: track 1 ip sla 1 reachability 3. Modify the primary static route to use the track: no ip route 0.0.0.0 0.0.0.0 203.0.113.1 ip route 0.0.0.0 0.0.0.0 203.0.113.1 track 1 4. Ensure the secondary route has a higher administrative distance (e.g., 254): ip route 0.0.0.0 0.0.0.0 198.51.100.1 254

Verification

After the fix, simulate primary ISP failure (e.g., shut the ISP-facing interface or disconnect cable). Then run: show ip route | include 0.0.0.0 Expected output: S* 0.0.0.0/0 [254/0] via 198.51.100.1, GigabitEthernet0/1 The primary route should be absent, and the secondary route should be active (marked with *). Also verify with: show track 1 Expected output: Track 1 IP SLA 1 reachability Reachability is Down 2 changes, last change 00:00:10 Latest operation return code: Timeout

Prevention

1. Always use IP SLA tracking or object tracking for static default routes when redundant WAN links are used. 2. Use a higher administrative distance for the backup route (e.g., 254) to ensure it only becomes active when the primary is removed. 3. Regularly test failover scenarios to ensure tracking and routing behave as expected.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions about static routing and redundancy. Expect multiple-choice questions asking why failover did not occur, or drag-and-drop tasks to configure IP SLA tracking. The key fact is that static routes remain in the routing table unless tracking is configured to remove them when the next-hop is unreachable.

Exam Tips

Remember that a static route with a directly connected next-hop will remain in the routing table even if the next-hop becomes unreachable, unless tracking is used.

The administrative distance of a floating static route must be higher than the primary route's AD (default 1) to act as a backup.

Know the IP SLA configuration commands: ip sla, icmp-echo, frequency, ip sla schedule, and track ip sla reachability.

Commands Used in This Scenario

show ip interface brief

Displays a summary of all IP interfaces on the device, including their IP address, status, and protocol state, used for quick verification of interface configuration and connectivity.

show ip route

Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions