I have followed AN14 for dual SIM failover and that is working fine. We have some sites that have Fiber or ADSL so I want to put the WR21 in port isolate mode and have Eth0 connected to the local instrumentation and Eth1 to the fibre/ADSL.
To make this work I did the following:
1. Assigned a static IP to Eth1 in the range of the GPON ONT/ADSL input interface,
2. Set a default route to Eth1 to metric 1, I set default routes to PPP1 and PPP3 to metric 10,
This seems to work, however today I spent 6 hours trouble shooting "why" the IPSec tunnels would not come up when we loaded the config into a new router.
With the ADSL NOT CONNECTED, so Eth1 was disconnected, the router would negotiate phase 1 against the Cisco and then stop. When looking at the UI I noticed that it was negotiating the phase 1 session using the static IP from the unused Eth1 interface. So of course the Cisco ignored phase 2 because that had a source IP of the PPP1 interface.
The only way to fix it was to force the unused Eth1 into dhcp mode which caused the static IP to disappear and then the tunnels came up immediately.
Is this a bug or normal behavior?
Did I set something up wrong to make this happen?
I have the ADSL router connected again and have rebooted several times and it all comes up fine. I would like to figure this out before we deploy to the field as don't want any anomalies that would require a 3 hour drive in a land rover.