10-16-2012 08:46 AM - edited 03-04-2019 05:52 PM
Below is a very simple IP SLA configuration. It is designed to monitor traffic across an Metro connection (10.100.8.1) and if that connection goes down, route through a VPN over the internet to the remote end (10.1.1.42). Track shows reeachability and all looks correct; I can do a source ping over the secondary route and it is a good route. Unfortuantely, turning down the main interface, it does not work and traffic does not route to secondary interface. Any ideas?
!
license udi pid CISCO2911/K9 sn FTX1551AKU0
!
!
username celtictech privilege 15 secret 5 $1$qdHW$gnOIDoLFd6LElmKMXdHhv/
username coadmin privilege 15 password 7 14141D0A08092325777B60657B
!
redundancy
!
!
!
track 1 ip sla 1 reachability
!
class-map match-any call-sig
match ip dscp cs3
match ip dscp af31
class-map match-any protocols
match ip dscp cs6
match ip dscp cs7
class-map match-any voice
match ip dscp ef
!
!
policy-map voip
class voice
priority percent 33
class call-sig
bandwidth percent 10
class protocols
bandwidth percent 5
class class-default
fair-queue
random-detect
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description MetroE WAN
bandwidth 10000
ip address 10.100.8.2 255.255.255.252
duplex auto
speed auto
service-policy output voip
!
interface GigabitEthernet0/1
bandwidth 100000
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
service-policy output voip
!
interface GigabitEthernet0/2
description to Colo via FW VPN
ip address 100.1.1.41 255.255.255.252
duplex auto
speed auto
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.100.8.1 track 1 (main route)
ip route 0.0.0.0 0.0.0.0 100.1.1.42 10 (backup route with higher metric)
ip route 100.1.10.0 255.255.255.0 100.1.1.42
ip route 192.168.3.0 255.255.255.0 192.168.0.25
ip route 192.168.5.0 255.255.255.0 192.168.0.25
ip route 192.168.10.0 255.255.255.0 192.168.0.25
!
ip sla responder
ip sla 1
icmp-echo 10.100.8.1 source-interface GigabitEthernet0/0
threshold 2
timeout 1000
frequency 3
ip sla schedule 1 life forever start-time now
logging 10.100.8.132
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
password 7 060506324F41
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password 7 124A50444158595779687509
logging synchronous
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Peter Buswell (aka DrVoIP)
http://blog.drvoip.com
Solved! Go to Solution.
10-16-2012 08:39 PM
Hello Peter,
Your configuration is perfect. I believe this is some freak issue. Suggestion would be reconfigure the ip sla & it's parameters. Remove the tracked route first, delete all the ip sla parameters. Recreate it. I don't remember exactly, but i remember a similar issue happening to me couple of years before. I had delete & re-created ip sla & all were fine post that.
Thanks
Vivek
10-16-2012 09:38 AM
Can you post "show track" and "show ip route" when the interface is down?
10-16-2012 03:24 PM
I will when able as this is a produciton router, so I need a maintenance window I can tell you however, that SHOW TRACK confirms that reachability is down.
Does anyone see anything wrong with the config? Should this config do the trick?
Peter Buswell (aka DrVoIP)
http://blog.drvoip.com
10-16-2012 08:39 PM
Hello Peter,
Your configuration is perfect. I believe this is some freak issue. Suggestion would be reconfigure the ip sla & it's parameters. Remove the tracked route first, delete all the ip sla parameters. Recreate it. I don't remember exactly, but i remember a similar issue happening to me couple of years before. I had delete & re-created ip sla & all were fine post that.
Thanks
Vivek
10-17-2012 03:46 AM
I agree with Vivek. The configuration looks fine. If removing/recreating the sla configuration doesn't work, maybe you could try to update the IOS to see if that resolves the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide