08-26-2024 11:25 PM
Hi Team ,
I have one requirement that whenever PC1 and 8.8.8.8 reachability goes down due to any reason and consider 8.8.8.8 is CLOUD IP then R2 interface f2/0 should also be down like state or protocol of interface can we achieve this through IPSLA or any other way.
Regards
Salman
Solved! Go to Solution.
08-27-2024 02:52 AM
@MHM Cisco World wrote:
If he use different ip sla source interface then what logic of eem and IP sla???
icmp-echo 8.8.8.8 source-ip x.x.x.x < sourced from the egress interface (NOT FA0/2)
track 1 rtr 10 reachability <-- tracking based on the iplsa
event manager applet FA02-DOWN
event track 1 state down <----EEM based on the track
event manager applet FA0/2-UP
event track 1 state up <----EEM based on the track
08-27-2024 02:55 AM
icmp-echo 8.8.8.8 source-ip x.x.x.x < sourced from the egress interface (NOT FA0/2)
this my point you use ip sla to detect traffic pass through other interface to down interface f0/2
this no meaning of EEM
I think he need to detect ISP interface via IP SLA and down when ip sla is unreachable
that what I understand from him and I ask him if he can manually UP port later
MHM
08-27-2024 03:04 AM
Hello
@MHM Cisco World wrote:
icmp-echo 8.8.8.8 source-ip x.x.x.x < sourced from the egress interface (NOT FA0/2)
this my point you use ip sla to detect traffic pass through other interface to down interface f0/2
this no meaning of EEM
Why would you say that, why not have an EEM script to down an interface if a certain polled address fails
A boolean OR with IPSLA uses the same logic?
08-27-2024 03:10 AM
08-27-2024 03:15 AM
In first scenerio i shutted down this F0/0 interface then f2/0 was auto shut down. Then i manually up the f0/0 then f2/0 also auto UP.
In second scenerio i shutted down the Loopback interface at R1 which is 8.8.8.8 then R2 f2/0 also auto shutted down.
08-27-2024 03:20 AM
It lab not real?
MHM
08-27-2024 03:30 AM
As of now it is LAB but we are going to apply it in production.
In production, we have Firewall in HA (Active- passive) mode and in access side we have Nexus swithes which is connected to servers and between Firewall and Nexus we have Etherchannel. So, when we tested HA and down the firewall interface towards ISP upstream interface then HA is shifted but Etherchannel interfaces are still UP because HA never consider downstream as down that why we we need to apply SLA in nexus side.
This is my real requirement and now with these SLA and EEM i can achieve proper HA.
08-27-2024 03:37 AM
I see' then I am correct' you do detect interface via ip sla and mark it as down.
That not work in real (remember my words)
Anyway regarding to real issue ip SLA not help you here if you config PO not correctly.
I assume you use mode ON PO that why HW abd NSK not detect wrong PO config between FW HA and NSK.
Check ip sla eem and later if failed mention my name I will reply to ypu.
MHM
08-27-2024 03:43 AM
PO is configured correctly because without failover testing PO is working fine. We are using LACP not ON mode.
08-27-2024 03:49 AM
Then issue is not NSK nor PO the FW (which platform ypu use I hope it asa) even when ISP is down it not failover status.
MHM
08-27-2024 03:57 AM
We are using FTD 3100 and Failover is working when we shut down the entire firewall but issue is occuring when we shutted down the upstream interface because firewall dont know when it should shutdown the downstream interface (PO) due to this NSK consider it as UP and not shift the traffic towards secondary firewall.
08-27-2024 04:07 AM
Friend' how NSK shit traffic' the host use IP of active as GW the NSK only forward traffic.
Let me make topolgy explain some point here
MHM
08-27-2024 04:10 AM
Servers GW are in NSK means we are using NSK as L3 device.
08-27-2024 04:17 AM
That excellent are you use igp or static route between NSK and FW?
MHM
08-27-2024 04:06 AM
Hello @Salman-Abbasi
@on a side note - there is another feature you may be interested in- it’s quite old so maybe not so available as EEM is prevalent-it is ios-platform dependent also anyway it may be useful in other situation's if available
its a feature called backup interface
You apply it to an active interface and then specify another interface to become active when the primary goes down - it line protocol dependent only
Example:
int x/x
Description Upstream int
backup interface y/y
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide