thanks for your reply

but i can't see how it may help;  as the destination (1.1.1.0/24)  will still be reachable...as the problem is not in the WAN

Assuming that i use IP SLA to monitor (1.1.1.5) and the fiber cut happens (as per the image), then the route (next hop) will be changed (from 10.10.10.2)  to another media (lets assume through  20.20.20.2). In this case HQ will be able to reach Workstations (2 to 5) but it will lose connection to workstation 1 (although it can be still reached as there is no problem in its WAN connection) ...right

This may be acceptable in this specific case (to lose one site out of 5) ...but assume larger number of sites and the fiber cut to be in the middle , then u will lose connection  to half of the workstations although there is a working WAN connection that can be used to reach them

Best regards

best regards

Hello,

I think this can be done with EEM scripts on both sides.

On the branch routers, you need a script that shuts down its WAN interface when the HSRP state changes from Active to Standby.

On the HQ side you need an IP SLA for each WAN connection that tracks the other side of the WAN link, and removes the respective static route when the other side of the WAN is down.

I am currently testing this in GNS3, will send the results asap.

Hello,

here is what I have come up with. On the HQ router, configure 4 IP SLAs and 4 routes with tracking. On all branch routers, configure the 2 EEM scripts. The script will shut down the WAN interface of a branch router if the router is not the active HSRP router, and the HQ router will only use the route pointing to the active HSRP router.

Shut all WAN interfaces that are not in use to start out with, so the script can unshut them. The interfaces assumed in the script are GigabitEthernet0/0 for the LAN, and GigabitEthernet0/1 for the WAN, change them according to your own interfaces.

HQ Router

track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
track 3 ip sla 3 reachability
!
track 4 ip sla 3 reachability

!

ip sla 1
icmp-echo 10.10.10.2 source-ip 10.10.10.1
threshold 1000
frequency 5
!
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 20.20.20.2 source-ip 20.20.20.1
threshold 1000
frequency 5
!
ip sla schedule 2 life forever start-time now
!
ip sla 3
icmp-echo 30.30.30.2 source-ip 30.30.30.1
threshold 1000
frequency 5
!
ip sla schedule 3 life forever start-time now
!
ip sla 4
icmp-echo 40.40.40.2 source-ip 40.40.40.1
threshold 1000
frequency 5
ip sla schedule 4 life forever start-time now
!
ip route 1.1.1.0 255.255.255.0 10.10.10.2 track 1
ip route 1.1.1.0 255.255.255.0 20.20.20.2 101 track 2
ip route 1.1.1.0 255.255.255.0 30.30.30.2 102 track 3
ip route 1.1.1.0 255.255.255.0 40.40.40.2 103 track 4
ip route 1.1.1.0 255.255.255.0 50.50.50.2 200

All Branch Routers

event manager applet BRANCH_DOWN
event syslog pattern "Active -> Init"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/1"
action 4.0 cli command "shut"
action 5.0 cli command "end"
!
event manager applet BRANCH_UP
event syslog pattern "-> Active"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/1"
action 4.0 cli command "no shut"
action 5.0 cli command "end"

hello Georg Pauwen

many thanks for ur great effort...really appreciated..it was  very informative for me as this was out of my league

but if i understood right...this will reduce the network as per the newly attached image (hsrp3.jpg)

and the routing will be shortened to :

ip route 1.1.1.0   255.255.255.0   10.10.10.2 track 1 ---> ( which will be used as  track1 is valid)
ip route 1.1.1.0   255.255.255.0   30.30.30.2 102 track 3 ( will not be used as AD is 102 although track 3 is  also valid)
ip route 1.1.1.0   255.255.255.0   50.50.50.2 200

so again we will have access to WS 1,2 but not 3,4,5

is that right ??

Also what if we make all routes with same AD ?

again thanx for ur greatly appreciated idea

Hello,

the configuration will make sure that only the WAN link to the active HSRP router is active. The only route in the routing table, from the perspective of the HQ router, is the route to the active HSRP router.

I am not sure I understand what you are after ? 

hi again

the target is to have connectivity to ALL workstations at the same time  whatever/wherever the location of cut in the fiber

in this case (hsrp3.jpg)  (when there is a cut ) there will be 2 HSRP routers marked as active ( not just one), so theoretically there will be 2 routes . Only one will be used in routing table due to AD

so u will reach WS's connected to the router with its route in routing table and you will lose connection to the other WS's  connected to the other (HSRP Active) router

Hope i could make the idea clear

thanks again

The confusion comes from your description of the fiber link as being a switch. What are the routers connected to ? Each to a different switch ?

I guess it would help if you could provide a more detailed drawing of how your PCs are connected to the Branch routers, and how the branch routers are connected to each other.If all routers are in one HSRP group, the clients should have access toany of the routers no matter which one fails, otherwise the entire HSRP setup is flawed and needs to be reworked.

i will try this one in GNS3 & give a feedback

thanx alot