Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4652
Views
49
Helpful
50
Replies

configuring RIP between a Pix and a 4500 switch

Go to solution
Kevin Melton
Level 2
Level 2

‎12-29-2009 11:33 AM - edited ‎03-06-2019 09:06 AM

I have a 4500 switch which is in the center of one of my customers networks.  The 4500 effectively routes between all the production VLAN's for the customer.

I have a PIX connected to the switch in VLAN 1.  I have just configured RIP v1 as follows on the PIX:

rip outside passive version 1

rip inside passive version 1

rip inside default version 1

I used a sniffer and captured the RIP updates between the 4500 and the PIX.  I see the pix sending out a RIP update for the default route.  However I do not ever see the 4500 update it routing table to reflect it

routes on 4500.JPG

It is unclear to me why the 4500 wont update it route table with the default route from the PIX.  I want this to be a secondary default route in case the Main static route goes down.

Thanks

Kevin

Labels:
0 Helpful
50 Replies 50

Go to solution
Kevin Melton
Level 2
Level 2
In response to Jon Marshall

‎01-29-2010 01:15 PM

hey there

I have read thru the link you have sent.  Here is the latest configuration I have on the Border Router based upon what the link indicates is necessary:

ip sla monitor 1
type echo protocol ipIcmpEcho 209.145.88.29
frequency 30
ip sla monitor schedule 1 life forever start-time now

bhigw2#sho run | begin track
track 1 interface GigabitEthernet0/1 ip routing

bhigw2#sho run | begin ip route 0.0.0.0
ip route 0.0.0.0 0.0.0.0 209.145.88.29 track 1
ip route 0.0.0.0 0.0.0.0 209.145.88.29

I think I would need to get rid of that second (legacy) static route for 0.  Also I wanted to ask you about the secondary interface that the Link you sent for

Reliable Static Routing Backup Using Object Tracking. 

Since I dont actually have a Secondary interface in this situation as the guide call for, I am starting to think this is where you may have been referring to a dummy route.  Is that correct?

Thanks Jon.  We are close I can feel it.

Kevin

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Jon Marshall

‎01-29-2010 02:08 PM

Jon

I read the article entitled "Reliable Static Routing Backup Using Object Tracking" that you had sent the link for.  Here is the config I have so far based on what it said to do:

ip sla monitor 1

type echo protocol ipIcmpEcho 209.145.88.29

frequency 30

ip sla monitor schedule 1 life forever start-time now

track 123 rtr 1 reachability

ip local policy route-map ipsla

access-list 150 permit icmp host 209.145.88.30 host 209.145.88.29

access-list 150 deny   icmp any any

route-map ipsla permit 150

match ip address 150

set interface GigabitEthernet0/1

ip route 0.0.0.0 0.0.0.0 209.XXX.88.XX track 123

ip route 0.0.0.0 0.0.0.0  123.456.789.123 254

Here is the output from the sho ip route track table command:

bhigw2#sho ip route track-tab
ip route 0.0.0.0 0.0.0.0 209.xxx.88.xx track 123 state is [up]
bhigw2#

I am hoping this may be all we need.  If you can look this over and tell me what you think.

Have a splendid weekend!

Kevin

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Kevin Melton

‎01-31-2010 01:07 PM 

k-melton wrote:
Jon
I read the article entitled "Reliable Static Routing Backup Using Object Tracking" that you had sent the link for.  Here is the config I have so far based on what it said to do:
ip sla monitor 1
 type echo protocol ipIcmpEcho 209.145.88.29
 frequency 30
ip sla monitor schedule 1 life forever start-time now
 
track 123 rtr 1 reachability
 
ip local policy route-map ipsla
 
access-list 150 permit icmp host 209.145.88.30 host 209.145.88.29
access-list 150 deny   icmp any any
 
route-map ipsla permit 150
 match ip address 150
 set interface GigabitEthernet0/1
 
ip route 0.0.0.0 0.0.0.0 209.XXX.88.XX track 123
ip route 0.0.0.0 0.0.0.0  123.456.789.123 254
Here is the output from the sho ip route track table command:
bhigw2#sho ip route track-tab
 ip route 0.0.0.0 0.0.0.0 209.xxx.88.xx track 123 state is [up]
bhigw2#
I am hoping this may be all we need.  If you can look this over and tell me what you think.
Have a splendid weekend!
Kevin

Kevin

Had a spare half hour Sunday evening so did a quick lab. Apologies for this but reliable static routing with object tracking is actually overkill for what we need. All you actually need to do is track the route so full config -

ip sla monitor 1

type echo protocol ipIcmpEcho 209.145.88.29

frequency 30

track 123 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 209.145.88.29 track 123

and that's all you need to add. I tested this by shutting down the ethernet interface on the upstream router ie. the 209.145.88.29 router and once the IP SLA failed on bhigw2 the static route was removed. Once removed it was no longer being redistributed into EIGRP and so was not passed back down the line to the 4500. The 4500 then used it's floating static route pointing to the other gateway. Note, i think i have already mentioned this but make your floating static AD 200 or above.

Once i brought the interface back up and the IP SLA succeeded the route was reinstalled on bhigw2 and then redistributed all the way back to the 4500.

So i think we are there. Let me know if you have any other queries.

Jon

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Jon Marshall

‎02-02-2010 08:05 AM

Jon

I appreciate your taking your time to verify this configuration and resulting operation.  Tomorrow night is when I get to test this on the production network.

I will remove the unnecessary aspects of my config to match what you have here.  I will follow up once complete early Thursday morning.

Great work!

Kevin

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Jon Marshall

‎02-06-2010 05:24 AM

Jon

Testing went fine and all worked as planned.

If one of the devices on the Edge fails (Border router, firewalls, or the bhiedge switch) will EIGRP also uninstall the default route?

Thanks again for the time you have put into this.

Kevin

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Kevin Melton

‎02-06-2010 09:50 AM 

k-melton wrote:
Jon
Testing went fine and all worked as planned. 
If one of the devices on the Edge fails (Border router, firewalls, or the bhiedge switch) will EIGRP also uninstall the default route?
Thanks again for the time you have put into this.
Kevin

Kevin

I was wondering how it went. Really glad to hear it worked as expected.

If any of the devices in the "chain" from the border router to the 4500 fails then yes the default-route will not get back to the 4500 and so the 4500 will use the backup link. That's the beauty of redistributing the static route from your edge router, all the other devices simply pass it on via EIGRP. And if any of these devices fail then they cannot then pass on the default route.

No problem with the time, enjoyed helping out and also learned a few things about EIGRP as well.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card