Solved: CONFIGURING STATIC ROUTE TRACKING USING IP

kingstdz · ‎05-25-2022

Hello

we have SW cisco C9500-16X with layer-3, two modem ADSL, each one is conncected on port of switch and VLAN

we have inter vlan, and ip route

ip route 0.0.0.0 0.0.0.0 192.168.10.254 track 62
ip route 0.0.0.0 0.0.0.0 192.168.20.254 track 63
ip route 1.1.1.1 255.255.255.255 192.168.20.254
ip route 8.8.8.8 255.255.255.255 192.168.10.254
ip route 10.x.x.x 255.255.0.0 10.x.x.x

ip tacacs source-interface Vlan100
ip ssh version 2

it work fine, but sometimes, clients calls that no internet, when i verified , 02 modems content internet, but no body have internet from switch.

where can situated the problem, how i can investigate it , or troubleshoot it to fix it.

how i can add proxy in edge or with client in same lan.

Thanks

Georg Pauwen · ‎05-25-2022

Hello,

what is the tracking related to ? Post the full configuration (sh run) of the switch...

View solution in original post

Georg Pauwen · ‎05-25-2022

Hello,

what is the tracking related to ? Post the full configuration (sh run) of the switch...

kingstdz · ‎05-25-2022

version 17.3
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service call-home
platform punt-keepalive disable-kernel-core
!
hostname BV-SWD
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

!
aaa new-model
!
!
aaa group server tacacs+ ISEServers
server name ISE01
server name ISE02
!
aaa group server radius ise-group
server name ise1
server name ise2
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group ise-group
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization network default group ise-group
aaa accounting dot1x default start-stop group ise-group
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!

aaa session-id common
switch 1 provision c9500-16x
!
!
!
!
ip routing
!
!
!
!
!
ip name-server 10.x.x.x
ip domain name corp.xxx.xxx
ip dhcp excluded-address 10.x.x.1
ip dhcp excluded-address 10.x.y.1
ip dhcp excluded-address 10.x.z.1
ip dhcp excluded-address 10.x.w.1
!
ip dhcp pool BVNETLAN
network 10.x.x.0 255.255.255.0
dns-server 8.8.8.8 1.1.1.1 255.255.255.0
default-router 10.x.x.1
!
ip dhcp pool BVNETWIFI
network 10.x.y.0 255.255.255.0
default-router 10.x.y.1
dns-server 8.8.8.8 1.1.1.1 255.255.255.0
!
ip dhcp pool B60Lan
network 10.x.x.z 255.255.255.0
dns-server 8.8.8.8 1.1.1.1 255.255.255.0
default-router 10.x.z.1
!
ip dhcp pool B60Wifi
network 10.x.x.w 255.255.255.0
dns-server 8.8.8.8 1.1.1.1 255.255.255.0
default-router 10.x.x.1
!
!
!
login on-success log
!
!
!
!
!
!
!
vtp domain xx.xx

vtp mode transparent
udld aggressive

no device-tracking logging theft
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-1556717156
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1556717156
revocation-check none
rsakeypair TP-self-signed-1556717156
!
!
!
dot1x system-auth-control
license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 17-19,60-63 priority 4096
memory free low-watermark processor 133138
!
redundancy
mode sso
!
!
!
!
!
!
transceiver type all
monitoring
!
vlan 3
name InternetADSL
!
vlan 10
name VOICE
!
vlan 13
name BT-PHONES
!
vlan 14
name BT-SERVERS
!
vlan 15
name BT-HOSTS
!
vlan 16
name PLAYER
!
vlan 17
name BVSWMGM
!
vlan 18
name BVNETLAN
!
vlan 19
name BVNETWIFI
!
vlan 20
name WIFI-MGMT
!
vlan 21
name WIFI-HOSTS
!
vlan 22
name VLAN-TEST
!
vlan 25
!
vlan 30
name CTScan
!
vlan 60
name B60Lan
!
vlan 61
name B60Wifi
!
vlan 62
name mgmt-modem-noire
!
vlan 63
name mgmt-modem-blanc
!
vlan 100
name MGMT
!
vlan 200
name voice
!
track 62 ip sla 62 reachability
!
track 63 ip sla 63 reachability
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface TenGigabitEthernet1/0/1
description Lien vers BV-B60-SWA1
switchport mode trunk
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
description Lien vers BV-24A-SWA
switchport mode trunk
!
interface TenGigabitEthernet1/0/4
description Lien vers BV-24B-SWA
switchport mode trunk
!
interface TenGigabitEthernet1/0/5
description Lien vers BV-VIP-SWA
switchport mode trunk
!
interface TenGigabitEthernet1/0/6
description Lien vers BV-FOY-SWA
switchport mode trunk
!
interface TenGigabitEthernet1/0/7
!
interface TenGigabitEthernet1/0/8
!
interface TenGigabitEthernet1/0/9
!
interface TenGigabitEthernet1/0/10
!
interface TenGigabitEthernet1/0/11
!
interface TenGigabitEthernet1/0/12
!
interface TenGigabitEthernet1/0/13
!
interface TenGigabitEthernet1/0/14
description LINK-TO-MODEM-BLANC
switchport access vlan 63
switchport mode access
spanning-tree portfast
!
interface TenGigabitEthernet1/0/15
description LINK-TO-MODEM-NOIRE
switchport access vlan 62
switchport mode access
spanning-tree portfast
!
interface TenGigabitEthernet1/0/16
description Lien vers BT-SWD
switchport mode trunk
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
!
interface TenGigabitEthernet1/1/8
!
interface FortyGigabitEthernet1/1/1
!
interface FortyGigabitEthernet1/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
ip address dhcp
!
interface Vlan16
ip address dhcp
!
interface Vlan17
ip address 192.168.1.254 255.255.255.0
!
interface Vlan18
description BVNETLAN
ip address 10.x.x.1 255.255.255.0
!
interface Vlan19
ip address 10.x.y.1 255.255.255.0
!
interface Vlan60
description bloc60
ip address 10.x.z.1 255.255.255.0
!
interface Vlan61
description Bloc 60
ip address 10.x.w.1 255.255.255.0
!
interface Vlan62
description mgmt_modem_noire
ip address 192.168.10.1 255.255.255.0
!
interface Vlan63
description mgmt_modem_blanc
ip address 192.168.20.1 255.255.255.0
!
interface Vlan100
description MGMT
ip address 10.x.1.160 255.255.255.128
!
ip default-gateway 10.x.1.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.254 track 62
ip route 0.0.0.0 0.0.0.0 192.168.20.254 track 63
ip route 1.1.1.1 255.255.255.255 192.168.20.254
ip route 8.8.8.8 255.255.255.255 192.168.10.254
ip tacacs source-interface Vlan100
ip ssh version 2
!
!
!
ip radius source-interface Vlan100
ip sla 62
icmp-echo 8.8.8.8 source-interface Vlan62
frequency 30
ip sla schedule 62 life forever start-time now
ip sla 63
icmp-echo 1.1.1.1 source-interface Vlan63
frequency 30
ip sla schedule 63 life forever start-time now
logging trap debugging
logging origin-id ip
logging source-interface Vlan100
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail
radius-server timeout 2
radius-server deadtime 30
!
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^CC
*****************************************************************
*****************************************************************
^C
!
line con 0
stopbits 1
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
!
!
!
end

kingstdz · ‎05-27-2022

Hi,

i have posted the config whats do you think about?

thanks