Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
4
Replies

IP SLA Failover

Mokhalil82
Level 4
Level 4

‎01-01-2015 01:00 PM - edited ‎03-07-2019 10:03 PM

Hi 

 

I was wondering if anyone can help to verify if I have the correct config or if changes are required

        Site1                                                                                 Site2

       4500x-----------------------------2950-------------------------------3750x

 

Now the link to from site1 to site2 is a trunk so I have ran EIGRP over it with vlan interfaces at each end and the neighbor relationship is up. I want to setup a failover (ip sla) so if external connectivity at site 1 to its gateway of 10.10.10.254 fails, traffic should be routed over the EIGRP link to site 2 to the IP of 10.10.10.18 which is the EIGRP vlan interface address there. The 3750x at site 2 will then have a default route to its own gateway. 

I have put together the following config, will this work? and when the link at site 1 comes back will it fail back

 

Site 1 IP SLA config on the 4500x.....

ip route 0.0.0.0 0.0.0.0 10.10.10.254 track 1
ip route 0.0.0.0 0.0.0.0 10.10.10.18 5

IP sla 100
icmp-echo 10.10.10.254
frequency 3

ip sla schedule 100 start-time now life forever

track 1 rtr 100 reachability

 

So I have seen other ip sla configs using route-maps but i'm not sure whats different with that config as this config tracks the primary route and drops the route if connectivity is lost.

 

Any help will be much appreciated

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-01-2015 02:49 PM

Hi,

Your config looks correct but I think

track 1 rtr 100 reachability

should be

track 1 ip sla 100 reachability

question:

so both 4500x and 3750x have access the Internet?

HTH

0 Helpful

Mokhalil82
Level 4
Level 4
In response to Reza Sharifi

‎01-01-2015 03:15 PM

Yes the 4500x is the core switch at the production site and will be connected to a pair of ASAs with its own internet connection,, the 3750x is in another building and is acting as a backup core switch and is connected to a single ASA with a connection to the internet with a different ISP. So traffic needs to be routed to the 3750x if the internet at the production site fails

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎01-01-2015 04:41 PM

Ok, I thought so. Here is one more thing you can add to the SLA once you know the one you have configured above is working.

So, right now you are tracking 10.10.10.254 address which is the address of the firewall. In this case if you lose connectivity from you firewall to the provider the traffic is not going to fail over from the 4500x to the 3750 because the 4500 does not know anything about it.

So you can add an additional condition like this:

icmp-echo 8.8.8.8

this says if ping to 8.8.8.8 (Google DNS) fails the traffic should fail over to the 3750. Now you are tracking both the next hop and the Internet traffic and which ever condition is met the traffic should fail over.

I have never tested this but interested to know if you can test it and if it works correctly.

HTH

0 Helpful

Mokhalil82
Level 4
Level 4
In response to Reza Sharifi

‎01-02-2015 03:43 AM

Thanks Reza

I was going to use 8.8.8.8 but then I thought once it fails over, it will have access to 8.8.8.8 via the 2nd gateway, so will that not cause it to start flapping. 

I will lab this over the weekend and let you know the outcome :-)

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card