Thanks. That's the document I've been using for the syntax. It was unclear from that though, or I'm reading it wrong (probably).

Thanks. That's the document I've been using for the syntax. It was unclear from that though, or I'm reading it wrong (probably).

What is the model of the switch in which you want to configure IP SLA ?

-GI

I haven't actually done it yet. But I have a pair of 6509s that are my core switches, and the uplink only exists on one. However on both switches I have static routes, directing traffic as required. My goal is to setup a backup link using ipsec to the site, and I want to switch between routes if the primary goes down. I became stuck on the switch that doesn't have the uplink and how to proceed with that.

I am kind of thinking now it doesn't matter much, if on the switch without the uplink, I just use source-interface and specify the trunk between the two switches, if the echo fails it will still go to the other route. The second route will redirect traffic to the ipsec tunnel.

so in the end I'd end up with something like this:

ip route x.x.x.x mask gateway track 1
ip route x.x.x.x mask gateway 10
ip sla 1
icmp echo x.x.x.x source-interface 0/x

etc.
 

On the 6500 without an uplink you just specify a source IP that the other 6500 knows how to get back to.

It can't be a trunk because that is L2 ie it must be a L3 interface.

Jon

I haven't actually done it yet. But I have a pair of 6509s that are my core switches, and the uplink only exists on one. However on both switches I have static routes, directing traffic as required. My goal is to setup a backup link using ipsec to the site, and I want to switch between routes if the primary goes down. I became stuck on the switch that doesn't have the uplink and how to proceed with that.

I am kind of thinking now it doesn't matter much, if on the switch without the uplink, I just use source-interface and specify the trunk between the two switches, if the echo fails it will still go to the other route. The second route will redirect traffic to the ipsec tunnel.

so in the end I'd end up with something like this:

ip route x.x.x.x mask gateway track 1
ip route x.x.x.x mask gateway 10
ip sla 1
icmp echo x.x.x.x source-interface 0/x

etc.

Hi Charlie,

IP SLA tracking for automatic failover is primarily used where you have dual WAN link and automatic failover happen without any intervention.

With your setup if i understand correctly you have one Internet link and want failover over to IPSEC tunnel in the same ISP link.If that is the case i would say its of no use for IP SLA.

Because if the single ISP link goes down you won't able to setup IPSEC tunnel as well.

Hope that Helps..

-GI

Yea, sorry if I wasn't clear. The Primary link is something like a metro-ethernet connection, while the ipsec tunnel goes over a separate internet connection.

Thank you.

Yea, sorry if I wasn't clear. The Primary link is something like a metro-ethernet connection, while the ipsec tunnel goes over a separate internet connection.

Thank you.

Hi Charlie,

Try the below configuration .

ip sla 1
 icml-echo y.y.y.y source-ip x.x.x.x
 threshold 750
 timeout 900
 frequency 1
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 0.0.0.0 0.0.0.0 (interface) Primary Metro ethernet provider ip  track 1
ip route 0.0.0.0 0.0.0.0 (interface) internet router ip 5

Note :- As you are having single uplink from 6500 switch not from the other second switch, so this will only be benefit if the sla monitor fails something happens at metro ethernet network . if the physical link between primary 6500 switch goes down then secondary switch can't do anything.

Hope it Helps..

-GI

Rate if it Helps..