ISP Failover on C2960S

v.ramcharan · ‎08-19-2015

I have been searching the forums for this and have not found anything similar to what i want to do. I have a C2960S which is connected to two ISR1921's

I want to configure an IP Sla so that the routes on the switch failover to Router2 if the link to the wan on Router1 goes down

I have enabled lanbase-routing on the switch

I have installed three routes :

ip route 0.0.0.0 0.0.0.0 192.168.0.1 1 track 1 (Router1)

ip route 0.0.0.0 0.0.0.0 192.168.0.2 250 (Router2)

ip route 4.2.2.2 255.255.255.0 192.168.0.1 permanent (tracked object)

i have configured an IP Sla

ip sla 1

icmp-echo 4.2.2.2

threshold 2000

timeout 2000

frequency 10

ip sla schedule 1 life forever start-time now

When i try to add :

track 1 ip sla 1 reachability i get an error at this point

if i just type track ? hit enter i get unrecognized command

how can i configure an IP Sla on this switch so that the internet fail over between the two routers can occur?

switch is a WS-C2960S-48FPS-L 12.2(55)SE7 image C2960S-UNIVERSALK9-M

Index 1 Feature: lanlite
        Period left: 0 minute 0 second
Index 2 Feature: lanbase
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Priority: Medium
        License Count: Non-Counted

thanks for any help.

Mark Malone · ‎08-20-2015

Can I ask why are you doing this config on the switch ? Would you not set HSRP between the 2 routers with tracking enabled there and have your switch default gateway set as the VIP address for the HSRP

Then you can set HSRP with tracking and preempt to failover , lanbase does not support tracking only ip sla

You could then track the physical wan interface on each router or an upstream route through the reachability statement and it will failover to the other router from there , your switch will always have the VIP gateway so its not concerned who is active once one of them is

v.ramcharan · ‎08-20-2015

Mark - thanks for your answer.

Firstly - I am server trained recently thrown into the cisco world. i am still learning.

The reason i tried doing it this way is because its the way i thought it would work. HSRP is a hardware failover protocol so i thought it only becomes active when one of the routers has failed or lost power.

If the switch has a route to lets say 192.168.0.1 (HSRP) and the sla is on router 1 - if it sends the traffic to the Router 2 it has to go via the switch. The switch will simply send it back to the Router1 because it is still online - its only internet that has failed not the hardware, so Router 1 would have the Standby IP of 192.168.0.1. This is how i thought it would work.

The other reason is i thought that by doing it this way HSRP would not even be necessary. I did not want to introduce anything to the configurations of the routers that was not needed. With the SLA if a connection goes down it failsover to the second VIP. If a router physically fails it would also do the same(because it looses connection to the tracked object in either case)

So basically this is why i did the config in the manner i have posted above. if there is abetter config please suggest an example of it.

Much appreciated

Mark Malone · ‎08-20-2015

Hi so hsrp can be used to track a physical interface , a router being hard down or to track a specific route the router has reachability for in the internet or network and if it cannot reach it, it can failover to the backup router

This is just an example off my head below it may need to be tweaked but basically track a route upstream using ip sla and tracking commands and when that route fails the track is part of the hsrp so it decrements itself by 40 making it less preferred and the backup router then becomes primary and takes over for traffic from the lan , the switch just needs to point to the VIP address of hsrp as that's always up, the hsrp will decide which router will be the current working router if that makes sense

You could lab this up in GNS3 with your own config and test it as it would support these features , test it by just using an acl on the wan hsrp interface to prevent reachability to the tracked route to simulate real world failure of lost routes and you will see it fail over

Int g0/0

ip address 172.21.230.1 255.255.255.0
standby 5 ip 172.21.230.3
standby 5 priority 110
standby 5 preempt
standby 5 track 1 decrement 40

track 1 ip sla 1 reachability

ip sla schedule 1 life forever start-time now

ip sla 1
icmp-echo 8.8.8.8 source-ip 172.21.230.1
frequency 10

router 2

Int g0/0

ip address 172.21.230.2 255.255.255.0
standby 5 ip 172.21.230.3
standby 5 priority 90
standby 5 preempt
standby 5 track 1

track 1 ip sla 1 reachability

ip sla schedule 1 life forever start-time now

ip sla 1
icmp-echo 8.8.8.8 source-ip 172.21.230.2
frequency 10

switch

ip default-gateway 172.21.230.3

v.ramcharan · ‎08-20-2015

Mark - thank you! I will try this out and let you know> i can understand everything you posted - i get that the IP Sla on the Router 1 will decrement the priority by 40 so router 2's priority is higher and take over the standby ip.

But what is the purpose of the IP Sla on Rotuer 2? to me it does not seem to be doing anything.

much appreciated.

Mark Malone · ‎08-20-2015

Yes you would get away with not using ip sla on router2 it will work with it just on router1 as once r1 comes backup the priority will be higher and it will automatically swap back over to primary