LAN setup - interface tracking

Joris Deprouw · ‎12-14-2012

Hi All,

I have a network setup in mind which I want to deploy.(attached network design).

I have 2 WAN links, 1 x 50Mb and 1 x 4Mb (just a simple everyday internet connection).

Behind each WAN link there is a firewall. Just a simple model, nothing exotic. Not able to do a routing protocol.

Behind the Firewalls I have our L3 core switches which have all the SVI's configured and shared by HSRP. For some vlans core A is active, for some core B is active, depending on the WAN link the traffic has to use. Each Core switch has a default route to it's connected firewall. So traffic arriving on coreswitchA is passed on to firewall A and so on...

I want also to build in redundancy. When eg. Firewall B fails, I want all traffic to pass through Firewall A. I can do this by interface tracking on the uplink to the firewall on both core switches. Then decrementing the HSRP priority in order to let the active SVI's from coreswitch B fail over to coreswitchA

Now when the WAN B link itself is down the firewall B stays active, I do not have interface tracking available to do the failover, the firewall B interface will stay up on core switch B when WAN link B is down.

Is there an other way to track an ip a few hops further?

Any suggestion how to deal with this problem?

Thanks,

Best Regards,

Joris

Raju Sekharan · ‎12-14-2012

You can use "IP SLA" to check the reachability

You can find the example in below link

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml

Thanks

Raju