11-24-2015 12:32 AM - edited 03-08-2019 02:49 AM
Hi,
if you're having the scenario in the attached drawing: is it possible to track reachability of an IP address over the prefered interface (interface between cisco switch and the "ISP switch") and if the tracked IP is not reachable anymore shut down the prefered interface and send all traffic to the Site-to-Site VPN box?
(Site-to-Site VPN box and ISP-Layer 2 "Switch" are not awary of each other...)
Thanks very much,
Rena
Solved! Go to Solution.
11-24-2015 01:30 AM
Hello
If you wish to track a physical L2interface then a simple Flex link would be applicable.
interface x/x
Descritpton Primarylink
switchport backup interface Fa0/2
switchport backup interface Fa0/2 mmu primary vlan 90 <------ mac move update
switchport backup interface Fa0/2 preemption mode forced <------specifys back link with preemption
In the the above you specify a primary interface with preemption and mac update move feature set for a certain vlan , this way if the primary interface goes down then the secondary interface will be activated and mac- address update sent via the secondary link.
However if you wish to incorporate ip sla on a L3 interface then a simple EEM script could be applicable.
res
Paul
11-24-2015 12:47 AM
Yes you can track it once theres reachability to the ip address and when it fails it can automatically failover to your vpn circuit using ip sla and tracking
If you want as an extra to shut down the actual interface you would need to use and EEM script in conjunction with ip sla but i wouldnt really see the benifit of shutting it down if it has already failed over to your backup vpn circuit as it would be idle anyway
The problem is though its a layer 2 switch you can only really have a logical interface on it looback/vlan etc so it will always be reachable once the switch is up
11-24-2015 01:45 AM
Thanks for the fast response!
I don't really get the problem regarding layer2 switch: as long as the IP address would be reachable through the prefered interface, the backup interface should not be used (administrative down, so also no traffic should be received on this interface), so logically there would be only one possible path between the cisco switch and the IP address (through the ISP Switch). If the link between the ISP switch and the IP address goes down (as seen in the attached drawing (draw2.png), then the cisco switch should send all traffic over the backup interface.. is this possible?
if not: would it solve the problem to enable ip routing on the cisco switch and to configure 2 routes, so (see draw3.png):
0.0.0.0 should be sent to 10.10.10.1
and if icmp ping on the prefered interface fails, then
0.0.0.0 should be sent to 10.10.10.2
Or if ICMP is the problem: would it help to enable ip routing and to check if 10.10.10.1 is reachable and if not then all traffic should be sent to 10.10.10.2? (i guess for this scenario I don't need object tracking)
It's prefered to stay on layer2 so it would be nice if there was a solution on Layer 2...
thanks very much!
11-24-2015 01:30 AM
Hello
If you wish to track a physical L2interface then a simple Flex link would be applicable.
interface x/x
Descritpton Primarylink
switchport backup interface Fa0/2
switchport backup interface Fa0/2 mmu primary vlan 90 <------ mac move update
switchport backup interface Fa0/2 preemption mode forced <------specifys back link with preemption
In the the above you specify a primary interface with preemption and mac update move feature set for a certain vlan , this way if the primary interface goes down then the secondary interface will be activated and mac- address update sent via the secondary link.
However if you wish to incorporate ip sla on a L3 interface then a simple EEM script could be applicable.
res
Paul
11-24-2015 01:55 AM
11-24-2015 02:05 AM
Am I right that this part of your config checks if the ip address is reachable?:
ISP ip sla 10 icmp-echo x.x.x.x source-IP x.x.x.x timeout 200 frequency 5 ip sla schedule 10 life forever start-time now
and "event manager applet ISP-Down/UP" defines which interface should be taken up/down in case the ip is not reachable?
11-24-2015 02:21 AM
Hello
Correct
res
Paul
11-24-2015 04:39 AM
is there a way to stay on layer 2 and to check for reachability of that ip address and based on it choose primary or backup interface? I guess the EEM script is only applicable if ip routing is enabled on the switch, right?
The cisco switch would be a catalyst 2960 or would you suggest an other modell?
Thanks!!
11-24-2015 01:41 PM
what if the link between the ISP switch and destination IP comes up eventually? I guess the cisco switch would not switch back to the prefered link since it is not defined in the script which patch to prefer?
I found a neat config example with 2 predefined routes using ip sla with icmp to define which route should be taken:
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/813-cisco-router-ipsla-basic.html
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: