Solved: what if the link between the

Rene S. · ‎11-24-2015

Hi,

if you're having the scenario in the attached drawing: is it possible to track reachability of an IP address over the prefered interface (interface between cisco switch and the "ISP switch") and if the tracked IP is not reachable anymore shut down the prefered interface and send all traffic to the Site-to-Site VPN box?

(Site-to-Site VPN box and ISP-Layer 2 "Switch" are not awary of each other...)

Thanks very much,

Rena

paul driver · ‎11-24-2015

Hello

If you wish to track a physical L2interface then a simple Flex link would be applicable.

interface x/x
Descritpton Primarylink
switchport backup interface Fa0/2
switchport backup interface Fa0/2 mmu primary vlan 90 <------ mac move update
switchport backup interface Fa0/2 preemption mode forced <------specifys back link with preemption

In the the above you specify a primary interface with preemption and mac update move feature set for a certain vlan , this way if the primary interface goes down then the secondary interface will be activated and mac- address update sent via the secondary link.

However if you wish to incorporate ip sla on a L3 interface then a simple EEM script could be applicable.

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Mark Malone · ‎11-24-2015

Yes you can track it once theres reachability to the ip address and when it fails it can automatically failover to your vpn circuit using ip sla and tracking

If you want as an extra to shut down the actual interface you would need to use and EEM script in conjunction with ip sla but i wouldnt really see the benifit of shutting it down if it has already failed over to your backup vpn circuit as it would be idle anyway

The problem is though its a layer 2 switch you can only really have a logical interface on it looback/vlan etc so it will always be reachable once the switch is up

Rene S. · ‎11-24-2015

Thanks for the fast response!

I don't really get the problem regarding layer2 switch: as long as the IP address would be reachable through the prefered interface, the backup interface should not be used (administrative down, so also no traffic should be received on this interface), so logically there would be only one possible path between the cisco switch and the IP address (through the ISP Switch). If the link between the ISP switch and the IP address goes down (as seen in the attached drawing (draw2.png), then the cisco switch should send all traffic over the backup interface.. is this possible?

if not: would it solve the problem to enable ip routing on the cisco switch and to configure 2 routes, so (see draw3.png):

0.0.0.0 should be sent to 10.10.10.1

and if icmp ping on the prefered interface fails, then

0.0.0.0 should be sent to 10.10.10.2

Or if ICMP is the problem: would it help to enable ip routing and to check if 10.10.10.1 is reachable and if not then all traffic should be sent to 10.10.10.2? (i guess for this scenario I don't need object tracking)

It's prefered to stay on layer2 so it would be nice if there was a solution on Layer 2...

thanks very much!

paul driver · ‎11-24-2015

Hello

If you wish to track a physical L2interface then a simple Flex link would be applicable.

interface x/x
Descritpton Primarylink
switchport backup interface Fa0/2
switchport backup interface Fa0/2 mmu primary vlan 90 <------ mac move update
switchport backup interface Fa0/2 preemption mode forced <------specifys back link with preemption

In the the above you specify a primary interface with preemption and mac update move feature set for a certain vlan , this way if the primary interface goes down then the secondary interface will be activated and mac- address update sent via the secondary link.

However if you wish to incorporate ip sla on a L3 interface then a simple EEM script could be applicable.

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Rene S. · ‎11-24-2015

Hi Paul,

the problem is, that the link between the ISP-switch and the IP address could go down (please see attached file), so the link between the cisco switch and the ISP switch would stay up-would your suggestion work also for that scenario?

Thanks very much!!

Rene S. · ‎11-24-2015

Am I right that this part of your config checks if the ip address is reachable?:

ISP
ip sla 10
icmp-echo x.x.x.x source-IP  x.x.x.x
timeout 200
frequency 5
ip sla schedule 10 life forever start-time now

and "event manager applet ISP-Down/UP" defines which interface should be taken up/down in case the ip is not reachable?

paul driver · ‎11-24-2015

Hello

Correct

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Rene S. · ‎11-24-2015

is there a way to stay on layer 2 and to check for reachability of that ip address and based on it choose primary or backup interface? I guess the EEM script is only applicable if ip routing is enabled on the switch, right?

The cisco switch would be a catalyst 2960 or would you suggest an other modell?

Thanks!!

Rene S. · ‎11-24-2015

what if the link between the ISP switch and destination IP comes up eventually? I guess the cisco switch would not switch back to the prefered link since it is not defined in the script which patch to prefer?

I found a neat config example with 2 predefined routes using ip sla with icmp to define which route should be taken:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/813-cisco-router-ipsla-basic.html

Object tracking- IP reachability via ICMP