Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2203
Views
15
Helpful
7
Replies

Permanant Command with Static Routes

Patrick McHenry
Level 4
Level 4

‎02-01-2016 06:49 AM - edited ‎03-12-2019 05:20 PM

Hi,

from my understanding when the permanent argument is added to a static route, the route will remain in the routing table even if the associated interface connected to the next hop goes down.

I've labbed this and it doesn't work.

I have to also mention that the interface connected to the next hop is a layer 2 switchport interface assigned to a VLAN. I'm wondering if this might be the reason it isn't working. For instance, if the connecting port on the switch was a layer 3 interface instead of a layer 2 port?

I've configured IP SLAs to monitor the Internet connectivity and failover Internet traffic through the WAN when all of the IP SLAs fail using a track-list. The config works well, but there is one scenario where the config does not work and that is when the Inside interface of the firewall goes down. Although that would be rare, I would like to cover all circumstances.

I've attached a doc for clarity

Any suggestions/ideas?

Thank you

Labels:
Preview file
47 KB
0 Helpful
7 Replies 7

AllertGen
Level 3
Level 3

‎02-01-2016 07:28 AM

Hello, .

Can you show output of commands "sh run | i permanent" and "sh ip route" when your interface is down? I would like to see that your permanent route is really doesn't appears at the route table.

Usually there is no difference between L2 and L3 ports. The only differense is that vlan port is down or not (it goes down only when all physical ports that assigned to this vlan port is down). But it shouldn't affect permanent routes.

Best Regards.

Patrick McHenry
Level 4
Level 4
In response to AllertGen

‎02-01-2016 08:41 AM

Thanks for the reply. I can't perform a test for awhile as it is production.

One thing though is that the VLAN interface does go down because the port connected to the firewall is the only port in that VLAN. I wonder if that is the issue. If somehow I could force the VLAN interface to stay up. But, like you said it shouldn't matter.

Thank you

0 Helpful

Robert Hillcoat
Level 1
Level 1
In response to Patrick McHenry

‎02-01-2016 08:43 AM

please post some configuration and the document isn't attached?

0 Helpful

Patrick McHenry
Level 4
Level 4
In response to Robert Hillcoat

‎02-01-2016 12:50 PM

Here is some config...

track 100 list boolean or
 object 101
 object 102
 object 103
!
track 101 ip sla 101 reachability
 delay down 15 up 60
!
track 102 ip sla 102 reachability
 delay down 15 up 60
!
track 103 ip sla 103 reachability
 delay down 15 up 60
!

ip route 0.0.0.0 0.0.0.0 10.250.254.254 track 100
ip route 4.2.2.2 255.255.255.255 10.250.254.254 permanent name IPSLA_103
ip route 8.8.4.4 255.255.255.255 10.250.254.254 permanent name IPSLA_101
ip route 8.8.8.8 255.255.255.255 10.250.254.254 permanent name IPSLA_102

!

ip sla 101
 icmp-echo 8.8.4.4 source-ip 10.250.21.1
 threshold 2
 timeout 1000
 frequency 3
ip sla schedule 101 life forever start-time now ageout 3600
ip sla 102
 icmp-echo 8.8.8.8 source-ip 10.250.21.1
 threshold 2
 timeout 1000
 frequency 3
ip sla schedule 102 life forever start-time now ageout 3600
ip sla 103
 icmp-echo 4.2.2.2 source-ip 10.250.21.1
 threshold 2
 timeout 1000
 frequency 3
ip sla schedule 103 life forever start-time now ageout 3600

Preview file
47 KB
0 Helpful

AllertGen
Level 3
Level 3
In response to Patrick McHenry

‎02-01-2016 10:33 PM

Hi.

You can also try for this case use a route-maps. For example configuration like this:

ip access-list extended ISP_INT
 remark ------- ACL for route map. Traffic from main interface -----------
 permit ip host {INT_IP} any
exit

route-map LOCAL_POLICY
 match ip address ISP_INT
 set ip next-hop {GW}
exit

ip local policy route-map LOCAL_POLICY

{INT_IP} is the IP address of your ISP interface (10.250.21.1) and {GW} is "10.250.254.254" (btw your netmask really is /16?).

This route map will tell router that all traffic that gennerated locally by 10.250.21.1 should be send to 10.250.254.254.

But before doing so I would prefer to see your routing table with permanent routes.

Best Regards.

Patrick McHenry
Level 4
Level 4
In response to AllertGen

‎02-02-2016 05:35 AM

Thanks...I'll have to think about it.

There is no /16.

I think you are confusing the source IP of the IP SLA with the default route IP.

0 Helpful

AllertGen
Level 3
Level 3
In response to Patrick McHenry

‎02-03-2016 02:48 AM

Hi.

It was only my suggesting about your topology by this two parts of your configuration (because I don't see all your configuration):

ip sla 101
 icmp-echo 8.8.4.4 source-ip 10.250.21.1

ip route 8.8.4.4 255.255.255.255 10.250.254.254 permanent name IPSLA_101

But even if your source IP and gateway IP at the different interfaces it is still possible to use route-map as I writed above because it's a local generated traffic.

Best Regards.

Customers Also Viewed These Support Documents