• Issue
• Links to confirm issue
• Workaround
• Sample Topology
• Sample Scenario
• MIB Monitored
• Sample Config
• Links

Issue

As per Cisco documentation, the verify-availability (IPSLA) option isn't supported on 3750 switches, and most 3xxx series catalyst switches.

Even though IP SLA is supported as a feature, it's not supported with policy-based routing. You may still use the basic PBR option "set ip next-hop".

Links to confirm issue

Here are links for 12.2(40)SE and 12.2(50)SE, which will help clarify this:

Catalyst 3750 Switch Software Configuration Guide, 12.2(40)SE: Unsupported Commands in Cisco IOS Release 12.2(40)SE

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swuncli.html#wp1060487

Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE: Unsupported Commands in Cisco IOS Release 12.2(50)SE

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swuncli.html#wp1088139

Workaround

To use EEM Applet with IP SLA to track and make required modifications.

Sample Topology

Sample Scenario

Customer installed a new fiber between the two 3750 switches (R2, R3) and wants traffic from a certain server in site one, going to and coming from site 2, to go over the fiber. (R1 - R4 should go over fiber) as opposed to the MPLS cloud.

However, he has FIDDI converters in between the two switches to terminate the fiber, and so if the link between the two FIDDI converters goes down, the switches ports will be up/up, and line protocol won't go down. So the PBR traffic will get black-holed and not failover to MPLS or any other route in the routing table. Hence, he needed to use the "set ip next-hop verify-availablity" with tracking for that PBR route, in the event that it goes down, the traffic can failover to the MPLS link.

I've simulated the MPLS link by using EIGRP, so those routes are dynamic. I configured IP SLA, and then use event manager to trigger based on the state of the tracking object. If fiber is up, PBR is installed, if fiber goes down, PBR config is removed.

MIB Monitored

We use an EEM applet to track the state of "rttMonCtrlOperTimeoutOccured" object in the CISCO-RTT-MON MIB.
A value of 1 or true is indicative of "timeout" and 2 or false of "OK / reachable".

Note: The IP SLA (NUM) is the last number in the OID; i.e the last digit 1 in "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1"

Sample Config

Applied to R2; mirror config applied to R3

----

access-list 199 permit ip host 192.168.0.30 host 192.168.100.30
!
route-map DTPBR permit 10
match ip address 199
set ip next-hop 172.16.10.2
!
ip sla 1
icmp-echo 172.16.10.2 source-ip 172.16.10.1
timeout 2000
frequency 2
!
ip sla schedule 1 life forever start-time now
!
event manager applet fiberup
event snmp oid "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1" get-type exact entry-op eq entry-val "2" exit-op eq exit-val "1" poll-interval 5
action 1.0 syslog msg "fiberup"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "int gi0/2"
action 3.3 cli command "ip policy route-map DTPBR"
action 3.4 cli command "exit"
!
event manager applet fiberdown
event snmp oid "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1" get-type exact entry-op eq entry-val "1" exit-op eq exit-val "2" poll-interval 5
action 1.0 syslog msg "fiberdown"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "int gi0/2"
action 3.3 cli command "no ip policy route-map DTPBR"
action 3.4 cli command "exit"
exit
!

-----

Links

Tools & Resources: SNMP Object Navigator

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=rttMonCtrlOperTimeoutOccurred

Cisco IOS hints and tricks: Log IP SLA failures
http://blog.ioshints.info/2007/01/log-ip-sla-failures.html