cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
290
Views
9
Helpful
4
Replies

Oddball functonality/design question - route propogation and GRE tunneling

s-daly
Level 1
Level 1

Allright, let me see if I can explain myself here:

I have a Cisco 831 router runnning 12.3 code. On the public interface "ethernet1" (which, incidently, goes to an aDSL modem to the internet), I'm running a GRE tunnel with GRE keepalive (actually it's GRE over IPSec, if it pertains to the question) that I'm learning routes through EIGRP into our main office. The ethernet1 interface itself, however, is a passive interface for EIGRP; I just have a statically configured default route for internet bound traffic. I am also redistributing this static default route using EIGRP to other routers on the segment on the inside network "ethernet0".

So far, so good.

Here's the delima:

If, for some reason, the DSL connection dies on the public side, the tunnel interface will go down and the EIGRP process will make the approrpriate changes to the inside routes, however, since the default route is statically defined and the ethernet1 interface never actually goes down, my router will continue to advertise the redistributed default route to the inside network.

My question is this:

Is there any way to force the router to stop adverising the default route when the DSL line dies? For instance, is there a way to force the entire ethernet1 interface down if the GRE tunnel interface that's running over it goes down?

Please let me know if I need to clarify anything, and thanks in advance for any responses.

1 Accepted Solution

Accepted Solutions

Here's a sample config with the new syntax:

Replace with an IP that you can ping through your main link - preferably the ISP side of the WAN link address.

interface Ethernet 0

ip address 10.1.1.1 255.0.0.0

!

ip sla monitor 1

type echo protocol ipIcmpEcho

timeout 1000

frequency 3

threshold 2

!

ip sla monitor schedule 1 life forever start-time now

!

track 100 rtr 1 reachability

!

access list 101 permit icmp any host echo

!

route-map LOCAL_POLICY permit 10

match ip address 101

set ip next-hop

set interface null0

!

ip local policy route-map LOCAL_POLICY

!

ip route 0.0.0.0 0.0.0.0 track 100

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

4 Replies 4

pkhatri
Level 11
Level 11

Howdy,

What you need is reliable static routing using object tracking. Here's a link to the feature documentation:

Reliable Static Routing Backup Using Object Tracking:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html

With this feature, I suggest you set up a tracking object that tracks the status of an RTR (SAA) object. Set up the RTR object to ping some reliable address on the Internet, preferably the WAN-side IP address of your ISPs' link to you. When the ping starts to fail, the tracked object status will go down, bringing down your static route.

The only gotcha with this is that it requires at least 12.3(8)T on the 831 with the IP/FW 3DES or IP/FW/PLUS 3DES feature sets. But it should resolve your issue if you are willing to upgrade...

Hope that helps - pls rate the post if it does.

Paresh.

Thanks, I wasn't aware of this feature and seems to be something that could be useful. . .

however, I'm running version 12.3(14)T6 with the IP/FW/PLUS 3DES feature set, but the "rtr" commands don't seem to be available.

Are you sure this feature is available for the 800 series routers? The documentation you referred to makes note that it is supported on the 1700 series model, but makes no mention of the 800 series . . .

Hi,

That feature is available for the 831 but Cisco has changed that feature name from 'Service Assurance Agent' to 'IP SLAs'. And guess what the first IOS where this happened was ? 12.3(14)T...:-)

Anyway, the feature is still there.. the commands now start with 'ip sla' instead of 'rtr'. The following doc has info on how to configure the rtr bits using the new syntax:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsla_c/hsicmp.htm

Hope that helps - pls rate the post if it does.

Paresh

Here's a sample config with the new syntax:

Replace with an IP that you can ping through your main link - preferably the ISP side of the WAN link address.

interface Ethernet 0

ip address 10.1.1.1 255.0.0.0

!

ip sla monitor 1

type echo protocol ipIcmpEcho

timeout 1000

frequency 3

threshold 2

!

ip sla monitor schedule 1 life forever start-time now

!

track 100 rtr 1 reachability

!

access list 101 permit icmp any host echo

!

route-map LOCAL_POLICY permit 10

match ip address 101

set ip next-hop

set interface null0

!

ip local policy route-map LOCAL_POLICY

!

ip route 0.0.0.0 0.0.0.0 track 100

Hope that helps - pls rate the post if it does.

Paresh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco