Background: We have two DataCenters and our remote offices build cry tunnels to each. There is also a direct link between the two DC's and the remote offices use weighted routing to "failover per say" in the event their connection to one DC goes down. Each DC can reroute the destination traffic over the direct link to the other DC.
First Attempt:We created two ip sla's and upon detecting either restored, we did a "clear cry sesion" to clear both tunnels and let the various networks refresh their routes...
Issue: Having multiple networks (where normally nw A,B route to DC1 and nw C routes to DC2), sometimes we see very brief outages and nw A&B will end up with spilt routing with nw A going to DC1 and nw B still going to DC2 although the tunnel to DC1 recovered.
Goal: We're thinking just clearing the tunnel that bounce vs both would work better and trying the following and it's not restoring the individual tunnel.
Question: Does anyone know a command or sequence that would work. unfortunatley since tunnels build ramdomly we never know which conn-id is which location and cannot use the "clear cry is ####" command
Are you asking for IPSec commands that will achieve what you want or are you asking for how EEM can be used to automate a known process? If the former, you will have better luck on one of the security communities. If the latter, explain the steps you would use to manually go through the process to determine which tunnel needs to be bounced and how you know it's bouncing.
So for reference to others, the "event track #" coresponds to the ip sla #, so when a site drops and returns to the "state up" it executes the actions commands. Since routing will fail to the other DC, you have to clear it's tunnel to force traffic to try routing back to normal and rebuild your tunnel.
Clearing each peer individually works much faster then "clear cry sess" especially if your have other tunnels..
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.