Solved: IP SLA on Cisco 3750 default route failover

rizwanr74 · ‎07-28-2010

Hi guys,

Anyone can give a feedback on IP SLA configuration what is that I am doing wrong.

It fails over but cannot ping the 4.2.2.2 via Site B.

Here is the output on Cisco 3750...

SW2#show run
Building configuration...

Current configuration : 2901 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750-48ts
system mtu routing 1500
!
track 10 ip sla 1 reachability
delay down 10 up 10
authentication mac-move permit
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
no switchport
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet1/0/2
switchport access vlan 222
switchport mode access
!

!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!

!
interface Vlan1
no ip address
shutdown
!
interface Vlan222
ip address 172.16.2.1 255.255.255.0
!
!
router eigrp 200
network 2.2.2.0 0.0.0.255
redistribute connected
redistribute static
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.2.2 name DEFAULT-ROUTE track 10
ip route 0.0.0.0 0.0.0.0 2.2.2.1 20
ip route 4.2.2.2 255.255.255.255 172.16.2.2 permanent
ip http server
ip http secure-server
!
!
ip sla 1
icmp-echo 4.2.2.2 source-ip 172.16.2.1
timeout 20000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
!
!
line con 0
line vty 5 15
!
end

SW2#

Ganesh Hariharan · ‎07-28-2010

Hi guys,

Anyone can give a feedback on IP SLA configuration what is that I am doing wrong.

It fails over but cannot ping the 4.2.2.2 via Site B.

Here is the output on Cisco 3750...

SW2#show run
Building configuration...

Current configuration : 2901 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750-48ts
system mtu routing 1500
!
track 10 ip sla 1 reachability
delay down 10 up 10
authentication mac-move permit
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
no switchport
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet1/0/2
switchport access vlan 222
switchport mode access
!

!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!

!
interface Vlan1
no ip address
shutdown
!
interface Vlan222
ip address 172.16.2.1 255.255.255.0
!
!
router eigrp 200
network 2.2.2.0 0.0.0.255
redistribute connected
redistribute static
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.2.2 name DEFAULT-ROUTE track 10
ip route 0.0.0.0 0.0.0.0 2.2.2.1 20
ip route 4.2.2.2 255.255.255.255 172.16.2.2 permanent
ip http server
ip http secure-server
!
!
ip sla 1
icmp-echo 4.2.2.2 source-ip 172.16.2.1
timeout 20000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
!
!
line con 0
line vty 5 15
!
end

SW2#

Hi,

Your IP SLA configuration is correct but failover will happen to secondary link but the traffic to 4.2.2.2 will be going vai the static route towards the primary link so when the primary link will go down rest of the traffic will be moving towards the secondry default route but the static route configured specifically for 4.2.2.2 will be prefered over the primary one.

so remove this static route and see when failove happen are you able to get the ping for 4.2.2.2 via secondary link.

Hope to Help !!

Ganesh.H

View solution in original post

Jon Marshall · ‎07-28-2010

If it fails over and installs the route via 2.2.2.1 then it might not be your IP SLA config. That looks okay, but there are quite a few other things to check -

1) does site B have a route back to site A for the source IPs from site A

2) are you natting the source IP's on the site B 1800 router as they go out to the internet

3) are there any acls in the path between site A and site B

If when the IP SLA returns failure the 3750 installs the 2.2.2.1 route what happens when you try a traceroute ie. how far do you get ?

Jon

rizwanr74 · ‎07-28-2010

Hey thank you very much for taking the time to reply me highly appreciated.

Your Question 1: does site B have a route back to site A for the source IPs from site A

Answer 1: I would say yes, because from both sites, on the core switches under EIGRP process I have set as following: " redistribute connected " & " redistribute static" to be advertised.

Your Question 2: are you natting the source IP's on the site B 1800 router as they go out to the internet

Answer 2: Yes it is set to NAT any.

Your Question 3: are there any acls in the path between site A and site B

Answer 3: Not specifically but except an ACL used for Natting which permit any which is used on NAT overload.

Ganesh Hariharan · ‎07-28-2010

Hi guys,

Anyone can give a feedback on IP SLA configuration what is that I am doing wrong.

It fails over but cannot ping the 4.2.2.2 via Site B.

Here is the output on Cisco 3750...

SW2#show run
Building configuration...

Current configuration : 2901 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750-48ts
system mtu routing 1500
!
track 10 ip sla 1 reachability
delay down 10 up 10
authentication mac-move permit
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
no switchport
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet1/0/2
switchport access vlan 222
switchport mode access
!

!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!

!
interface Vlan1
no ip address
shutdown
!
interface Vlan222
ip address 172.16.2.1 255.255.255.0
!
!
router eigrp 200
network 2.2.2.0 0.0.0.255
redistribute connected
redistribute static
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.2.2 name DEFAULT-ROUTE track 10
ip route 0.0.0.0 0.0.0.0 2.2.2.1 20
ip route 4.2.2.2 255.255.255.255 172.16.2.2 permanent
ip http server
ip http secure-server
!
!
ip sla 1
icmp-echo 4.2.2.2 source-ip 172.16.2.1
timeout 20000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
!
!
line con 0
line vty 5 15
!
end

SW2#

Hi,

Your IP SLA configuration is correct but failover will happen to secondary link but the traffic to 4.2.2.2 will be going vai the static route towards the primary link so when the primary link will go down rest of the traffic will be moving towards the secondry default route but the static route configured specifically for 4.2.2.2 will be prefered over the primary one.

so remove this static route and see when failove happen are you able to get the ping for 4.2.2.2 via secondary link.

Hope to Help !!

Ganesh.H

rizwanr74 · ‎07-29-2010

Yes, you are 100 percent right, I completely over looked at it this route (ip route 4.2.2.2 255.255.255.255 172.16.2.2 permanent) dame me.

Since 32-mask (i.e. 255.255.255.255) route forces to go via the site "A" the host at: 4.2.2.2 cannot be reached via site "B" however when I ping any other public IP it was successful and traverses via the site "B", such as 4.2.2.1

Thank you very much for your help, I gave you five stars. Default Route failover works successfully.

mehmoodch · ‎06-08-2012

Hi Rizwan

I have two 3750 switches with ISO c3750-ipbasek9-mz.122-46.S.

But they dont support IP SLA monitor commands. Can you please let ne know which IOS are you using.

Thanks

Mahmood