Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need solution

Hi,

I have configured the IP SLA i my network, now my requirement is I want interface to be down automatically when there is SLA failure, I am looking for the config for the same

Here is present config

config @ A localtion
-----------------

ip sla monitor 1
type echo protocol ipicmpecho 10.255.0.2
timeout 1000
frequency 3
threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability


ip route 10.20.0.0 255.255.0.0 10.255.0.2 track 123
ip route 10.20.0.0 255.255.0.0 Tunnel0 10


Configuration @ B location
-----------------

ip sla monitor 1
type echo protocol ipicmpecho 10.255.0.1
timeout 1000
frequency 3
threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability


ip route 10.10.0.0 255.255.0.0 10.255.0.1 track 123
ip route 10.10.0.0 255.255.0.0 Tunnel0 10

no ip route 10.20.0.0 255.255.0.0 10.255.0.2 track 123
no ip route 192.168.200.0 255.255.255.0 10.255.0.2

ip route 192.168.200.0 255.255.255.0 fa0/2 track 123
ip route 192.168.200.0 255.255.255.0 fa0/2

Regards

Kumar

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Need solution

You do not need to add delay unless you are seeing brief intermittent problems in the network, and you'd like to dampen the switch-overs.  The EEM policy must be watching the tracked object, so 123 is correct in this case.

I really do not understand what you're saying for option 2.  A physical interface does not have to go down for an IP SLA collector to timeout.  However, the IP address that you are pinging must only be reachable over one of the interfaces.

Typically, for what you are doing a user will have a router with two outbound interfaces (e.g. two interfaces that connect to the internet).  They ping an IP address in the cloud, but not one with which they typically need to communicate.  When the collector times out, they fail over to the other interface.  If you ping an address that is reachable across both interfaces, then the ping will always succeed, and you will see constant failovers when the IP is not reachable across the primary path.

The problem with the constant failovers is actually bug CSCtf11508.  In 15.1(2)T and later (where this bug is fixed) specifying a source address for your IP SLA collector will mitigate this problem allowing you to specify any IP address to ping.  For example:

type echo protocol icmpEcho 10.255.0.2 source-interface Gi0/0

7 REPLIES
Cisco Employee

Re: Need solution

You could use EEM to do this.

event manager applet shut-intf

event track state down

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int fa0/2"

action 4.0 cli command "shut"

action 5.0 cli command "end"

event manager applet no-shut-intf

event track state up

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int fa0/2"

action 4.0 cli command "no shut"

action 5.0 cli command "end"

New Member

Re: Need solution

Hi,

Thanks for your prompt response, eem config is fine but here is the my requirement....

Option1: Need to track the remote IP address for reachability. If the reachability is down then interface to be shut down, if rechabilty has restored then again interface to be up(no shut)

Option2:  If reachability is down then remove the route and add the route again vice-versa..

Regards

Kumar

Cisco Employee

Re: Need solution

The EEM applets I posted will take care of Option 1 provided you specify the correct interface.  The catch is that the IP address that you are pinging cannot be reachable when the secondary route is up.  If that is the case, then you can either go with the floating static routes option or the EEM option.

New Member

Re: Need solution

Hi,

For option 1: Here is the final config..pls validate...

ip sla monitor 1
type echo protocol ipicmpecho 10.255.0.2
timeout 1000
frequency 3
threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability

Do i need add delay ?

delay down 60 up 60  ---> Without this will my present config work?


event manager applet shut-intf
event track 123 state down  --------------> I need to call IP SLA with number ryt ?
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fa0/2"
action 4.0 cli command "shut"
action 5.0 cli command "end"

event manager applet no-shut-intf
event track 123 state up
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fa0/2"
action 4.0 cli command "no shut"
action 5.0 cli command "end"

Option2: As per the connectivty below allways primary interface shows up as  switch to router always shows up if the fibre link got failurealso.. due to this my router never switched over to floating route....

Location A -- Switch --- Fibre -- switch - LocationB

I appreciate your quick reply....

Regards

kumar....

Cisco Employee

Re: Need solution

You do not need to add delay unless you are seeing brief intermittent problems in the network, and you'd like to dampen the switch-overs.  The EEM policy must be watching the tracked object, so 123 is correct in this case.

I really do not understand what you're saying for option 2.  A physical interface does not have to go down for an IP SLA collector to timeout.  However, the IP address that you are pinging must only be reachable over one of the interfaces.

Typically, for what you are doing a user will have a router with two outbound interfaces (e.g. two interfaces that connect to the internet).  They ping an IP address in the cloud, but not one with which they typically need to communicate.  When the collector times out, they fail over to the other interface.  If you ping an address that is reachable across both interfaces, then the ping will always succeed, and you will see constant failovers when the IP is not reachable across the primary path.

The problem with the constant failovers is actually bug CSCtf11508.  In 15.1(2)T and later (where this bug is fixed) specifying a source address for your IP SLA collector will mitigate this problem allowing you to specify any IP address to ping.  For example:

type echo protocol icmpEcho 10.255.0.2 source-interface Gi0/0

New Member

Re: Need solution - Urgent

hI,

I have tried to configure the same in switch, but i haven`t find EVENT TRACK command..any suggestions on IOS? Here is the present IOS details

Switch model: 3550

Version: 12.2(52) SE

SBDC-PROD-CORE1(config)#event manager applet test
SBDC-PROD-CORE1(config-applet)#even
SBDC-PROD-CORE1(config-applet)#event ?
  application         Application specific event
  cli                 CLI event
  counter             Counter event
  identity            Identity event
  interface           Interface event
  ioswdsysmon         IOS WDSysMon event
  ipsla               IPSLA Event
  mat                 MAC address table event
  neighbor-discovery  Neighbor Discovery event
  none                Manually run policy event
  oir                 OIR event
  routing             Routing event
  rpc                 Remote Procedure Call event
  snmp                SNMP event
  snmp-notification   SNMP Notification Event
  snmp-object         SNMP object event
  syslog              Syslog event
  tag                 event tag identifier
  timer               Timer event

-----------------------------------------------------------------

SBDC-PROD-CORE1#sh event manager version
Embedded Event Manager Version 3.20
Component Versions:
eem: (v320_throttle)2.1.50
eem-gold: (v320_throttle)1.0.4
eem-call-home: (v320_throttle)1.0.4
Event Detectors:
Name                Version   Node        Type   
application         01.00     node0/0     RP     
neighbor-discovery  01.00     node0/0     RP     
identity            01.00     node0/0     RP     
mat                 01.00     node0/0     RP     
syslog              01.00     node0/0     RP     
routing             03.00     node0/0     RP     
cli                 01.00     node0/0     RP     
counter             01.00     node0/0     RP     
interface           01.00     node0/0     RP     
ioswdsysmon         01.00     node0/0     RP     
none                01.00     node0/0     RP     
oir                 01.00     node0/0     RP     
snmp                01.00     node0/0     RP     
snmp-object         01.00     node0/0     RP     
ipsla               01.00     node0/0     RP     
snmp-notification   01.00     node0/0     RP     
timer               01.00     node0/0     RP     
rpc                 01.00     node0/0     RP 

pls help me..

Regards

Kumar

Cisco Employee

Re: Need solution - Urgent

The track ED is not available on Cat3Ks.  You will need to use the syslog ED instead, and match on the TRACKING syslog messages.

394
Views
0
Helpful
7
Replies
CreatePlease login to create content