Question:
This is driving
me crazy.WS-C3560X-24P-S IP SLA works for failing over to the secondary connection (from Cable
to DSL), however the SLA can never reach 4.2.2 .2
from the cable, even when it is up. I can ping the interface from the outside
world and get responses, but the SLA still thinks the connection is down. I
think it has something to do with the NAT, but I seem to be spinning my wheels.
On the SLA,
when the source isn't specified, it toggles up/down - I'm assuming because it's
going out the backup connection, then the SLA comes up thinking all is well,
realizes its down, and jumps back. When I specify source IP (or interface), it
stops doing this, but never recovers from the failover.
Reloading the
router causes it to switch back to the cable and all is well again until the
cable drops and comes back up.
I'm 99% sure
that I've overlooked something quite elementry, I just can't think of it.
Answer:
Besides
possible additional connection problems the up-/down-flapping of the IP-sla is
the expected behaviour with your design in case of a primary link failure.
The route
selection for icmp sla packets is based soley on the routing table, not the
source interface. If track 1 goes down, your ip sla is using the remaining
route. Assuming the backup link is working properly, the IP sla is successfull
again and track 1 comes up. Now IP sla is using the 68.x.x.201 route again,
although the primary link is still down, so ip sla goes down and here we go...
Your backup
link is not going to work this way. You need to make sure the icmp sla always
uses the primary way no matter wether the primary route is installed in the
routing table. One way would be to use
ip local policy
route-map
matching on
icmp and the source interface ip.
The only
question left, is how to get the backup WAN interface (FA0/2/0) to respond to
pings from the internet. I'm assuming this will require a similar local route
map, but I'm not too sure how to swing that without conflicting with the new
addition above ..
Just refine
your ACL:
access-list 129
permit icmp 68.x.x.204 4.2.2 .2
Now it is only
applied for this specific router WS-C3560X-48P-L Price generated traffic.
没有评论:
发表评论