INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

(OP)
I would like to configure a secondary route for a L3 Cisco Switch, in this case a Cisco 3750.
The primary route goes via a Microwave link, but when or if the Microwave link should fail I would like to route via a VPN connection.
Current configuration on switch for the primary route is:

ip route 0.0.0.0 0.0.0.0 10.10.254.5

However the failover / backup route would need to go to destination 172.21.2.150 which is the firewall responsible for connecting the VPN back to the same destination.

My thoughts were:

ip route 0.0.0.0 0.0.0.0 10.10.254.5
ip route 0.0.0.0 0.0.0.0 172.21.2.150 200

But there may be problems with this because, if the Microwave link fails, the interface port and connection on 10.10.254.5 will still be connected despite there being no WAN link. I think I was told the above example will only work if the interface show as 'not connected'.

Thanks for your help

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

You probably need to investigate dynamic routing.

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

(OP)
The admin distance routing method would be better rather than engaging RIP or OSPF for dynamic routing.

Firstly, was I right in thinking that just programming in an admin distance of 200 will not necessarily work reliably - this is just something I have heard second hand, but perhaps would like to confirm this here first.

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

There's a solution for what you are describing. It is called "tracked route". Look it up. In short, you define a tracked object, such as an IP address that you will ping through your primary gateway. Then you define the schedule for it. Most people choose "always" test. Should the IP address become unreachable, the main route will disappear and the backup route, with higher admin distance, will be used.

So using your routes:
ip route 0.0.0.0 0.0.0.0 10.10.254.5 track 100
ip route 0.0.0.0 0.0.0.0 172.21.2.150 200

100 is the tracked object.

Hope this helps.

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

(OP)
Can I use the track command if IP SLA is not supported?

Looks like the Cisco 3750 does not support IP SLA - apparently this can be checked by running command #sho ip sla application - and if the command does not work then IP SLA is not supported :(

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

no, you cannot. You need to track an object. It is odd, I checked on my production 3750 and it is supported

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

This is what I have:
model: WS-C3750-48P (quite old, not even a gigabit)
IOS image: c3750-ipservicesk9-mz.122-50.SE3.bin

here's the output:
CS1>sho ip sla app
        IP SLAs
Version: 2.2.0 Round Trip Time MIB, Infrastructure Engine-II
Time of last change in whole IP SLAs: 14:38:03.170 EST Mon Nov 30 2015
Estimated system max number of entries: 5519

Estimated number of configurable operations: 5519
Number of Entries configured  : 0
Number of active Entries      : 0
Number of pending Entries     : 0
Number of inactive Entries    : 0

        Supported Operation Types
Type of Operation to Perform: dhcp
Type of Operation to Perform: dns
Type of Operation to Perform: echo
Type of Operation to Perform: ftp
Type of Operation to Perform: http
Type of Operation to Perform: jitter
Type of Operation to Perform: pathEcho
Type of Operation to Perform: pathJitter
Type of Operation to Perform: tcpConnect
Type of Operation to Perform: udpEcho

IP SLAs low memory water mark: 7536507
 

So, check the IOS version.

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

(OP)
This is my version (it's a stack of three switches)

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 26 WS-C3750-24TS 12.2(50)SE2 C3750-IPBASEK9-M
* 2 26 WS-C3750-24TS 12.2(50)SE2 C3750-IPBASEK9-M
3 26 WS-C3750-24TS 12.2(50)SE2 C3750-IPBASEK9-M

I notice you have IP Services whereas I have IPBASE.

Shame as IP SLA looks dead useful! Any other way around this failover solution without SLA?

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

I do not know of any, in this context. May I suggest loading IP Services?

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

(OP)
OK seeing as I've had no further response I think I'm best to upgrade the software from IP Base to IP Services allowing me to using IP SLA (otherwise it's dynamic routing and NO other alternative).

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

(OP)
Is it possible to upgrade the license feature on these older 3750 Cisco switches (not the newer variety which have the license commands) by simply upgrading IP Base to IP Services by simply uploading the IP Services image and nothing more?

RE: How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

First of all, i am not sure how dynamic routing will help? Where are you going to get the routing information from? Short of running BGP with your ISP, this does not appear to be a valid option.
Secondly, the older switches, like you and I have did not get their licenses upgraded by installing key and such but rather by paying more money for higher model. Cisco sold SE and EI (standard and enhanced image) models which other than ID burned into the switches, meant little. They would sell those at different prices having installed different images. Since the models are not sold and some are not even supported anymore, I highly doubt that Cisco will sell you an upgrade. For testing purposes you can try putting the needed image on a similar unit to make sure it works.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close