How to reliably configure a secondary failover route for Layer 3 Cisco Switch?

[stayconnected]

I would like to configure a secondary route for a L3 Cisco Switch, in this case a Cisco 3750.
The primary route goes via a Microwave link, but when or if the Microwave link should fail I would like to route via a VPN connection.
Current configuration on switch for the primary route is:

ip route 0.0.0.0 0.0.0.0 10.10.254.5

However the failover / backup route would need to go to destination 172.21.2.150 which is the firewall responsible for connecting the VPN back to the same destination.

My thoughts were:

ip route 0.0.0.0 0.0.0.0 10.10.254.5
ip route 0.0.0.0 0.0.0.0 172.21.2.150 200

But there may be problems with this because, if the Microwave link fails, the interface port and connection on 10.10.254.5 will still be connected despite there being no WAN link. I think I was told the above example will only work if the interface show as 'not connected'.

Thanks for your help

 

[mattKnight]

You probably need to investigate dynamic routing.

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

 

[stayconnected]

The admin distance routing method would be better rather than engaging RIP or OSPF for dynamic routing.

Firstly, was I right in thinking that just programming in an admin distance of 200 will not necessarily work reliably - this is just something I have heard second hand, but perhaps would like to confirm this here first.

 

[iggsterman]

There's a solution for what you are describing. It is called "tracked route". Look it up. In short, you define a tracked object, such as an IP address that you will ping through your primary gateway. Then you define the schedule for it. Most people choose "always" test. Should the IP address become unreachable, the main route will disappear and the backup route, with higher admin distance, will be used.

So using your routes:
ip route 0.0.0.0 0.0.0.0 10.10.254.5 track 100
ip route 0.0.0.0 0.0.0.0 172.21.2.150 200

100 is the tracked object.

Hope this helps.

 

[stayconnected]

Can I use the track command if IP SLA is not supported?

Looks like the Cisco 3750 does not support IP SLA - apparently this can be checked by running command #sho ip sla application - and if the command does not work then IP SLA is not supported

 

[iggsterman]

no, you cannot. You need to track an object. It is odd, I checked on my production 3750 and it is supported

 

[iggsterman]

This is what I have:
model: WS-C3750-48P (quite old, not even a gigabit)
IOS image: c3750-ipservicesk9-mz.122-50.SE3.bin

here's the output:
[pre]CS1>sho ip sla app
IP SLAs
Version: 2.2.0 Round Trip Time MIB, Infrastructure Engine-II
Time of last change in whole IP SLAs: 14:38:03.170 EST Mon Nov 30 2015
Estimated system max number of entries: 5519

Estimated number of configurable operations: 5519
Number of Entries configured : 0
Number of active Entries : 0
Number of pending Entries : 0
Number of inactive Entries : 0

Supported Operation Types
Type of Operation to Perform: dhcp
Type of Operation to Perform: dns
Type of Operation to Perform: echo
Type of Operation to Perform: ftp
Type of Operation to Perform: http
Type of Operation to Perform: jitter
Type of Operation to Perform: pathEcho
Type of Operation to Perform: pathJitter
Type of Operation to Perform: tcpConnect
Type of Operation to Perform: udpEcho

IP SLAs low memory water mark: 7536507
[/pre]

So, check the IOS version.

 

[stayconnected]

This is my version (it's a stack of three switches)

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 26 WS-C3750-24TS 12.2(50)SE2 C3750-IPBASEK9-M
* 2 26 WS-C3750-24TS 12.2(50)SE2 C3750-IPBASEK9-M
3 26 WS-C3750-24TS 12.2(50)SE2 C3750-IPBASEK9-M

I notice you have IP Services whereas I have IPBASE.

Shame as IP SLA looks dead useful! Any other way around this failover solution without SLA?

 

[iggsterman]

I do not know of any, in this context. May I suggest loading IP Services?

 

[stayconnected]

OK seeing as I've had no further response I think I'm best to upgrade the software from IP Base to IP Services allowing me to using IP SLA (otherwise it's dynamic routing and NO other alternative).

 

[stayconnected]

Is it possible to upgrade the license feature on these older 3750 Cisco switches (not the newer variety which have the license commands) by simply upgrading IP Base to IP Services by simply uploading the IP Services image and nothing more?

 

[iggsterman]

First of all, i am not sure how dynamic routing will help? Where are you going to get the routing information from? Short of running BGP with your ISP, this does not appear to be a valid option.
Secondly, the older switches, like you and I have did not get their licenses upgraded by installing key and such but rather by paying more money for higher model. Cisco sold SE and EI (standard and enhanced image) models which other than ID burned into the switches, meant little. They would sell those at different prices having installed different images. Since the models are not sold and some are not even supported anymore, I highly doubt that Cisco will sell you an upgrade. For testing purposes you can try putting the needed image on a similar unit to make sure it works.