There was an interesting request on the Silicon Valley Cisco User Group mailing list the other day regarding how to get a Cisco switch to do a continuous ping, similar to how you do ping -t via the windows command line.
The idea I mentioned was using Cisco IP SLA's to do the same function and simply watch the statistics of the SLA to determine if things are working as expected. I had just set this up to keep an IPSec tunnel up and tested for a client so it seemed timely.
In addition to that, you can use this to watch IPSec tunnels or other links and change routing behavior based on the tunnel status using the track command.
A bit of code to get you started:
! - define an SLA
ip sla 1
icmp-echo {IP to ping} source-ip {IP to source traffic from}
timeout 1000
!
! - set up a schedule for the SLA to run - this will run forever
ip sla schedule 1 life forever start-time now
!
! - set up a track and make it's status dependent on the SLA
track 1 ip sla 1
!
To see the statistics simply do:
show ip sla statistics 1
That is it, simple but effective. Great tool to use if you are doing site to site tunnels with a firewall that is not participating in routing, it allows you to route around tunnels being down so you can have a semi-dynamic failover.
- Ed
Howfunky...a place with useless technical content!
No comments:
Post a Comment