An arp entry doesn't guarantee transit forwarding. It can lead to a blackhole scenario.
So it depends on what level of failover you want. Your request has validity. But given the other variants available to solve the problem it's very unlikely anyone would code it. Rodney On Wed, Apr 04, 2007 at 12:06:12PM -0400, fonesurj wrote: > Yes indeed, this is what is on the table at the moment. > > I was originally just wishing there was a way to do it on arp so that it > wouldn't require our vendor/customer/whoever to add any additional > configuration and thus engage their change management process and all of > that administrative overhead and other bologne (like IS saying.. "we can't > allow that!"). > > At the moment, there are no static one-to-one mappings in place, they only > reach out to us through the NAT on the outside of the firewall. > > It would just be very convenient to track arp. > > > ----- Original Message ----- > From: "David Prall" <[EMAIL PROTECTED]> > To: "'fonesurj'" <[EMAIL PROTECTED]>; "Rodney Dunn (rodunn)" > <[EMAIL PROTECTED]> > Cc: <[email protected]> > Sent: Wednesday, April 04, 2007 12:28 PM > Subject: RE: [c-nsp] Static route withdrawal / tracking arp > > > > So track something that is through the Firewall. Create a static host > > route > > to the router on the other side of the firewall. You don't want your ping > > to > > start working again, unless the firewall is working again. > > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122 > > t/122t15/fthsrptk.htm > > > > David > > > > -- > > http://dcp.dcptech.com > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of fonesurj > >> Sent: Wednesday, April 04, 2007 10:54 AM > >> To: Rodney Dunn > >> Cc: [email protected] > >> Subject: Re: [c-nsp] Static route withdrawal / tracking arp > >> > >> Can't ping the outside interface of the firewall. > >> > >> I'm not seeing where the functionality required is available. > >> > >> > >> ----- Original Message ----- > >> From: "Rodney Dunn" <[EMAIL PROTECTED]> > >> To: "fonesurj" <[EMAIL PROTECTED]> > >> Cc: <[email protected]> > >> Sent: Wednesday, April 04, 2007 11:16 AM > >> Subject: Re: [c-nsp] Static route withdrawal / tracking arp > >> > >> > >> > You can get the same type thing with Object tracking of > >> static routes. > >> > > >> > Search for it on CCO. > >> > > >> > You can monitor the state of the FW and have the route adjusted > >> > accordingly. > >> > > >> > Rodney > >> > > >> > On Wed, Apr 04, 2007 at 09:57:06AM -0400, fonesurj wrote: > >> >> I have a router connected to a switch on Fa0/0. I have a > >> static route > >> >> pointing to another company's firewall that is out that interface. > >> >> > >> >> That static route won't go away if the firewall takes a > >> poop and the > >> >> switch does not. > >> >> > >> >> So wouldn't it be sweet if we could withdraw the static > >> route if the > >> >> firewall stopped responding to ARPs? > >> >> > >> >> _______________________________________________ > >> >> cisco-nsp mailing list [email protected] > >> >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> > >> _______________________________________________ > >> cisco-nsp mailing list [email protected] > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> > > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
