Post it on Cisco Beyond if you get it to work for others to use.
On Wed, Apr 04, 2007 at 12:34:38PM -0400, fonesurj wrote: > > > Duh is right. I know TCL a tiny bit, I could hammer that out! > > ----- Original Message ----- > From: "Rodney Dunn" <[EMAIL PROTECTED]> > To: "fonesurj" <[EMAIL PROTECTED]> > Cc: <[email protected]> > Sent: Wednesday, April 04, 2007 1:27 PM > Subject: Re: [c-nsp] Static route withdrawal / tracking arp > > > >Duh... > > > >I forgot. > > > >You can do it today. > > > >Learn EEM and TCL. > > > >Check 'sh arp' output. Look for your entry. > >If it's not there change the route. > > > >Trigger another script to watch for the arp to come back. > > > >When it does add the route back. > > > >Rodney > > > > > >On Wed, Apr 04, 2007 at 01:25:31PM -0400, Rodney Dunn wrote: > >>An arp entry doesn't guarantee transit forwarding. > >> > >>It can lead to a blackhole scenario. > >> > >>So it depends on what level of failover you want. > >> > >>Your request has validity. But given the other variants available > >>to solve the problem it's very unlikely anyone would code it. > >> > >>Rodney > >> > >>On Wed, Apr 04, 2007 at 12:06:12PM -0400, fonesurj wrote: > >>> Yes indeed, this is what is on the table at the moment. > >>> > >>> I was originally just wishing there was a way to do it on arp so that > >>> it > >>> wouldn't require our vendor/customer/whoever to add any additional > >>> configuration and thus engage their change management process and all > >>> of > >>> that administrative overhead and other bologne (like IS saying.. "we > >>> can't > >>> allow that!"). > >>> > >>> At the moment, there are no static one-to-one mappings in place, they > >>> only > >>> reach out to us through the NAT on the outside of the firewall. > >>> > >>> It would just be very convenient to track arp. > >>> > >>> > >>> ----- Original Message ----- > >>> From: "David Prall" <[EMAIL PROTECTED]> > >>> To: "'fonesurj'" <[EMAIL PROTECTED]>; "Rodney Dunn (rodunn)" > >>> <[EMAIL PROTECTED]> > >>> Cc: <[email protected]> > >>> Sent: Wednesday, April 04, 2007 12:28 PM > >>> Subject: RE: [c-nsp] Static route withdrawal / tracking arp > >>> > >>> > >>> > So track something that is through the Firewall. Create a static host > >>> > route > >>> > to the router on the other side of the firewall. You don't want your > >>> > ping > >>> > to > >>> > start working again, unless the firewall is working again. > >>> > > >>> > > >>http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122 > >>> > t/122t15/fthsrptk.htm > >>> > > >>> > David > >>> > > >>> > -- > >>> > http://dcp.dcptech.com > >>> > > >>> > > >>> >> -----Original Message----- > >>> >> From: [EMAIL PROTECTED] > >>> >> [mailto:[EMAIL PROTECTED] On Behalf Of fonesurj > >>> >> Sent: Wednesday, April 04, 2007 10:54 AM > >>> >> To: Rodney Dunn > >>> >> Cc: [email protected] > >>> >> Subject: Re: [c-nsp] Static route withdrawal / tracking arp > >>> >> > >>> >> Can't ping the outside interface of the firewall. > >>> >> > >>> >> I'm not seeing where the functionality required is available. > >>> >> > >>> >> > >>> >> ----- Original Message ----- > >>> >> From: "Rodney Dunn" <[EMAIL PROTECTED]> > >>> >> To: "fonesurj" <[EMAIL PROTECTED]> > >>> >> Cc: <[email protected]> > >>> >> Sent: Wednesday, April 04, 2007 11:16 AM > >>> >> Subject: Re: [c-nsp] Static route withdrawal / tracking arp > >>> >> > >>> >> > >>> >> > You can get the same type thing with Object tracking of > >>> >> static routes. > >>> >> > > >>> >> > Search for it on CCO. > >>> >> > > >>> >> > You can monitor the state of the FW and have the route adjusted > >>> >> > accordingly. > >>> >> > > >>> >> > Rodney > >>> >> > > >>> >> > On Wed, Apr 04, 2007 at 09:57:06AM -0400, fonesurj wrote: > >>> >> >> I have a router connected to a switch on Fa0/0. I have a > >>> >> static route > >>> >> >> pointing to another company's firewall that is out that > >>> >> >> interface. > >>> >> >> > >>> >> >> That static route won't go away if the firewall takes a > >>> >> poop and the > >>> >> >> switch does not. > >>> >> >> > >>> >> >> So wouldn't it be sweet if we could withdraw the static > >>> >> route if the > >>> >> >> firewall stopped responding to ARPs? > >>> >> >> > >>> >> >> _______________________________________________ > >>> >> >> cisco-nsp mailing list [email protected] > >>> >> >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >>> >> >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >>> >> > >>> >> _______________________________________________ > >>> >> cisco-nsp mailing list [email protected] > >>> >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >>> >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >>> >> > >>> > > >>> > >>> _______________________________________________ > >>> cisco-nsp mailing list [email protected] > >>> https://puck.nether.net/mailman/listinfo/cisco-nsp > >>> archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
