IP SLA - Very obscure question!

Question:

I have a question about Cisco Catalyst 3560  whether I can force an interface into down state if another interface is down (or a tracking object is down).

Our topology is:

CORE --- CE ROUTER 1 --- SWITCH

  |                       |

  ------ CE ROUTER 2 ------

Primary IP addressing:

[www]---CORE---140.0.0.1

140.0.0.2---CE ROUTER 1---39.0.0.1

Secondary IP addressing:

[www]---CORE---150.0.0.1

150.0.0.2---CE ROUTER 2---39.0.0.1

On the core router, we have a static route to 140.0.0.0/30 and 39.0.0.0/29 with a next hop of 140.0.0.2. These two static routes are tracked by an IP SLA that pings 140.0.0.2.

On the core router, we have a static route to 39.0.0.0/29 with a next hop of 150.0.0.2 with an AD of 100.

On the CE Router 1 (primary) we had HSRP set up that was tracked by an IP SLA that pinged 140.0.0.1. If the tracker went down, HSRP failed over. During this scenario, the IP SLA on the core router also failed, bringing down the static route to 39.0.0.0/30 through the primary line, and installed the route to 39.0.0.0/30 through the backup line (150.0.0.0/30).

That all worked fine. I have now been asked to set up HSRP on the LAN side too. I created a new tracker that tracked the line protocol of the LAN interface. I added that to the HSRP config. Now, if either the line protocol of the LAN interface fails, or (as before), if there is a WAN link failure, HSRP fails over. That works on the customer's side.

However, during a simulated LAN cable failure, HSRP goes down on the customer primary router, and fails over to the secondary router. So now, all traffic destined for the internet exits through the secondary router. However the IP SLA on the core router is still working (no WAN line failure) and so the return traffic comes back through the primary router, cannot get anywhere and is black holed.

I have got around this by changing the core router IP SLA to ping 39.0.0.1 instead, and although not test yet, should work. However, I was wondering whether there was any way around this without touching the core router? Can I set up anything on the CPE that automatically brings down the WAN interface should the LAN interface fail also, thus making the core IP SLA fail?

Answer:

You could configure EEM (Embedded Event Manager) to Cisco 3560 Switch carry out an action following an event.