IP SLA for multi WAN failover on Cisco 3560 X IP Services

We have purchased a Cisco 3560X Layer 3 switch to replace our old L2 Switch and Router - we have an MPLS network and a backup DSL internet connection in place currently.  

Currently our Cisco 2821 Router Has IP SLA configured to switch over from the MPLS WAN connection when the link is lost to a DSL connection.  We want to replace this router with the 3560X (enterprise licensed IP Services) but we can't figure out how to setup the IP SLA/Track portion of this like it was before on the router?  Is this possible?  The IOS on this switch is ver. 15.02  

Thanks very much!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

We do this quite a bit with 3560X running IP Base, 15.0. Not sure why your setup would be different. For our setups, we have a service provider managed router, self managed router, and 3560X in ip routing mode in a transit/dmz network. For example, let's use the subnet for transit: - Service Provider managed router - Self managed router connected to broadband provider - 3560X switch

Our config looks like this:
ip sla 1
 ! Rather than ping provider gateway, you might want to ping the next hop
 ! from the service provider router, if that remains constant.
 frequency 30
ip slap schedule 1 life forever start-time now
ip sla enable reaction-alerts

track 1 ip sla 1 reachability

! Static routes:
ip route track 1
! Some versions we have trouble mixing name and track:
ip route 250 name BROADBAND
LambtonAuthor Commented:
Excellent!  Thanks!  I'm going to give that a try - I think our syntax wasn't quite right, it's a bit different than what we had in our routers.  I'll let you know how it works - thanks!
LambtonAuthor Commented:
So I believe the commands were correct, and the IP SLA Failover is configured and working, however I'm trying to test this on my bench connecting to a small xtm25 watchguard firewall as my backup ISP.  this is the same as what we have in production, however on our router in production we have bridge groups setup and using ip nat on the BVI interfaces - it doesn't seem this switch or IOS version accepts these commands.  

This is the first time I've attempted to setup a layer 3 switch as a router, and I assumed it would carry over the same if not close to the same configuration as the router does, but I guess I should not have assumed this.

Is IP NAT and/or bridge groups going to be required for what I'm trying to do?  
again, this is a WS-C3560X-48  with software version 15.0(2)SE8.

just some more info that may help:
Our internal network data vlan at this particular site is
the internal interface on the backup internet firewall is
the interface on the switch that connects to the backup FW int is

Here is what we have on the router right now, that we are trying to convert to the new L3 Switch:
ip sla monitor 1
 type echo protocol ipIcmpEcho source-interface BVI15
 frequency 5
ip sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
interface FastEthernet0/0/0
 description BackupInternet
 switchport access vlan 99
 no snmp trap link-status
interface Vlan99
 description BackupInternet
 no ip address
 bridge-group 99
interface BVI99
 description BackupInternet
 ip address
 ip nat outside
 ip virtual-reassembly
ip route track 1
ip route 200
ip route

Open in new window

Anyway, this is what I'm trying to achieve with the new switch and it's a newer IOS as well, and well they just don't simply convert over - hopefully it's possible.

Thanks again!
I don't think you can NAT in the 3560X. The 3850 had the "ip nat" commands, but I don't think it actually worked. You will probably need an actual router for NAT support. Even if it did support NAT, you would need stateful firewall filtering.

Assuming you have the following at the site:
1) Watchguard firewall, performing NAT and stateful inspection, connected to DSL
2) LAN 3560X switch
3) Ethernet handoff from MPLS service provider, no NAT required.

We would configure the 3560X like this:

! [i]Also include modified IP SLA commands[/i]
Interface Vlan 13
 description LAN
 ip address

interface Vlan 300
 description WAN transit
 ip address

interface Gi0/48
 description MPLS Handoff (assume SP has used
 switchport access vlan 300

interface Gi0/47
 description Watchguard (
 switchport access vlan 300

! Service provider will need to static route to
! We send everything to MPLS while it is up, Watchguard when down:
ip route track 1
ip route 250

Open in new window

In our environments, the service provider provides a managed router on site, which we point to. We also run OSPF between the backup router and the MPLS router (IP Base on switches, so while OSPF could work, it might be licensed for non-routed link). The service provider accepts and uses the default route advertised by the backup router and will send Internet bound traffic to the local backup Internet router. If the local backup router stops advertising, the service provider's default route gets used.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LambtonAuthor Commented:
Thanks very much rkrug8421; I got it working with your help!  :-)

Much appreciated!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.