Courseiva
Network ServicesCCNA 200-301

IP SLA Probe Failing — Unable to Measure Network Performance

Presenting Symptom

The IP SLA probe shows 'Timeout' or 'Over Threshold' in the statistics, and the network performance measurements are not being collected.

Network Context

A small branch office with a Cisco 4321 ISR router running IOS XE 16.9 connects to the corporate headquarters via a WAN link. The router is configured with an IP SLA probe to measure round-trip time to a server at HQ (10.1.1.1). The probe is used for tracking and potential route manipulation.

Diagnostic Steps

1

Check IP SLA Configuration

show ip sla configuration
IP SLAs, Infrastructure Engine-II.
Entry number: 1
Owner: 
Tag: 
Type of operation to perform: icmp-echo
Target address: 10.1.1.1
Source address: 192.168.1.1
...
Request size (ARR data portion): 28
Operation timeout (milliseconds): 5000
Type of service parameters: 0x0
Verify data: No
...
Schedule:
   Operation frequency (seconds): 60 (not considered if randomly scheduled)
   Next Scheduled Start Time: Start Time already passed
   Group Scheduled : FALSE
   Randomly Scheduled : FALSE
   Life (seconds): Forever
   Entry Ageout (seconds): never
   Recurring (Starting Everyday): FALSE
   Status of entry (SNMP RowStatus): Active

Verify that the probe is configured correctly: target address, source address, type (icmp-echo), timeout, frequency, and that the status is Active. If the status is not Active, the probe may be misconfigured or not scheduled.

2

Check IP SLA Statistics

show ip sla statistics
Round Trip Time (RTT) for   Index 1
   Latest RTT: NoConnection/Busy/Timeout
   Latest RTT: NoConnection/Busy/Timeout
   Latest RTT: NoConnection/Busy/Timeout
   Number of successes: 0
   Number of failures: 10
   Operation time to complete: 0 ms

If the output shows 'NoConnection/Busy/Timeout' and zero successes, the probe is failing to reach the target. This indicates a connectivity issue or misconfiguration.

3

Test Basic Connectivity to Target

ping 10.1.1.1 source 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

If the ping succeeds, the issue is specific to IP SLA. If ping fails, there is a general connectivity problem (routing, ACL, firewall). In this scenario, ping succeeds, so the problem is with IP SLA itself.

4

Check IP SLA Reachability with Debug

debug ip sla trace 1
IP SLAs: icmp-echo operation 1, from 192.168.1.1 to 10.1.1.1: timeout
IP SLAs: icmp-echo operation 1, from 192.168.1.1 to 10.1.1.1: timeout

The debug shows that the probe sends ICMP requests but receives no reply. This confirms the probe is failing despite successful pings. The issue may be that the source address used by IP SLA is different from the ping source, or the target is not responding to IP SLA probes specifically (e.g., due to ACL filtering ICMP echo requests with certain options).

Root Cause

The IP SLA probe is configured with a source address that is not the router's interface IP used for the ping test. In this case, the probe uses source 192.168.1.1, but the router's actual interface IP is 192.168.1.2. The target server's ACL permits ICMP from 192.168.1.2 but not from 192.168.1.1, causing the probe to time out.

Resolution

Configure the IP SLA probe to use the correct source IP address (the router's interface IP) or remove the source address to use the outgoing interface IP. Commands: ``` configure terminal ip sla 1 icmp-echo 10.1.1.1 source-ip 192.168.1.2 end ``` Alternatively, if the source should be the interface, remove the source-ip option: ``` configure terminal ip sla 1 no icmp-echo 10.1.1.1 source-ip 192.168.1.1 icmp-echo 10.1.1.1 end ``` Then restart the probe: ``` ip sla restart 1 ```

Verification

Run 'show ip sla statistics' and 'show ip sla configuration' to confirm the probe is now succeeding. Expected output: ``` show ip sla statistics Round Trip Time (RTT) for Index 1 Latest RTT: 2 ms Latest RTT: 3 ms Latest RTT: 2 ms Number of successes: 3 Number of failures: 10 Operation time to complete: 2 ms ``` The 'Latest RTT' should show a value, and 'Number of successes' should increase.

Prevention

["Always verify that the source IP address used in IP SLA matches the router's interface IP that will be used for the probe.","Use the 'source-interface' keyword instead of 'source-ip' to automatically use the IP of the specified interface, reducing misconfiguration.","Test basic connectivity with ping using the same source IP as the probe before configuring IP SLA."]

CCNA Exam Relevance

On the CCNA 200-301 exam, IP SLA troubleshooting may appear in multiple-choice questions or simulated lab scenarios. The exam tests understanding of IP SLA configuration, verification commands, and common issues like source IP mismatch. A candidate must know how to interpret 'show ip sla statistics' and 'show ip sla configuration' to identify failures.

Exam Tips

1.

Remember that IP SLA uses its own source IP; if not specified, it uses the outgoing interface IP. A common mistake is to assume it uses the same source as a ping without the source option.

2.

Know that 'show ip sla statistics' shows 'NoConnection/Busy/Timeout' when the probe fails, while a successful ping does not guarantee IP SLA success.

3.

Be familiar with the 'debug ip sla trace' command to see real-time probe activity, but remember that debug commands are not always available in exam simulators.

Commands Used in This Scenario

ping [ip]

The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions