Cisco :: First Hop Redundancy Configuration
Jun 8, 2012
I'm shortly going to move our stuff to a new data centre, where we have two network feeds - so there'll be two lengths of CAT 5 coming into the rack, for "first hop redundancy".I have something similar at our existing DC, but I'm simplifying the equation somewhat at the new DC, and using a simpler configuration that just uses two switches, rather than two switches and two routers. All of the servers will have public IP addresses.Now - the network guy at the new DC has confirmed that a simpler two switch configuration will work.
View 17 Replies
ADVERTISEMENT
Mar 16, 2013
I want to configure ASA 5510 with complete redundancy first time. I have already studied all material from cisco web site. but there are avalible alot of material. and i'm confused about the exact my requirment material.
This is current configuration:
active# sh running-config
: Saved
:
ASA Version 8.2(5)
[Code].....
View 10 Replies
View Related
Jun 5, 2011
I configure MHSRP at router Cisco 2901.
Router-B(config)#ip nat Stateful id 1Router-B(config-ipnat-snat)#redundancy SNAT1Router(config-ipnat-snat-red)#mapping-id 1 [code]...
when i write redundancy SNAT2 this error occur:
%Multi-redundancy entry not supported.
View 2 Replies
View Related
Feb 20, 2013
i have new project in hospital with the bellow product :
20 X WS-C2960-24TC-S
2 X WS-C3750X-48T-S
2 X WS-C2960S-24TS-S
i need to configure this switch in order to work first the 2 core switch for redundancy then each catalyst switch 2960 connected to the core with 2 uplink each uplink for each core switch that way i have rendundancy in the connection then i need one vlan ?i need to configure this switch to work perfectly with each other in best redundancy mode?
View 2 Replies
View Related
May 13, 2011
I have a customer who is looking to add some redundancy to their internet connections. Currently we have an ASA 5510 for their firewall. I know that the Sonicwalls are capable of terminating multiple internet connections simultaneously for load balancing, redundancy, and for pushing different types of traffic out different connections. Traditionally the ASAs have not had that capability. But does anyone know if the newer revs (8.3 and I think 8.4 may be out?) will do that or anything similar? Not looking for a full BGP-style solution where the same address space is available via multiple links, but more just a solution where the internet for basic web browsing could fail over and load balance between two internet connections, each assigned to a different outside interface on the ASA.
View 7 Replies
View Related
Jul 16, 2012
We have cisco 1841 router with two ISP . But we facing the problem whenever our secondary ISP Link goes down the Primary has also went down.We have only one default route for primary Link
View 1 Replies
View Related
Jul 26, 2012
I have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
View 3 Replies
View Related
Sep 6, 2011
I have a 4510R+E switch that won't change to the SSO redundancy mode. After entering the 'mode SSO' command, the switch reboots the peer supervisor (as it says it will), but after it comes back up it remains in RPR mode. I've tried rebooting the peer supervisor manually, rebooting the entire chassis, manually power cycling the entire chassis, and reseating the sups, but the switch remains in RPR mode. The issue started when I swapped the switch's supervisor with the supervisor of another 4500. The same issue was observed on the other 4500 as well, but after several reboots, I got it to change to SSO mode. Prior to the swap, both switches were running in SSO mode just fine.Since we're running IOS version 15.0 with the 'spare sup' license, I suspect the issue arose because of licensing complications (with relation to the chassis serial number and the like) when I swapped the sups....although this doesn't explain why the other switch changed to SSO after some troubleshooting.
View 1 Replies
View Related
Feb 21, 2013
I have problems with the RV042 router. Currently I have two Internet service is the first DSL service and the other is through cable. The problem is because the router is not doing the redundancy process. For example if DSL service fails, the cable internet service does not come automatically. You have to disconnect and connect manually to maintain the connection to the Internet. Should not the router do this automatically without intervention?
View 1 Replies
View Related
May 14, 2012
We currently have the following configuration:
STB_6509#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9
2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
View 1 Replies
View Related
Nov 23, 2012
Can the above be used to provide redundancy. However there is only one ISP side connected? Of course we can set up both with exact same rules and use a Manual power on/off if?
View 2 Replies
View Related
Dec 12, 2011
First and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block. I used VRRP for my internal nework and failover have been tested working.
Even tried to remove link of 7204-A and 7609, the failover works perfect. If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works, but pings from internal network to internet is only 50% success....alternate 4 ping reply and 4 time out.
View 6 Replies
View Related
Apr 24, 2012
i have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
View 3 Replies
View Related
Nov 14, 2011
We will be getting a circuit from the same ISP at two of our sites and will be doing eBGP. Couple of notes. 1. We are fully aware of the risks associated with depending on a single ISP and have mitigated them as much as possible with the ISP. 2. We will be getting assistance on the eBGP setup from the ISP, so I’m not as concerned with that config at this point.
Site Summary
Site A:Cisco 2900 Series (RtrA) connected to single Ethernet based ISP circuit (ISP-1-A)eBGP will run between RtrA and ISP-1-A, default routes from provider onlyLayer 2 Switch (SwA) connected to LAN of RtrA and uplinks to SwB
Site B:Cisco 2900 Series (RtrB) connected to single Ethernet based ISP circuit (ISP-1-B)eBGP will run between RtrB and ISP-1-B, default routes from provider onlyLayer 2 Switch (SwB) connected to LAN of RtrB and uplinks to SwA
I need advise on the LAN side redundancy. Our goal is redundancy; load balancing is not a concern (If load balancing ever becomes a concern I will look at GLBP). We have several devices on the LAN side of the routers that can only use a single gateway. Given that I’ve surmised I need to use HSRP in some way for LAN gateway redundancy.
1. HSRP with Object Tracking, No IGP.HSRP handles LAN gateway failover if a router dies. Object tracking ensures LAN gateway failover if an interface fails or if an interface is up, but there is an upstream traffic issue. ie. track the physical WAN interface and use an IP SLA icmp to track a specific upstream IP incase of an upstream traffic issue.
2. HSRP with OSPFHSRP handles LAN gateway failover if a router dies. OSPF redistributes eBGP default routes to RtrA and RtrB so that each router should have a route to the ISP even if they loose their local ISP circuit. i.e if ISP-1-A on Router A goes down, Router A knows to send traffic out ISP-1-B via RtrB. In other words, traffic enters RtrA LAN, but exits on RtrB WAN.
3. HSRP with iBGP HSRP handles LAN gateway failover if a router dies. I have no experience with BGP, but assuming this would work similar to the OSPF solution above except for the required iBGP config and possible route reflectors?
View 2 Replies
View Related
Apr 7, 2011
I'm new to firewall using ASA 5510. How can I have a redundancy over two ASA 5510. Hardware load balancing and IP Load balancing, just like HSRP or GLBP. Below is my diagram.
[code]....
View 2 Replies
View Related
May 4, 2011
Two internet links from different SP using different routers an firewalls connected to a 6513. I need to use these two links as primary and secondary (the secondary will be used just if the primary fails) for just two specific machines and 6513 have to be responsible for jusing between primary and secondary link. The rest of the network have to use just the primary link.
View 5 Replies
View Related
Mar 21, 2013
which option do you think is better? The idea is to use them as the core of the network,to route between several VLANs.
Options:
1 - Two 3560 with HSRP
2 - Two 3750 stacked with cross-stack etherchannel to the access switches
View 11 Replies
View Related
Jun 26, 2011
I designing a new network for the company.
-Core layer is Cat6509 with VSS
-FW Lauer: Cisco ASA 5540
-Switches: L2 Cisco 2960
What is the best plan to make this redundant to the Firewalls?
View 1 Replies
View Related
Jan 15, 2013
[URL]I ran across this on the cisco site and I wondering if it was possiable with two 2851's? The part that is most interesting to me is this part of the config (this looks like what allows the use of the y-cable)
redundancy
#
mode y-cable
how to have a redundant border router with a T1
View 2 Replies
View Related
Jan 22, 2012
actually im using a cisco asa 5520 as a default gateway to acessin/ publishing in the wan. i have a cisco 2811 configured to replace the cisco asa in a case of problem, but the switch is made manually. my lan switch is a 2 3560e configured with hsrp, so it is possible to make redendancy( failover) between the cisco ASA 5520 and the cisco 2811 using a hsrp or other technic.
View 11 Replies
View Related
Mar 12, 2013
I have supervisor engine ws-x4516 with two line card WS-X4424 - GB - RJ45 - 1No ,WS-X4548 - GB - RJ45 - 1No. Now i want switch and hardware redundancy.
View 3 Replies
View Related
Apr 27, 2011
We currently have a 4404 controller that is approaching 100 AP’s (their max). The boss would like to add redundancy into the project. Which leaves me with a lot of questions and I am fairly new to cisco WLAN controllers.While a second 4404 would cover for redundancy would that be true if the AP’s pass the 100 mark?If I get a bigger controller that can support more than 100 (5508?)can the existing 4404 still work in the plan as a backup?Or do I just need to purchase two bigger units and auction off the 4404?
View 3 Replies
View Related
Oct 4, 2011
I will be installing a new ASA 5510 firewall on our SIP vlan to separate our voice traffic from the rest of the traffic. I'm trying to decide whether or not I should go with an active/active setup or an active/standby. Any insight on the best way to set this up? This install is going in from scratch, and I am going to be connecting to a 3750 switch stack. Should I pair up a link from each switch to each 5510 using etherchannels? Should I use 8.3 or 8.4? Most of the docs I've been able to find say it depends on this, that, or the other.
View 2 Replies
View Related
Jan 20, 2013
We are going to implement high availabilty in 5508 WLC with version of 7.3.101 . We will be using Prime infrastructure 1.2 for monitoring purpose.With Prime, whether we can monitor and manage redundant WLC also or only active WLC?.
View 3 Replies
View Related
Oct 8, 2012
Got a situation where Location_A got TWO ISP and Location_B got One ISP.Using ISP 1 link Location_A establishes IPSEC Tunnel with Location_B .How do I establish redundancy from Location_A point of view, if ISP1 is down then ISP2 should establish IPSEC tunnel with Location_B.At Location_A both ISP links terminates on the cisco PIX-525 and all (VPN) crypto configuration is on PIX 525 running version PIX Version 7.2(4)7At Location_B VPN is terminated on a PIX Version 6.3(3).
View 2 Replies
View Related
Feb 9, 2012
I have a question about my ACS redundancy deployment. I bought three ACS all of them came with base license. but i bought large deployment license my question is necesary to buy the large deployment license to add two seconday ACS to my Primary ACS ? now if I install the large deployment in my primary ACS it replique to other ACS or I have to install first the large deployment one by one (secondary ACS) before to join to the Primary ACS.
View 1 Replies
View Related
Jun 21, 2011
We currently run 7206 routers with VAM cards and are able to configure the devices to perform stateful failover of tunnels from router to router. When moving to the 7604 with 15.1 IOS there are not any examples of how to set up the stateful failover of the tunnels between devices. We have the devices in the SSO mode are not able to understand how to get the redundancy between the devices functioning.
View 1 Replies
View Related
Dec 12, 2011
what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block.I used VRRP for my internal nework and failover have been tested working.Even tried to remove link of 7204-A and 7609, the failover works perfect.But somehow we're facing a problem:
- If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works but internal network's internet connection goes down.
I asked our ISP and the route commands they put in their 7609 are as of follows:
ip route 3.8.8.0 255.255.255.0 3.4.4.4 name TO CUSTOMER LINK 1
ip route 3.8.8.0 255.255.255.0 3.3.3.3 2 name TO CUSTOMER LINK 2
And if they're trying to use Reliable Static Routing Backup Using Object Tracking, the internal network's internet connections is intermittent....alternate 4 ping reply and 4 timeout.
Note: IP used are sample only
View 6 Replies
View Related
Nov 1, 2012
have main office of 70 people.Also I have 2 redundant ISP:One give me 20 mbit/s Other only 2 mbit/s and it is my backup ISP.
I have some resources in data center and I need a IPSec VPN to it and some other location. I suppose there will be up to 3-5 IPSec tunnels. I choose Cisco ISR 881-SEC-K9 with one wan port and 4 LAN switch. But know I’m looking for Cisco 891-K9. There is no security bundle for it. But in cisco.com this router is marked Cisco 891-K9 Security router. Does it support security features like VPNs, ZBF, IOS Firewall, NBAR and IP SLA for ISP redundancy? Also if my boss will choose chipper Cisco router 881-SEC-K9. Will I be able to organize 2 ISP redundancy on 4 LAN switch port inside VLAN interfaces because there is only one WAN port?
View 2 Replies
View Related
Feb 6, 2013
getting a secondary isp as back-up and redundancy...and work arounds for ddos's....I just thought that i could use a switch/bridgeable router that can act as a switch... and run that off the first in line off the #1 isp router. Instead of connecting the second into the isp port, i should be able to put the #2 isp line into that. and put #1 ethercable into one of the outgoing ports from the second. And keep all the pc's on the #1 as is....But it should still use both providers simultaniously...right? I have 3 or more routers that can do this, and i have used them like this and shared several pc's internet's other then the primary ISP. But it was shared through the pc. and separate NICS or wifi AP's. I currently have one that will autosense a gig, and have bought another router that can operate at a gig that i plan to put into the #1 position as it's the fastest one. And will keep 1 gig without variability. and also give me wifi n 450-700. And they both support bridgeing,repeating and network balanceing /shareing. This should be possible and i won't have to spend $4,000 on a router with 2 ISP ports, and only uses it as fail-over....=c this should use both simulataniously and balance workloads between each.
View 2 Replies
View Related
Apr 18, 2013
R11 is acting as host for testing purposes (pinging the DG's, and the ISP interfaces -> which are the lo0 address on the routers.I also have another question: How would I go about providing redundancy on the trunks from the Switch to the router?
View 2 Replies
View Related
Apr 1, 2013
We have 3 WiFi links between 2 buildings, these links carry a main data network, a VOIP network and a CCTV network. Occasionally due to unestablished factors we loose one or other of the links for a short period (5mins to an hour). In order to give some redundancy I opted to use a pair of switches and utilize MSTP to give a low cost solution. I have installed an SF302-08P in one building and an SRW208G in the other building and connected ports 1-3 as trunk ports to the three wifi links on both. Ports 5-7 on both switches are set as access ports and connect to the respective networks within that building. MSTP region is set the same on both switches and the instances and VLANs are the same on both switches. I have set port priority and cost to force the three networks to use their own link until a failure occurs. Then within the MSTP instances I have set the path costs such that CCTV or MAIN failover to VOIP last of all. During testing on the bench using patch cables to simulate the wifi links all went well. Upon installation things got a little more difficult. The VOIP network seems to work well but the CCTV won't pass the video traffic until the SF302-08P is rebooted even though I could connect a PC and login to the CCTV devices from either direction. More serious though is no matter what I do the MAIN network will not pass traffic. The MSTP interface settings show the correct port states with (in the case of MAIN network - MSTP instance 3) Port 1 Alternate, Port 2 Discarding, Port 3 Forwarding and Port 7 Forwarding.However a pcap shows no traffic across the wifi link on VLAN 4 (MAIN) although Layer 1 must be ok as VLAN1 is fine. The only other factor that may be relevent could be the wifi units themselves as the CCTV and VOIP links use an older 2.4GHz bridge while the MAIN link uses a newer 5GHz bridge. The 2.4G units have no knowledge of STP while the 5G units are 802.1d aware but I'm sure I read somewhere that 802.1d devices will cause problems with RTSP or MSTP networks due to the BDPU message format compatability, therefore I left it disabled.
View 10 Replies
View Related
Sep 9, 2012
I have a 6509 switch with SSO Redundancy (STANDBY HOT) with IOS ver 12.2(17d)SXB11, RELEASE SOFTWARE (fc1) (c6k222-jk9sv-mz.122-17d.SXB11.bin). I need to upgrade the IOS on this switch.I have 512MB Memory on the switch and 40144896 bytes free on Disk0.which IOS is the latest version to upgrade and also give me some hints for IOS upgrade on this switch?
View 7 Replies
View Related
