Cisco Switching/Routing :: 3560E - HSRP Gateway Failover And Routing Table
Nov 12, 2012
We have two Cisco 3560E layer 3 switches at the core of our network. The switches are configured as an HSRP pair and the clients on our network point to the HSRP address as their default gateway. So if CORE-A dies, then CORE-B will pick up the address and the default route for the clients will continue to be available.We also need to specify a few static routes on the core switch to allow us to get to specific networks. Is there a way to do this so that the routes failover in the same way that the default gateway does?
View 2 Replies
ADVERTISEMENT
Sep 8, 2012
Below is a basic image of the HSRP and backup link setup for our LAN.
The virtual IP 192.168.178.50 resides on the primary router and fails over to the backup router. Internal default gateways for the switches are set to 178.50.
Switch1 is Layer3 and has two static default routes configured as:
ip route 0.0.0.0 0.0.0.0 192.168.179.50 track 1 - - - (interface line-protocol track)
ip route 0.0.0.0 0.0.0.0 192.168.178.50 2
And the primary router has a static route out 179.50 which tracks the interface (route goes down if interface is down), and a backup static route.
ip route (internal LAN) Gi0/1 track 1 - - - (interface line-protocol track)
ip route (internal LAN) Gi0/2 2
Everything works fine. If the primary router fails, Switch1 tears down the route across Vlan179, HSRP fails over the IP to the backup router and routing continues as normal. If the link across Vlan179 fails, the routers tear down the primary routes and again, things continue as normal.
The problem comes when the primary WAN link fails but the router remains up. This means the default route is still across Vlan179. Normally, Id set an IP SLA on Switch1 to track the WAN link BUT Switch1 only has the BASE IOS and the company wont pay for the Advanced IP IOS so I dont have IP SLA as an option.
How can I get the static default route to failover in the event that only the primary WAN link goes down?
View 12 Replies
View Related
Feb 27, 2013
I have two Cisco ASA 5510s that I would like to configure in an active passive failover setup. The ASAs are at the top of our rack and handle all our routing. We have been only using one ASA unit with one line from our ISP connected to the WAN/outside interface of the ASA. We recently had our ISP setup two lines into our rack using HSRP. I do not know what equipment they are running upstream of our ASAs but it is HSRP so it should be a set of Cisco routers/switches. Originally I thought I could just connect the 2nd new line to our 2nd ASAs WAN/outside port and setup failover using a crossover cable between the ASAs. After doing this config I had problems accessing some of our IPs in the subnet that the HSRP is part of. If I disconnected the 2nd ASAs WAN/outside line everything was fine. After talking with my ISP they explained that I need to connect both of my lines into our L2 network and then from there into the ASAs. Currently below the ASAs I have two Catalyst 3560-X switches. They are connected together with an ISL trunk and ASA-1s inside network connects to switch-1 and ASA-2 to switch-2. One idea was to connect each of the HSRP lines to each of my current switches and then from the switches to the ASA's WAN/outside interface. Finally back down from the ASA's to the switches via the inside interface that we have currently. This kind of seems messy and a poor choice. The other idea is to get two switches that would sit above the ASAs and connect the HSRP lines to them with the switches connected together. They would then connect to the ASAs. I like this idea better but I don't like having to buy two more full switches for this. These switches would only use a couple of ports and only handle just the HSRP ISP lines to the ASAs. Putting in two more 3560-Xs would be a big waste of money and space for this. So I was thinking of using two Cisco SG200-08, 8 port gigabit basic managed switches for this.
View 5 Replies
View Related
Apr 18, 2012
we are planing to run HSRP on our Nexus 5ks (with L3 card) and we use VPC to connect the downstream UCS - Fabric Interconnects to the 5ks. I was wondering if the peer-gateway command is required under the vpc domain config? When you use HSRP with VPC, both the active and standby HSRP peers can forward layer3 traffic, isn`t that the same that peer-gateway would achieve?
View 1 Replies
View Related
Feb 12, 2012
Turned up a new colo service last week using some PIX 515E firewalls and two Cat 2950 series switches. I have attached a diagram of the layout which I have used elsewhere with good success. Basically I have two switches connected together via port channel (2 ports). The colo facility gives me two HSRP enabled links, of which I plug one into switch A and the other in switch B. The PIxes are a failover pair with the primary plugged into the same switch A as the primary HSRP link.The backup PIX is plugged into the backup switch where the backup HSRP link is. When I unplug the primary HSRP link the PIX can ping the HSRP gateway still, but nothing beyond that. Nothing gets it to work until I plug the link back in.
The only thing I could see that might cause an issue is the 'ip verify reverse-path' command on the PIXes. But even the switches cannot ping out beyond the HSRP gateway. Just seems like all inbound routing stops. I am not sure what the colo facility has going on their side but it seems like they are using just some Cisco 6509s and doing HSRP between them. Seems pretty simple but so far this is proving un-usable as is.
The PIX BTW just uses a default route to the HSRP gateway.
View 3 Replies
View Related
Feb 19, 2012
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
View 9 Replies
View Related
Apr 18, 2012
I am looking for a PoE switch with Routing capabilities (e.g osfp) something lower end than 3560E.
View 10 Replies
View Related
May 21, 2012
I'm attempting to configure two ASA 5520 for active/standby failover.When I enter the “failover” command to enable the config on the primary ASA, the entire routing table disappears.There is no routing process running, only static routes are configured.
Is this an expected behavior of the failover process and if so, how long should I wait for the routes to come back?
View 5 Replies
View Related
Feb 19, 2012
I have a few 3560E running Ver 12.2(50)se2. Can these boxes be configured to run VRF. I see a "sho IP VRF" option, but I do not see it available when under config t. Do I need to do a IOS upgrade to be able to configure VRF?
View 7 Replies
View Related
Sep 2, 2010
I upgraded four 3560E, 12.2(44) to 12.2(55)SEThree 3560 works fine, the last one stops after 17-18 seconds with a solid green LED. I cant get into ROMmon, the switch doesn't boot up. its like "dead but still alive"
My TS:
1: Removed all SFPs.
2: Reset PSU and fan modules.
3: Replace PSU and fan modules.
4: Try to get into ROMmon.(pushing mode button and break seq.)
Startup LED:0-1 seconds: SYST: Amber RPS: Amber STAT: Green DUPLEX: Green SPEED: Green
1-17 seconds SYST: Blinking Green RPS: OFF STAT: OFF DUPLEX: OFF SPEED: OFF
18 s--> (only testet up to one hour) SYST: Solid Green RPS: OFF STAT: OFF DUPLEX: OFF SPEED: OFF
A working 3560EStartup LED information. If I compare a working switch with the faulty switch I can see about 18 seconds into bootingSYST change very fast from green to amber and continues with booting,this doesnt happened on the faulty switch (solid green 18 seconds). Pushing MODE button, doesn't get me in to ROMmon, this works for all the other switches.On a normal 3560 it takes around 40 seconds before I get in to ROMmon. With this faulty switch it stops after 18 seconds(solid green) and it doesnt respond.
View 7 Replies
View Related
Jan 27, 2012
recently a Cisco 3560E switch went down due to a power surge. the switch is getting power but i am only seeing the below message continously. it is keep on rebooting. i try to reset to factory settings/ safe boot nothing worked. is there any way i can bring the switch up or it is hardware failure.Using driver version 1 for media type 2Base ethernet MAC Address: 00:23:33:af:1b:00Xmodem file system is available.The password-recovery mechanism is enabled.Using driver version 1 for media type 2Base ethernet MAC Address: 00:23:33:af:1b:00Xmodem file system is available.The password-recovery mechanism is enabled.
View 5 Replies
View Related
Nov 2, 2011
3945 is running c3900e-universalk9-mz.SPA.151-4.M2
3560e is running c3560e-universalk9-mz.150-1.SE
I've got brand new 3945's with onboard 16-port 3560e switches. On the first power up I see that there are several new vlans added that appear to be default vlans..
vlan 2 name fst2
vlan 3 name fst3
vlan 4 name fst4
vlan 5 name fst5
vlan 6 name fst6
vlan 20 name VLAN0020
vlan 21 name VLAN0021
vlan 22 name VLAN0022
vlan 23 name VLAN0023
vlan 99 name VLAN0099
I deleted the vlan.dat and reloaded the switch but these vlans come back. What these vlans are intended for and is there a better way to get rid of them? What does "fst" stand for?
View 4 Replies
View Related
Mar 11, 2013
I have a cisco 3560E switch setup with LACP, when using LACP i receive alot of packet loss / output drops
When a ping from the server behind LACP:
--- google.com ping statistics ---
44 packets transmitted, 39 received, 11% packet loss, time 42990ms
what would cause this packet loss with lacp?
some output from the switch:
Port-channel12 is up, line protocol is up (connected)
Hardware is EtherChannel, address is d0d0.fd58.7390 (bia d0d0.fd58.7390)
Description: LACP-PORT
[Code]....
View 2 Replies
View Related
Jun 17, 2012
I implemented the 3560E switch, this one have two Giga bit ethernet/10-Gigabit Ethernet module slots. I used the Twin Gig Converter Modules and one SFP. All configuration was applied in the Ten Giga bit, however the interface giga bit ethernet is UP UP state and the Ten giga down down.
View 3 Replies
View Related
Feb 27, 2013
I have configure multiple vlans on both the core swithces below is the example, my question is how will be my VTP server configuration on the 3560E since both the core switches will have identical vlans HSRP 2 configured on them. Do I have to configure both the cores with same DOMAIN NAME ?
The core has VTP 2 so I cannot use primary and secondary option.
CoreSwitch1
interface Vlan713
ip address 194.43.86.251 255.255.255.0
standby version 2
standby 86 ip 194.43.86.1(code)
View 3 Replies
View Related
Dec 5, 2012
I started using RIPv2 on Packet Tracer. I got two subnets to connect with two routers. After I completed that, I decided to add a third router. How to setup the Routing Table for atleast R3 ?
View 5 Replies
View Related
Oct 2, 2012
I am using Cisco 2911 & IOS version is 15.1. My problem is that after some days (e.g. 15-20 days), the routing table suddenly stops updating & then I have to enter the default route again to make it up. I am using Track 1 to track default route here. After primary link goes down, the Track is also going down but after coming the primary link up, the track is not coming up. So, I have to add the default route again to make it up.
View 2 Replies
View Related
Nov 14, 2012
We have small which I'm looking to implement and have built this on GNS3.
We have:
Router A in site 1
Router B in site 2
Router C in site 3
Router A and B are connection via a point to point 100M link and from Router C we have a 2 point to point one of which is 5Mpbs and going to Router A and Router B.
For Router C to reach Router A network it will go via Router B and these are 100M connection. When the link between Router A and B goes down. Router C should update and start using the 5m route.
For some reson, the routes are not updating. I have to do 'clea ip eigrp ne' for the routes to update and if I reload the routers all works well, it seems the problem is intermittent.
View 13 Replies
View Related
May 22, 2013
I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists. However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.
Here is the config on the ABR:
prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32
!
!
router ospf 1
network 10.0.0.0 255.255.255.0 area 0
network 10.150.10.0 255.255.255.0 area 10
network 10.150.252.0 255.255.255.224 area 10
[code]....
The 206.253.180.137 host is actually coming from Area '3'. Am I doing something that is removing all type-3 LSA's?
View 3 Replies
View Related
Sep 23, 2012
I'm trying to configure "IP PIM SPARSE-MODE" command on a vlan interface on a 3560E switch but it doesn't give me the option to do this. The only option available is ip pim passive. What would cause this ? On the same switch a physical interface is already configured with IP PIM SPARSE-MODE.
View 2 Replies
View Related
May 15, 2013
I recently upgraded a remote site of mine to IOS 15-2.SE ipbasek9 on 3 3560E series switches. On switch number 2 I have 5 VG224's running (vg224-i6k9s- m) 12.4(22)T3. After the switches reloaded the VG224's dropped their connection. After doing all basic troubleshooting I reloaded the 12.2 (58)SE2 ipbasek9 image back on to the 3560E's and the VG224's reconnected immediately after reload and all phones registered.
Is the problem a licensing issue with the 15.x IOS on the 3560's or do I need to upgrade the VG224's to IOS 15.x as well for them to connect and operate via the 3560e switch running 15-2?
View 1 Replies
View Related
Apr 13, 2011
I have 3560e which doesn't appear to be passing igmp traffic to the upstream router
PC1 ----------- ASA ------------ PC2--------- 3560e ----------- 3825 -------------------- WAN --------------------- Router ------------- Server
My ASA runs SMR, has an igmp forward interface outside command on the inside and has a trunk port to the 3560e (V lans 32 & 48).PC2 is a test pc on the 3560e on vlan32. 3825 is my ISPs router on vlan32.
- if i try to access the stream from PC2 it works.
- if i try to access the stream from PC1, i see the igmp join leave my ASA onto the 3560E (i've captured on the 3560e's link to the ASA).
I've also captured on the ASA and i can see the igmp packet leave the outside interface but the join doesn't reach the 3825 (i've captured on the 3560e port facing the router and there is no join being forwarded).the switch is running in layer 2, 12.2(35r)SE1.
switch#sh ip igmp snooping querierVlan IP Address IGMP Version Port---------Switch#
Global IGMP Snooping configuration:------------------------IGMP snooping : EnabledIGMPv3 snooping (minimal) : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count : 2Robustness variable : 2Last member query count : 2Last member query interval : 1000
View 2 Replies
View Related
Apr 15, 2012
We have a Site that is connected via Wireless Bridge to the Main Site, the site is on separate VLAN with Cisco 3560 switch. The main site has 6509 swith. Configuration as per attached diagram. We are connecting a fiber between the remote and the main site and adding a 3560E switch at the remote site, however we would like to keep the wireless connection as a backup in case the fiber is severed the wireless will be availble. Attached diagram shows detailed cofiguration. I would like to know what should I change to make this working. STP is enabled on all switches.
View 3 Replies
View Related
Dec 12, 2012
We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
View 3 Replies
View Related
Nov 11, 2012
is it possible, to use a Catalyst Switch (in my case a 3560E) as a source for a console session to another Catalyst? In principle to use it as a console terminal server.
View 1 Replies
View Related
Dec 1, 2011
I need to know the key functional differences between the Catalyst switches 3560E, 3560X and 3560G.
View 1 Replies
View Related
Dec 6, 2011
We are receiving a large amount of output drops on 4 interfaces that connect to microwave wireless.This is playing up with our Management system. Saw a bug report but that was for 3750, not the IOS version but was a similar issue. [code] The output errors tend to happen at the same time. All ports are trunks however there are other trunks on the switch that are not having these issues. [code]
View 7 Replies
View Related
Apr 2, 2012
We're in the process of swapping in a new pair of ASA5520s and Catalyst 3750s to support two separate business units. We want Firewall A and Switch A to handle traffic for Org A (VLAN 100). Similarly, firewall B and Switch B should handle traffic for Org B (VLAN200). But we want to be able to fail traffic over in case of firewall or switch failure. Traffic between the two Orgs is being routed at the switch level. [code]
The uplink interface on each switch is currently a routed port with a static address on the uplink subnet. This works fine in a normal state. However, when we fail over one of the firewall contexts to the other chassis, this results in the inability to route internal traffic because the internal interface is now physically connected to a different switch with a different IP port address (obvious in hindsight). The question is, rather than a routed port, what would be the proper way to handle traffic between the switches and firewalls in a failover scenario? If I make the uplink ports into trunks, won't this cause all packets destined for either firewall to hit both both? Seems like that's not the way to go either? [code]
View 0 Replies
View Related
Jan 16, 2013
In datasheet of WS-SUP720-3B - link- was said that are only supported around 256K routes (fib?rib?).With this value I can't get 2 full bgp - that is around 850K ..
The supervisor is that control this or just memory ? I said this because I have a 7204-npe-g1 whith 2 fullrouting and 1G of and he are ok..
View 3 Replies
View Related
Oct 18, 2011
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
View 5 Replies
View Related
Apr 23, 2012
I need 10gigbit uplink for this switch. What are the other devices that i need order along with this device.And what is the diff between X2-10GB-LR= and CVR-X2-SFP.if i take CVR-X2-SFP, in future how can i upgrade from one gig to 10 gig?for current use i need 10gig support required. so what are all the other devices that i need to order.Fiber multimode and distance 15Mt only.
View 2 Replies
View Related
Oct 7, 2012
I configure HSRP on Router 2951 as a primary router, and Router 2811 as backup router. But when I am switching off my Primary router the backup router is taking 2 mins to take over form primary router.
[code]....
View 4 Replies
View Related
Jan 8, 2012
I want to setup HSRP between three 6509 switches with a single virtual ip for all the three switches.
know if its possible and share any site or config.
View 1 Replies
View Related
