Cisco Switching/Routing :: ISR 881-SEC-K9 Vs 891-K9 And 2 ISPs Redundancy
Nov 1, 2012
have main office of 70 people.Also I have 2 redundant ISP:One give me 20 mbit/s Other only 2 mbit/s and it is my backup ISP.
I have some resources in data center and I need a IPSec VPN to it and some other location. I suppose there will be up to 3-5 IPSec tunnels. I choose Cisco ISR 881-SEC-K9 with one wan port and 4 LAN switch. But know I’m looking for Cisco 891-K9. There is no security bundle for it. But in cisco.com this router is marked Cisco 891-K9 Security router. Does it support security features like VPNs, ZBF, IOS Firewall, NBAR and IP SLA for ISP redundancy? Also if my boss will choose chipper Cisco router 881-SEC-K9. Will I be able to organize 2 ISP redundancy on 4 LAN switch port inside VLAN interfaces because there is only one WAN port?
I need to know if the cisco ASA next generation specially ASA 5515X support PBR or no ?how to implement it? Also if i have many internet connections and i need to dedicate 2 ISP’s ADSL internet lines to certain service (such as mail) if the 1st fail, so the 2nd line come up to make redundancy with it ----------- Is this available on cisco ASA next generation.
I am moving a very small branch office to a new location, but we have a centrally controlled IT infrastructure team in Europe. I would like to implement a hosted VOIP solution without impacting the current network setup (i.e., VPN/Firewall) or asking this IT team to change anything on the existing LAN Network except the IP address/gateway. The VOIP system will have its own cabling.
Here is the configuration I would like: • Cisco 861 as main gateway to the Ethernet from the ISP’s modem • 2 static public IPs from the ISP, one for the VOIP network and one for the LAN • Cisco 861 acting as NAT/DHCP for the VOIP system on one static public IP • My company’s Juniper device on the second static public IP managing NAT for the LAN
I have a diagram here to map out what I am considering:
Two options I have seen:
• Setup Proxy ARP on the Cisco router, allowing the Juniper device a transparent (and unsecured/firewalled) route to the internet to get the Public IP and manage the LAN (seen in picture)
• Install an additional switch (with proper QOS prioritizing VOIP) at main entry point of location, and have both routers behind this (to minimize configuration of the Cisco router).
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
I would like to provide full redundancy for all vlans being used by VM Guests on the VM Host as well as the management vlan being used by the VM Host.I have created two LACP etherchannel connections on the VM Host. Each etherchannel from the host consists of 4 ports spanning a single NIC. One etherchannel connection goes to a trunked etherchannel connection on switch 1, and the other etherchannel connection goes to a trunked etherchannel connection on switch 2.Switch 1 and switch 2 have an etherchannel connection between them that carries all of the vlans in the topology.Vlan 2 is the managment vlan. Vlans 3, 4, and 5 are vlans that VM guest systems will be using for normal data traffic.
I intend to use switch 1 as the VRRP active router and spanning-tree root bridge for vlans 2 and 3.I intend to use switch 2 as the VRRP active router and spanning-tree root bridge for vlans 4 and 5.The spanning-tree configuration is using multiple spanning-tree with two instances. Instance 1 has vlans 2 and 3 associated and Instance 2 has vlans 4 and 5 associated. I would like to have this topology be fault tolerant to the point where if one of the etherchannel links between the host and one of the switches goes down, (for example, if switch 1 was powered off) traffic will be automatically redirected through the other functional link. I believe that my VRRP configuration would allow for a fairly quick failover of layer 3 services, but I am not certain that my design will be functional at a layer 2 level.
What I am uncertain about is how spanning-tree will converge. I am assuming that the virtual switch on the VM host will not be forwarding any BPDUs being sent by either switch. Would either of the links connecting to the host be considered a redundant link by either switch?Would the link between switch 2 and the host be inactive for all vlans in MST instance 1 during normal operation?Conversely, would the link between switch 1 and the host be inactive for all vlans in MST instance 2 during normal operation? Would all links remain active for ALL vlans? Would this mean that some traffic may travel through switch 2 to reach switch 1 instead of going directly to switch 1?
We have our WAN setup as explained in the attachment herewith. As of now, We have a IP 1 configured as HSRP IP in the LAN switch end at Site A and Site B. As per the HSRP priority, Site A's WAN router will preempt to be the Active WAN router. 1*1Gig link at both DCs connect to the respectve WAN router.
But with this setup, we experience a WAN outage whenever there is a link disconect at Site A - as HSRP fails over from Active to Standby(Site B) and again when the link at Site gets restored. To avoid this :
Is it possible to have the HSRP configured over a port channel at Site A and B (or atleast at Site A) ? In that case, will there be a need for the ISP to change their configuration except to configure a port channel ? The ISP has Cisco 7000 series router which connects to 3750 stack at DC lan.
I have a 6509 switch with SSO Redundancy (STANDBY HOT) with IOS ver 12.2(17d)SXB11, RELEASE SOFTWARE (fc1) (c6k222-jk9sv-mz.122-17d.SXB11.bin). I need to upgrade the IOS on this switch.I have 512MB Memory on the switch and 40144896 bytes free on Disk0.which IOS is the latest version to upgrade and also give me some hints for IOS upgrade on this switch?
we are in the planning phase for a network upgrade. We have two C2960 Switches connected via one (L2) Etherchannel (4x1 Gbit/s) which works very well. In the next phase we would like to upgrade our router to an 2911 series which has 3 gb interfaces. and indeed we would like to create an etherchannel as well. our plan is to use 2 of the 2911 to connect to the first 2960 switch and the one left to the other 2960. i think we will achieve some redundancy with this config.
Can any share some useful links on how this works and how to configure it? Do you still need to configure FHRP or does configuring redundancy take care of active/standby relationship between the ASR's?
I have a setup with two Cat 4506E working as a HA,I used a bundle 4Gb interfaces working as ether-channel,I'm facing a problem with DHCP pools on the both SW's,There is no problem if I use the pools on one sw,But when I but the pool on both sw's then I faced a lot of conflict IP in the DHCP pools,How can setup a real DHCP redundancy on both SW's,
Why rpr is the only available redundancy mode option available to me. I'm running a 4507R+E with twin SUP7-E's.
Abbreviated show ver Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.03.01.SG RELEASE SOFTWARE (fc2)Technical Support: [URL]/techsupportCopyright (c) 1986-2012 by Cisco Systems, Inc.Compiled Sun 26-Aug-12 13:45 by prod_rel_team ROM: 15.0(1r)SG2gp08401 uptime is 6 weeks, 6 days, 4 hours, 59 minutesUptime for this control processor is 6 weeks, 3 days, 2 hours, 21 minutesSystem returned to ROM by RPR SwitchoverSystem image file is "bootflash:/cat4500e-universalk9.SPA.03.03.01.SG.151-1.SG1.bin"Jawa Revision 7, Snowtrooper Revision 0x0.0x1C
I am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
I want to have an opinion that which switch shall I replace the Cisco 2960s with so as to elimintae the need for spanning tree in there but then what would be the design look like between Netscreen and those new switches. Also would it be vendor independant to work Between Cisco and Netscreens/Cuberguard.
Four 6500 connected to each other to form a full mesh. Switches 4 and 7 is running eigrp. A question came up, why didnt it have eigrp on SW 2 & 3 ? Will it still be redundant if link between SW3 and SW4 is removed? If redundancy is working, SW3 should be able to find its way to SW4 via SW7 or SW2, yes?
Recently, the eigrp was configured to SW 2 and SW 3 as well, it included the “redistribute static” statement. The route for SW2 and SW3 now has the VLANs, 51 or so. Sent ping from a PC to VLAN1 IP of SW3, then link between SW3 and SW4 was disconnected, network connectivity went down for about 20secs, and ping came right back. Thought it was a success. All of a sudden, outside connectivity was lost. Ping within the LAN was successful, but no internet connection.
The eigrp on SW2 and SW3 was removed, and the internet connection came back up. The initial concern was that although there is physical redundancy in place, the other routes may not be known. Hence, eigrp configuration has been attempted for SW2 and SW3. Perhaps the “redistribute static” should have never been configured on SW2 and SW3, SW7 does not have the “redistribute static” statement anyway.
Without eigrp running on SW2 and SW3, does it still have redundancy? For what it’s worth, SW4 and SW7 are both VTP servers. With the current configs, does it still have redundancy? Link redundancy was never tested; it always has been assumed that it works. Later today, with it’s current config, the link redundancy will be tested.
I plan to build improved redundancy in to my LAN by stacking two 3750s and teaming pairs of NICs on my Dell PowerEdge servers, with each cable of the pair going to a different switch.In my mind this provides redundancy for the NICs and the switches. Does this configuration will work, and also what type of teaming is supported, as I was planning to have one NIC active and one standby, but can I run this configuration with both NICs in the team as active with load balancing?
I am still working on the design of my big project and always that you think that every thing is solve, appears a details.We need to deploy a fiber links to some buildings that will have access switches connected to the Core. I have been reading about ethernet ring topologies and quite differents to the hierarchical model because of the using of Ressilent Ethernet Protocol instead of STP or RSTP.My question is which of the next to scheme will be the best?
1.- Deployment an ethernet fiber ring topology with REP? Consider that the edge Switch of this ring will be my Core and this one is connected to my distribution switches in a hierarchical topology. In this situation, Acces Switch 1-A is connected to Acces switch 1-B, Access Switch 1-B to 1-C and Switch 1-C to the Core. Feel fre to recomend me wich switches and considerations are the best. We conssider 1 Catalyst 6506 Chasis for the Core and catalyst c2960s-48-TDL for acces, maybe the 3750x series. Each Acces node in the ring topology will have a maximun of 50 end devices.
2.- Deployment a Fiber ring but not connecting each switch with the next. In this case we want to ensure redundancy to the core wih equal costs path, but because of the ring each switch won´t have equal length link to the core. In this situation, Acces Switch 1-A is not connected to Acces Switch 1-B is connected directly to the core but the fiber cable will take the route to Access Switch 1-B, to Acces Switch 1-C and finnally to The Core Switch. This apply to the other to Switches. Note now that Acces Switch 1-A will have a 281 Ft link to the core and a second 1612Ft. link to the core. Here comes the question this differents lenght will negative affect RPVSTP ? or It doesn´t matter? Can i setup an etherchannel/load balance in this situation?
My network consist of that network device. cisco catalyst 3750 with stackwise, 2xnexsus 5000 series and servers.servers connected to nexsus switch. nexsus connect to 3750.
Each server have two link, one of them connect nexsus1 and other connect to nexsus2 switch.(same traffic) each nexsus have one link to 3750. At 3750 the nexsus link configurate etherchannel. but the flapping occur at 3750.
i understand that at 2 nexsus link have the same server source mac address so the flapping occur at 3750. how i solve this problem?
So I have 2 routers (cisco 3640) that each go to their own ISP and then back to the same switch. I have setup ospf and glbp, and now have pretty good redundancy. If either internet connection or routers go down everything is still golden.
So I was thinking that if an interface went down then the router would not be load balanced with glbp which got me thinking whats the best way to get interface redundancy (and I was going to add a 2nd switch with the second interface).
1) Setup BVI on the 2 interfaces. 2) Setup a 2nd interfaces (on each router), I would have to split the subnet, for instance: [code]then the machines could be on the subnet 192.168.0. 0/23 and setup glbp for 1 ip across all 4 interfaces (I'm not even sure if you can do this but think it would work). 3) Is there a way to utilize etherchannel or anything like this
A negative to option 2 would be that if 1 of the interfaces went down, all the sudden 2/3 (or so) of your traffic would be going through 1 router.
I'm using Packet Tracer for testing since I don't have the actual equipment. I have configured etherchannel between two 2960 Switches. I have used the trunk ports FE 0/23 and FE 0/24 on both switches to create the etherchanel. I have connected one PC with each switch. The PCs are in the same VLAN and can ping each other. Howver, when I take down one of the links in the etherchannel, the other link does not take over and I get 100% packet loss. I don't know what seems to be the problem. I'm quoting the configurations below:
Switch0: Switch#sh running-config Building configuration... Current configuration : 1179 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec
I have the following: 1 5520 ASA connected to the internet, 2 core switches, and several access switches.Aside from implementing RSTP, VRRP, hard code access and trunk ports, is there any other recommendation you would like to add.
We have Nexus 7K recently installed few months back with 2 Sup (Slot 5 & Slot 6).Recently recevied mesaanges in monitoring servervia SNMP:Alarm : active unit removal caused an auto SWACT However, when checked there are no recent logs which may be linked to this alarm. The show redundancy command output shows that Sup in slot 5 is active which in slot 6 is Hot Standby.
I'm building a new colo presence with a full class C of public IP's. The idea is to connect to our ISP with a 3750x switchstack and they will be providing two ethernet drops that conect directly into two seperate switches on their side with HSRP and BGP at the routing level, so we will just point to their virtual IP (gateway address).I'm not sure how to either segment the public ip block or statically route each ip address and the interaction of vlans/svi with HSRP groups. Just use the switch at layer 2 or handle the internal routing with eigrp or ospf at layer3?
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1 ----------------------------------- | 4500 | ----------------------------------- interface Vlan1 ip address 10.10.0.2 255.255.0.0 ip helper-address 10.10.0.1 standby 1 ip 10.10.0.1
i have new project in hospital with the bellow product :
20 X WS-C2960-24TC-S
2 X WS-C3750X-48T-S
2 X WS-C2960S-24TS-S
i need to configure this switch in order to work first the 2 core switch for redundancy then each catalyst switch 2960 connected to the core with 2 uplink each uplink for each core switch that way i have rendundancy in the connection then i need one vlan ?i need to configure this switch to work perfectly with each other in best redundancy mode?