Redundant switch second time

Discussion in 'Cisco' started by John Strow, Mar 1, 2008.

  1. John Strow

    John Strow Guest

    Hi,

    I'm having some difficulty to figure out how to achieve full redundancy on
    parts of my network. At this moment I have 2 routers 2821 in standby
    configuration (HSRP) and 2 PIX firewall in failover configuration with one
    switch between them. Client requires duplicate switches as well. Any idea
    how to achieve this? Any document out there?

    Firewall Failover

    | sw1 | <-----------> | sw1a | Internet
    ^ ^
    | |
    v v
    | fw1 | <---sync----> | fw1a | Firewall Failover
    ^ ^
    | |
    v v
    | sw2 | <----------> | sw2a | LAN
    ^ ^
    | |
    v v
    | RT1 | <----------> | RT1a | Router Standby (HSRP)

    Much Appreciated
     
    John Strow, Mar 1, 2008
    #1
    1. Advertising

  2. John Strow

    Merv Guest

    Merv, Mar 2, 2008
    #2
    1. Advertising

  3. John Strow

    Thrill5 Guest

    Which parts are you concerned with? From your description and diagram,
    everything looks redundant already.

    "John Strow" <> wrote in message
    news:...
    > Hi,
    >
    > I'm having some difficulty to figure out how to achieve full redundancy on
    > parts of my network. At this moment I have 2 routers 2821 in standby
    > configuration (HSRP) and 2 PIX firewall in failover configuration with one
    > switch between them. Client requires duplicate switches as well. Any idea
    > how to achieve this? Any document out there?
    >
    > Firewall Failover
    >
    > | sw1 | <-----------> | sw1a | Internet
    > ^ ^
    > | |
    > v v
    > | fw1 | <---sync----> | fw1a | Firewall Failover
    > ^ ^
    > | |
    > v v
    > | sw2 | <----------> | sw2a | LAN
    > ^ ^
    > | |
    > v v
    > | RT1 | <----------> | RT1a | Router Standby (HSRP)
    >
    > Much Appreciated
    >
    >
     
    Thrill5, Mar 2, 2008
    #3
  4. John Strow

    John Strow Guest

    That should be the goal, but how to achieve it?




    "Thrill5" <> wrote in message
    news:...
    > Which parts are you concerned with? From your description and diagram,
    > everything looks redundant already.
    >
    > "John Strow" <> wrote in message
    > news:...
    >> Hi,
    >>
    >> I'm having some difficulty to figure out how to achieve full redundancy
    >> on
    >> parts of my network. At this moment I have 2 routers 2821 in standby
    >> configuration (HSRP) and 2 PIX firewall in failover configuration with
    >> one
    >> switch between them. Client requires duplicate switches as well. Any idea
    >> how to achieve this? Any document out there?
    >>
    >> Firewall Failover
    >>
    >> | sw1 | <-----------> | sw1a | Internet
    >> ^ ^
    >> | |
    >> v v
    >> | fw1 | <---sync----> | fw1a | Firewall Failover
    >> ^ ^
    >> | |
    >> v v
    >> | sw2 | <----------> | sw2a | LAN
    >> ^ ^
    >> | |
    >> v v
    >> | RT1 | <----------> | RT1a | Router Standby (HSRP)
    >>
    >> Much Appreciated
    >>
    >>

    >
    >
     
    John Strow, Mar 2, 2008
    #4
  5. John Strow

    Merv Guest


    > That should be the goal, but how to achieve it?


    Meaning how to configure the setup ?
     
    Merv, Mar 3, 2008
    #5
  6. John Strow

    John Strow Guest

    Yes that's right

    "Merv" <> wrote in message
    news:...
    >
    >> That should be the goal, but how to achieve it?

    >
    > Meaning how to configure the setup ?
     
    John Strow, Mar 4, 2008
    #6
  7. John Strow

    Merv Guest

    1. HSRP facing inside LAN

    2. OSPF between routers and PIX inside interface

    3. PIX default route pointing to ISP
     
    Merv, Mar 4, 2008
    #7
  8. John Strow

    Merv Guest

    On Mar 4, 4:35 am, Merv <> wrote:
    > 1. HSRP facing inside LAN
    >
    > 2. OSPF between routers and PIX inside interface
    >
    > 3. PIX default route pointing to ISP


    4. PIX advertise default router to inside routers vis OSPF
     
    Merv, Mar 4, 2008
    #8
  9. Merv wrote:

    > On Mar 4, 4:35 am, Merv <> wrote:
    >> 1. HSRP facing inside LAN
    >>
    >> 2. OSPF between routers and PIX inside interface
    >>
    >> 3. PIX default route pointing to ISP

    >
    > 4. PIX advertise default router to inside routers vis OSPF


    This will work until the link to one of your ISPs goes down and the does not
    take the Ethernet I/F of PIX down with it. Then you have half your packets
    being shipped out into oblivion.

    If you really want to do this with no single point of failure, you also need
    a mechanism to detect that one of your ISPs is down. You'll also need a
    total of six switches, four routers and two firewalls, although you may
    choose to combine some of those functional blocks into multipurpose
    appliances, as long as your combos are vertical and not horizontal.

    good luck and have fun!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
     
    Vincent C Jones, Mar 4, 2008
    #9
  10. John Strow

    Merv Guest

    Merv, Mar 5, 2008
    #10
  11. John Strow

    John Strow Guest

    Thanks for your reply. I should have been more precise. Actually my job is
    to duplicate internal equipments including PIX but not part that conects to
    ISP. Anyway company has one ISP only



    | sw1 | Internet
    ^
    |
    v
    | fw1 | <---sync----> | fw1a | Firewall Failover
    ^ ^
    | |
    v v
    | sw2 | <----------> | sw2a | LAN
    ^ ^
    | |
    v v
    | RT1 | <----------> | RT1a | Router Standby (HSRP)

    Thanks


    "Merv" <> wrote in message
    news:...
    > see Cisco Doc "Data Center Networking: Internet Edge Design
    > Architectures"
    >
    >
    > http://cco.cisco.com/en/US/solutions/ns340/ns414/ns742/ns656/net_design_guidance09186a008014ee4e.pdf
    >
    >
    > take a look at page 3-41 of that document
    >
    >
     
    John Strow, Mar 5, 2008
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill F
    Replies:
    11
    Views:
    1,432
    Gert Doering
    Feb 14, 2004
  2. Stuart Kendrick

    redundant switches / redundant server NICs

    Stuart Kendrick, Aug 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,502
    Stuart Kendrick
    Aug 10, 2004
  3. slax
    Replies:
    1
    Views:
    568
    M.C. van den Bovenkamp
    Jan 20, 2005
  4. John Strow
    Replies:
    2
    Views:
    565
    John Strow
    Apr 19, 2007
  5. John Strow

    Redundant switch another try

    John Strow, Mar 7, 2008, in forum: Cisco
    Replies:
    1
    Views:
    467
    Thrill5
    Mar 7, 2008
Loading...

Share This Page