How to configure Cisco Switch ports with redundant link failover

ip sla ? is unrecognised command.  
IOS Ver: 12.2(35) se5

Thanks

i know the enterprise version of 12.2(50)sg has this feature.

other than this it is ahrd to help.

you could with cleaver routing tables maybe do a simmler things. ie if you update routing protocals over the bridgeway link. Then have a short time out on these routes. only alow routing updates over this link. if it fails the route will drop out of the routing tables and if you have a back up route in place it will take over.

The routing option would be out of the question.  Our routers only currently have two interfaces each.  We would need an additional interface for the routers.

We have Cisco 2800 gig routers at both ends.  

Thought about LACP.  But I am not sure how to configure it using LACP.

you could still use routing option, as long as teh router can see both routes out of the network. you can use sub interfaces so that an ip sla track suhts down the sub interface to the bridgeway link and monitor on the subinterface rather than the physical one.

Wuld you be able to draw a simple digram of what you have, I want to make sure I am picturing this correctly.

See file attached:

here is how i would want to set that up.

now i would suggests you use a routing protocal such as eigrp, to update the route for the 172.26.x.x and 192.268.x.x routes on both routers.

set the 10.0.1.0 route to have a higher matrix (wont be used)

now if you insure route updates only travle across the bridgeway link. and have static entries for the back up link with a higher matrix (wont be used )

then if the main link fails, the routes will drop out of the routing tables. the static ljnks will come in to effect and the back up link will be used. when the link comes back up the routes will repopulate  and becing to work again..

you need to look in to setting up sun ineterfaces (requires VLANS)
eigrp or simmler routing protocal,
and how to stop route updates being sent out of chosen ports.

However this is not the only way to get this working, nither is it the prettest. however with out getting hold of your routers, and checking exactly what services they have, i can't easly suggest other methods.

I do know that 12.2(50) (enterprise version for switchs) does have the ip SLA feature. this is a nice feature as you can simple tell the router to send a ping every few seconds across the links and if they fail to reduce the priority of that link.

Of coures you could also have the local traffic using one port on the router, and the two links using another physical port split in to 2 sub interfaces (to get in to / create the sub interface simple type #int f0/1.1) this would incress the bandwith avalible if needed.

The devices in between the switches are not routers,  They are RF bridge/switch devices that have an IP address on a 10.x.x.x network. If I separated the RF bridges to be on seperate sunbnets I would need another interface on the routers would,nt I?  The only routers I have are the Cisco 2800 IOS12.4 with 2 gig ports at each end of the link.  

nope as I said you can use sub interfaces

all you do is make 3 seperate vlans each side of the links.

and trunk each one to the ports on the routes

If you look at the digram above you can see the router is handeling all the different subnets on one physical interface.

look up router on a stick to find out how to set this up.

Our Routers are Capable of EIGRP.  

The question is how to configure?

ok how much do you know ?

can you set up eigrp basics?

vlans ?

I know how to setup Vlans on the switches.  But not the routers.  I am using an SDM to interface into the router.  I can setup routes on the routers and configure interfaces.  

The only issue I have is I do not have spare Cisco routers to test this.  I have a lab setup with two Linux routers two 2960G cisco switches and hubs to simulate the rf bridges.  In the live environment the swich at the Orkie end is a 3560G switch that has routing capabilities built in with the same IOS as the 2960G.

 

Well you could download packet tracer 5 made by cisco.


I have my own copy but its easy to find copies on line.

this you can emulate this set up in and do the testing

Why would I need a packet sniffer/tracer?  I only want to test this scenario in lab environment.  

My linux routers are PC's running Centos with two interfaces and routes setup with a firewall to enforce packet flow between subnets.    I dought I could use IEGRP on linux box?

ok let me get this stright

in the real world set up

each side has one 2800 series router with 2 gig ports
each these routers are connected to a 2960 Layer 3 capable switch?

the bridges are directly connected to these switchs ?

see below?

if this is the physical set up I will look in to the config to do what you need. However I only use command line so I can print out the configs of the routers and switchs, but I dont know how to use SDM to get the same result. (mind you with the configs its a copy and past to get it on to your routers)

packet tracer is not a sniffer ;)

its a switch/router emulator from cisco. the digram above is created in pacet trace. I have only created the physical network at the moment, thats why some of the ports are red (down)

its called packet tracer, becasue when you run the simulation you can watch a packet traveling across the network and see where problems are, then look at what is happening at each layer of the OSI and work out what the routing issues are. or the actul route a packet takes.


Its be no means the most power full emulator around, but it is very quick to pick up and easy to use.

Yes that is exactly the physical layout.  

Ah I see,  I have CCNA Network visualiser 6.   But I have not used extensivly enough to test this scenario.  I can only seem to get routers with serial interfaces instead of FE.  

below is the basic idea of how this is set up.

this sets up eigrp between the routers, the routers up date each other only across the 10.0.0.0 link (primary link)

and this gives them a routing entry for traffic between the 172.16.5.0 and 192.168.5.0 networks using this link.

if this link fails the route will drop out of the routing tables and the static route should take over. (eigrp packet are never sent over the secondry link)

Out of intrested though. could you not use spannign tree to get the same result. if both the primary links and the secondry link are in teh same spanning tree. then one would be blocked to prevent loops! if the other failed the back up link would come up.

If the RF bridge/switch  devices are running at layer 2, then vlans and spanning tree would be a simpler way to get the same result.

Router A
 
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.254 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.254 255.255.255.0
!
interface FastEthernet0/1
 ip address 172.16.5.254 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 1
 passive-interface FastEthernet0/1
 network 172.16.5.0 0.0.0.255
 network 10.0.0.0 0.0.0.255
 no auto-summary
!
router rip
!
ip classless
ip route 192.168.5.0 255.255.255.0 10.0.1.253 255
 
router B
 
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.253 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.253 255.255.255.0
!
interface FastEthernet0/1
 ip address 192.168.5.253 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 1
 passive-interface FastEthernet0/1
 network 192.168.5.0
 network 10.0.0.0 0.0.0.255
 no auto-summary
!
ip classless
ip route 172.16.5.0 255.255.255.0 10.0.1.254 255

                                              

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:

Spanning tree works but it's a manual failover.  If the Prmary link fails you kinda have to do some unplugging and then plugging of the cat5 cables to get the backup link to failover.  plus it takes nearly 50 seconds before the link is active.  

That is not sufficiant.  It needs to at the very most 1 packet drop or none at best.

you do have rapid per vlan spanning tree which takes 1 to 2 seconds. and you should not have to do any re-patching.

I am not keen on Rapid spanning tree.  From what I have heard there should be a way by using LACP.

yer you could set up an eather channel across the links

to do this just add

interface Port-channel1
 description ### to other side ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/5
 description ### Ether Channel port ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode desirable
!
interface GigabitEthernet1/0/6
 description ### Ether Channel port ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode desirable


ithis is some of my code to set up a link between core switchs on ports 6 and 5.

the imporant command is the
channel-group 1 mode desirable.

you would set this up on the switchs. as long as it is all layer two between the two switchs then this would work

not sure if the 2960 switchs have this feature?

If you are limited to L2 then rapid spanning tree is a good bet. Sut the lower speed link with a much lower port cost, and it will be utilized only if the main link drops.

You can test lacp, but this requires your wireles bridges to pass and not participate in your trunking protocols. As it freqently polls the links, and allows you to use both connections at once when they are both good, then this is an advantage as well.

Finally, your spanning tree solutions will be greatly added with unidirectional link detection, keepalives and perhaps fast failover.

rapid spanning tree is still 1 or 2 seconds to recoverge after a failer.

Pagp or Lacp if you can get them to work would both give you the feature you want. both very easy to set up and will give sub second fail over.

Although setting them up as an ether channel or using lacp will cause cause management issues with the wireless bridges.

As traffic will be load shared over the two links the management to devices on a particular link will be either intermittent or non-existent.

I would recommend using DevilWAH's solution. Make the links Layer 3 connections, each in their own vlans on the switches, and the router connections are essentially trunks.

DevilWAH showed this, but he didn't emphasize... Cisco routers in the 2600 and 2800 series and above support making the encapsulation 802.1q or isl and building sub-interfaces on various vlans. So hard set the links from the switches to fa0/0 as 802.1q trunks, and permit vlans 2 and 3 on the trunks. Then put the links to the appropriate wireless bridges in the correct vlan.

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.254 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.254 255.255.255.0


So the wireless switches could be managed on 10.0.0.0/24 amd 10.0.1.0/24.

I further recommend just adding both interfaces to eigrp and using Unequal-Cost Load Sharing, because otherwise when both links are down you have no log notifications on the second link being down.

You forcibly set the metric to preferably select the faster link with the bandwidth command...

bandwidth 1000000
on the subinterface to the microwave,

and

bandwidth 18000
on the subinterface to the lightwave.

These statements are only used for routing protocol calculations, and could just as easily be 1000 and 18.

If you really want the second link to be backup, use devilwahs config exactly, but set the static route metric as 254. Ive had some issues with 255 :-) .

Or put the command

traffic-share min

in the eigrp network section so that eigrp will be aware of the dual link but will only use the primary. Keep the bandwidth statements.


By default the load sharing will be per flow, but adding "ip load-sharing per-packet" to the subinterfaces facing the wireless bridges you can force the network to load share the traffic on a packet by packet basis.

Would this be all configured on the switches or is there any config for the routers?  The reason I ask is because I am testing the scenarios with Linux routers instead of Cisco routers.  


If all can be configured using the switches then no problem.  

if you configured etherchannels (lacp) then you could do it all on the switchs, although as mentioned this may affect your managment of the bridges.
I have only set up this on direct swith to switch links, with out bridges inbetween. It should still work fine however.

however if you go for the layer 3 routed aproach it is set up on both the switchs and the router. this solution gives you much more control over the flow of data across the links.

Goodness. Linux supports 802.1q but ospf load sharing is an interesting and possibly difficult task for LFR or Zebra. You can set up OSPF for the main link and a static route much like DevilWahs suggestion. I would not suggest ethernet keepalives on vlan interfaces, but if you have a spare interface you can seperate the networks, use static routes with different metrics and let ethernet keepalive disable your ethernet links on the linux router.

You can make the l2 connectivity redundant using etherchannel, or LACP. You can manage the Lightwaves through an out of band port, but the brightwaves would not be reachable unless you deliberately disabled the microwave link. You will need to convince the link sharing protocols to use the 1000 / 18 ratio of link share, or an active passive setup.

Spanning tree is looking better all the time, really.

I agree wit hte rest, for simplicity spannign tree is deffently the way to go. However it is slower to failover than some of the other methods. Although if configured correctly you will get subsecond proformance. And this should be invisible 99% of users.

Do you ahve real time critical data applications that require better than this? if so you want to set up loadbalanced routes which will insure failovers with in milliseconds and no intruptions to flows.

I think you are going to struggle testing this unless, you either invest in some cisco routers to test with, or get hold of a good simulator to set it all up with. A linux router is jsut not goin to give you the same features as cisco ios.

yes,  I think I am a bit stuck then unless you have any good simulators you can recommend.  It needs to have the swiches I use and the routers.  Preferably the IOS version too.

the only one i know of is GNS3

it only has routers really, (although you can emulate a switch by fitting a 16 port fastethernet module to the router)

you also need to get hold of the ios (copy them of you router)

and you will have a exact replica of your network.

its a bit fiddle to get going with, however its good enough that its worth sticking with it, and possbile setting up a pc or 2 dedicated to runnning it.