• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3873
  • Last Modified:

Cisco Catalyst 3550 VLAN's

I have a Cisco 3550 switch - connected to 1 WAN link on 1 port, another WAN link on another port, and my servers and workstations on the other ports - I want to create 3 VLAN's in total - 1 for each WAN link, and 1 for the LAN.  Then I want the switch to have 2 default gateways - each WAN link set in priority in case one goes down the other will be used.  Can someone tell me how to do this or point me in the right direction?  I am much more familiar with routers than switches but I have some experience.  I am not familiar with the concept of trunking...and not sure if it will even play in here.  Sorry if this is vague.
0
mrsmileyns
Asked:
mrsmileyns
  • 10
  • 7
1 Solution
 
JFrederick29Commented:
If your WAN links are directly connected to the switch, you can assign an IP address directly to the interface they are connected to using the "no switchport" interface configuration command.  You can then use the "ip address <address> <mask>" command to assign it the appropriate IP address.  I would do this instead of creating VLAN's for each WAN link.  Once you use the "no switchport" command, the interfaces are treated as routed interfaces.  You can keep all the PC's in the one and only VLAN on the switch.  Trunking is not necessary unless you are connecting VLAN's using multiple switches.

To set two default gateways on the switch, use the following commands:

ip route 0.0.0.0 0.0.0.0 <next hop router address>      <---preferred route using default administrative distance.
ip route 0.0.0.0 0.0.0.0 <next hop router address> 10  <---set the administrative distance higher on the backup link.
0
 
mrsmileynsAuthor Commented:
Well - I am not sure if I meet the criteria of directly connected on the WAN links - 1 link is connected to a 2600 on the e0 - which is then connected via point to point t1 to the main office - where the main internet connectivity comes through

the other secondary WAN link is connected to the internal side of a Watchguard firebox firewall - which is then VPN'd to the main office - this is the backup connectivity

Does your solution still apply under these conditions?
0
 
PennGwynCommented:
Yes, still works.

The suggested static routes will send all traffic over the primary link, as long as it's up, and fail all traffic over to the secondary link whenever the primary is down.  If you want to actually balance the load, or host servers, you'll need to get a bit more complicated....

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
mrsmileynsAuthor Commented:
nope - no load balance - just a failover

but lets say this...i will try to explain the thought i have in my head - lets say...my primary link is to the cisco 2600 which is then connected to the home office - now let's say, the point to point t1 back to the home office goes down - but the internal side...which will be the primary defualt gateway of the switch is really not down...it is only down on the WAN side - will the switch get the picture, and start sending packets to the secondary gateway?  does my question make sense?
0
 
JFrederick29Commented:
Well now that complicates things.

The switch will never know that the WAN link is down beyond the 2600 and will continue to send to the 2600 router even though the link is down.

Is the 3550 the EMI version?  Can you run a routing protocol with the 2600 and Watchguard instead of using static routes?  The switch would reroute appropriately over the backup link.  If you had another Cisco router versus the Watchguard, you could run HSRP and have default gateway redundancy.
0
 
mrsmileynsAuthor Commented:
I see...on the back the switch says SMI as part of the model # or S/N - I assume that means it is not the EMI version?

The network currently does have EIGRP set up, but I am not sure if that will work with the Watchguard - I will have to find out.
0
 
JFrederick29Commented:
It won't with the Watchguard.  EIGRP is Cisco proprietary.

Unfortunately, the SMI version does not support EIGRP.
0
 
mrsmileynsAuthor Commented:
ah - just as I typed it I remembered EIGRP is cisco prop - hmm - just so you know, this wasn't my idea - it was half in place when I got here  :)  I think my boss may need to rethink this backup solution - I am not sure it is going to work this way with the current hardware - unless of course...during an outage...if I were on site, I suppose if the WAN link went down on the 2600, then I could unplug the LAN side of the 2600 - that would force the switch to see its gateway down, and send the packets to the backup gateway...the watchguard....I know that is an ugly undesirable answer, but for my own edification, do you think it would work?
0
 
JFrederick29Commented:
Yes, that would work, if you shutdown the ethernet interface on the 2600 or pulled the cable, the switch interface would go down and the route would be removed from the switch's routing table.  The switch would then use the Watchguard route.
0
 
mrsmileynsAuthor Commented:
OK - last question and then I will leave you alone :)  if the preferred route to the e0 of the 2600 is set as a static route - and then that destination suddenly becomes unavailable to the switch - shutdown or cable pulled...the switch will stop using that route or it wil be removed...even though it is set as a static route? and then it will use the route with the next highest priority to the watchguard?
0
 
JFrederick29Commented:
Yes, although it is a static route, it will still be removed from the routing table if the interface is down and the Watchguard route will be used.
0
 
mrsmileynsAuthor Commented:
OK - I think all that answers my questions for now - I think I have a way to make it work ugly, and a way to make it work right, but it will cost some money - that part is not my call - thanks for the help here.
0
 
mrsmileynsAuthor Commented:
one last thing - tell me if you think this can work - on my 2600 - I have 2 WIC's that are plugged into the 2 multilinked T1's going back to the home office - that is the primary gateway

I have 1 ethernet interface - 192.168.10.1 e0 - that is the primary gateway for my PC's on the LAN - and the 2600 uses the multilink IP as its gateway

now...I have an e1 that was unused - I just thought - what if I give that the IP of 192.168.11.1 and plug it into the internal side of the Watchguard and give that an IP of 192.168.11.2 and set a secondary route in my 2600 to 192.168.11.2 - in the event for primary gateway failure which is the WAN multilink IP, do you think it would defualt to the Watchguard connectivity?  I am going to try, but what do you think?
0
 
JFrederick29Commented:
Sounds like a plan to me!  Yes, that would work great...
0
 
mrsmileynsAuthor Commented:
will take me a day or 2 to get the downtime to try...I will let you know...thanks for the help - I am excited to get this solved  :)
0
 
JFrederick29Commented:
Remember though, the interface to the Watchguard will remain up if the watchguard is still on and working but the line beyond it is down.  Since it is the backup line, it isn't that huge of a deal.

Also, the backup routes will also need to be configured on the routers at the other end of the connections.
0
 
mrsmileynsAuthor Commented:
gotcha - thanks
0
 
mrsmileynsAuthor Commented:
I think I need another Cisco router between my existing 2600 and the Watchguard - that would let me use HSRP or EIGRP or both when the WAN on the primary 2600 went down.  Then packets can start routing to the secondary Cisco 2600 which can use the internal side of the Watchguard as its gateway of last resort.  I'd like to ditch the Watchguard and set up a Cisco VPN back to the home office - but I can't do that.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 10
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now