[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to configure Cisco Switch ports with redundant link failover

Posted on 2009-05-07
33
Medium Priority
?
11,496 Views
Last Modified: 2012-05-11
Hi There,
Here the scenario: Two Radio links between two sites - one Bridgewave microwave and the other Orthagon standard spread specrtrum.  
The Microwave is a Gig link and the Orthagon is 18mg link.  
The bridgewave needs to be used as a Primary link
The Orthagon needs to be used as backup link.  
The bridgewave uses fibre to interface with the switch
The orthagon uses cat5 to connect to switch.  

I need to configure the Cisco switches at either end if the radio links to auto failover onto the orthagon should the Bridgewave microwave link go down.  
If the Bridgewave Microwave link fails the fibre to the switch is still active.  It behaves just like another switch.  So according to the cisco switch there is still a link between the fibre interface and the Bridgewave.  

I need the switches to recognise when the radio has gone down and auto fail onto the Orthagon rf link.  

Can this be done with the Cisco switches and how?




0
Comment
Question by:Iain123
  • 16
  • 14
  • 3
33 Comments
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24324936
dont know if a 2960 switch has this in its ios

but go in to config t

then try to type

ip sla ?

see if it gives you any options..

ip sla allows you to direct a ping (or other types of packets) to a far end station and monitor the responce.

if you have IP sla on the switch then you can tell it to send a ping across the bridgeway route. if this fails you can then tell the switch to shut down the port to it.

then as long as you have redundency set up to detect it the fibre link goes down, failover as you want.
0
 

Author Comment

by:Iain123
ID: 24325002
ip sla ? is unrecognised command.  
IOS Ver: 12.2(35) se5

Thanks

0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24325209
i know the enterprise version of 12.2(50)sg has this feature.

other than this it is ahrd to help.

you could with cleaver routing tables maybe do a simmler things. ie if you update routing protocals over the bridgeway link. Then have a short time out on these routes. only alow routing updates over this link. if it fails the route will drop out of the routing tables and if you have a back up route in place it will take over.

0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:Iain123
ID: 24325742
The routing option would be out of the question.  Our routers only currently have two interfaces each.  We would need an additional interface for the routers.

We have Cisco 2800 gig routers at both ends.  

Thought about LACP.  But I am not sure how to configure it using LACP.

0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24326686
you could still use routing option, as long as teh router can see both routes out of the network. you can use sub interfaces so that an ip sla track suhts down the sub interface to the bridgeway link and monitor on the subinterface rather than the physical one.

Wuld you be able to draw a simple digram of what you have, I want to make sure I am picturing this correctly.

0
 

Author Comment

by:Iain123
ID: 24327213
See file attached:
SKMBT-C45109050716420.pdf
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24329209
here is how i would want to set that up.

now i would suggests you use a routing protocal such as eigrp, to update the route for the 172.26.x.x and 192.268.x.x routes on both routers.

set the 10.0.1.0 route to have a higher matrix (wont be used)

now if you insure route updates only travle across the bridgeway link. and have static entries for the back up link with a higher matrix (wont be used )

then if the main link fails, the routes will drop out of the routing tables. the static ljnks will come in to effect and the back up link will be used. when the link comes back up the routes will repopulate  and becing to work again..

you need to look in to setting up sun ineterfaces (requires VLANS)
eigrp or simmler routing protocal,
and how to stop route updates being sent out of chosen ports.

However this is not the only way to get this working, nither is it the prettest. however with out getting hold of your routers, and checking exactly what services they have, i can't easly suggest other methods.

I do know that 12.2(50) (enterprise version for switchs) does have the ip SLA feature. this is a nice feature as you can simple tell the router to send a ping every few seconds across the links and if they fail to reduce the priority of that link.

Of coures you could also have the local traffic using one port on the router, and the two links using another physical port split in to 2 sub interfaces (to get in to / create the sub interface simple type #int f0/1.1) this would incress the bandwith avalible if needed.
expert.png
0
 

Author Comment

by:Iain123
ID: 24333958
The devices in between the switches are not routers,  They are RF bridge/switch devices that have an IP address on a 10.x.x.x network. If I separated the RF bridges to be on seperate sunbnets I would need another interface on the routers would,nt I?  The only routers I have are the Cisco 2800 IOS12.4 with 2 gig ports at each end of the link.  

0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24334007
nope as I said you can use sub interfaces

all you do is make 3 seperate vlans each side of the links.

and trunk each one to the ports on the routes

If you look at the digram above you can see the router is handeling all the different subnets on one physical interface.

look up router on a stick to find out how to set this up.



0
 

Author Comment

by:Iain123
ID: 24334021
Our Routers are Capable of EIGRP.  

The question is how to configure?
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24334041
ok how much do you know ?

can you set up eigrp basics?

vlans ?
0
 

Author Comment

by:Iain123
ID: 24334081
I know how to setup Vlans on the switches.  But not the routers.  I am using an SDM to interface into the router.  I can setup routes on the routers and configure interfaces.  

The only issue I have is I do not have spare Cisco routers to test this.  I have a lab setup with two Linux routers two 2960G cisco switches and hubs to simulate the rf bridges.  In the live environment the swich at the Orkie end is a 3560G switch that has routing capabilities built in with the same IOS as the 2960G.

 
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24334100
Well you could download packet tracer 5 made by cisco.


I have my own copy but its easy to find copies on line.

this you can emulate this set up in and do the testing

0
 

Author Comment

by:Iain123
ID: 24334134
Why would I need a packet sniffer/tracer?  I only want to test this scenario in lab environment.  

My linux routers are PC's running Centos with two interfaces and routes setup with a firewall to enforce packet flow between subnets.    I dought I could use IEGRP on linux box?

0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24334164
ok let me get this stright

in the real world set up

each side has one 2800 series router with 2 gig ports
each these routers are connected to a 2960 Layer 3 capable switch?

the bridges are directly connected to these switchs ?

see below?

if this is the physical set up I will look in to the config to do what you need. However I only use command line so I can print out the configs of the routers and switchs, but I dont know how to use SDM to get the same result. (mind you with the configs its a copy and past to get it on to your routers)

is-this-it.jpg
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24334182
packet tracer is not a sniffer ;)

its a switch/router emulator from cisco. the digram above is created in pacet trace. I have only created the physical network at the moment, thats why some of the ports are red (down)

its called packet tracer, becasue when you run the simulation you can watch a packet traveling across the network and see where problems are, then look at what is happening at each layer of the OSI and work out what the routing issues are. or the actul route a packet takes.


Its be no means the most power full emulator around, but it is very quick to pick up and easy to use.
0
 

Author Comment

by:Iain123
ID: 24334571
Yes that is exactly the physical layout.  

0
 

Author Comment

by:Iain123
ID: 24334595
Ah I see,  I have CCNA Network visualiser 6.   But I have not used extensivly enough to test this scenario.  I can only seem to get routers with serial interfaces instead of FE.  
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24336483
below is the basic idea of how this is set up.

this sets up eigrp between the routers, the routers up date each other only across the 10.0.0.0 link (primary link)

and this gives them a routing entry for traffic between the 172.16.5.0 and 192.168.5.0 networks using this link.

if this link fails the route will drop out of the routing tables and the static route should take over. (eigrp packet are never sent over the secondry link)

Out of intrested though. could you not use spannign tree to get the same result. if both the primary links and the secondry link are in teh same spanning tree. then one would be blocked to prevent loops! if the other failed the back up link would come up.

If the RF bridge/switch  devices are running at layer 2, then vlans and spanning tree would be a simpler way to get the same result.


Router A
 
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.254 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.254 255.255.255.0
!
interface FastEthernet0/1
 ip address 172.16.5.254 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 1
 passive-interface FastEthernet0/1
 network 172.16.5.0 0.0.0.255
 network 10.0.0.0 0.0.0.255
 no auto-summary
!
router rip
!
ip classless
ip route 192.168.5.0 255.255.255.0 10.0.1.253 255
 
router B
 
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.253 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.253 255.255.255.0
!
interface FastEthernet0/1
 ip address 192.168.5.253 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 1
 passive-interface FastEthernet0/1
 network 192.168.5.0
 network 10.0.0.0 0.0.0.255
 no auto-summary
!
ip classless
ip route 172.16.5.0 255.255.255.0 10.0.1.254 255

Open in new window

0
 

Author Comment

by:Iain123
ID: 24336591
Spanning tree works but it's a manual failover.  If the Prmary link fails you kinda have to do some unplugging and then plugging of the cat5 cables to get the backup link to failover.  plus it takes nearly 50 seconds before the link is active.  

That is not sufficiant.  It needs to at the very most 1 packet drop or none at best.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24336679
you do have rapid per vlan spanning tree which takes 1 to 2 seconds. and you should not have to do any re-patching.



0
 

Author Comment

by:Iain123
ID: 24337247
I am not keen on Rapid spanning tree.  From what I have heard there should be a way by using LACP.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24337468
yer you could set up an eather channel across the links

to do this just add

interface Port-channel1
 description ### to other side ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/5
 description ### Ether Channel port ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode desirable
!
interface GigabitEthernet1/0/6
 description ### Ether Channel port ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode desirable


ithis is some of my code to set up a link between core switchs on ports 6 and 5.

the imporant command is the
channel-group 1 mode desirable.

you would set this up on the switchs. as long as it is all layer two between the two switchs then this would work

not sure if the 2960 switchs have this feature?
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24359685
If you are limited to L2 then rapid spanning tree is a good bet. Sut the lower speed link with a much lower port cost, and it will be utilized only if the main link drops.

You can test lacp, but this requires your wireles bridges to pass and not participate in your trunking protocols. As it freqently polls the links, and allows you to use both connections at once when they are both good, then this is an advantage as well.

Finally, your spanning tree solutions will be greatly added with unidirectional link detection, keepalives and perhaps fast failover.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24362086
rapid spanning tree is still 1 or 2 seconds to recoverge after a failer.

Pagp or Lacp if you can get them to work would both give you the feature you want. both very easy to set up and will give sub second fail over.
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24366732
Although setting them up as an ether channel or using lacp will cause cause management issues with the wireless bridges.

As traffic will be load shared over the two links the management to devices on a particular link will be either intermittent or non-existent.

I would recommend using DevilWAH's solution. Make the links Layer 3 connections, each in their own vlans on the switches, and the router connections are essentially trunks.

DevilWAH showed this, but he didn't emphasize... Cisco routers in the 2600 and 2800 series and above support making the encapsulation 802.1q or isl and building sub-interfaces on various vlans. So hard set the links from the switches to fa0/0 as 802.1q trunks, and permit vlans 2 and 3 on the trunks. Then put the links to the appropriate wireless bridges in the correct vlan.

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.254 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.254 255.255.255.0


So the wireless switches could be managed on 10.0.0.0/24 amd 10.0.1.0/24.

I further recommend just adding both interfaces to eigrp and using Unequal-Cost Load Sharing, because otherwise when both links are down you have no log notifications on the second link being down.

You forcibly set the metric to preferably select the faster link with the bandwidth command...

bandwidth 1000000
on the subinterface to the microwave,

and

bandwidth 18000
on the subinterface to the lightwave.

These statements are only used for routing protocol calculations, and could just as easily be 1000 and 18.

If you really want the second link to be backup, use devilwahs config exactly, but set the static route metric as 254. Ive had some issues with 255 :-) .

Or put the command

traffic-share min

in the eigrp network section so that eigrp will be aware of the dual link but will only use the primary. Keep the bandwidth statements.


By default the load sharing will be per flow, but adding "ip load-sharing per-packet" to the subinterfaces facing the wireless bridges you can force the network to load share the traffic on a packet by packet basis.





0
 

Author Comment

by:Iain123
ID: 24373449
Would this be all configured on the switches or is there any config for the routers?  The reason I ask is because I am testing the scenarios with Linux routers instead of Cisco routers.  


If all can be configured using the switches then no problem.  
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24373488
if you configured etherchannels (lacp) then you could do it all on the switchs, although as mentioned this may affect your managment of the bridges.
I have only set up this on direct swith to switch links, with out bridges inbetween. It should still work fine however.

however if you go for the layer 3 routed aproach it is set up on both the switchs and the router. this solution gives you much more control over the flow of data across the links.

0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24374448
Goodness. Linux supports 802.1q but ospf load sharing is an interesting and possibly difficult task for LFR or Zebra. You can set up OSPF for the main link and a static route much like DevilWahs suggestion. I would not suggest ethernet keepalives on vlan interfaces, but if you have a spare interface you can seperate the networks, use static routes with different metrics and let ethernet keepalive disable your ethernet links on the linux router.

You can make the l2 connectivity redundant using etherchannel, or LACP. You can manage the Lightwaves through an out of band port, but the brightwaves would not be reachable unless you deliberately disabled the microwave link. You will need to convince the link sharing protocols to use the 1000 / 18 ratio of link share, or an active passive setup.

Spanning tree is looking better all the time, really.

0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24375235
I agree wit hte rest, for simplicity spannign tree is deffently the way to go. However it is slower to failover than some of the other methods. Although if configured correctly you will get subsecond proformance. And this should be invisible 99% of users.

Do you ahve real time critical data applications that require better than this? if so you want to set up loadbalanced routes which will insure failovers with in milliseconds and no intruptions to flows.

I think you are going to struggle testing this unless, you either invest in some cisco routers to test with, or get hold of a good simulator to set it all up with. A linux router is jsut not goin to give you the same features as cisco ios.
0
 

Author Comment

by:Iain123
ID: 24375408
yes,  I think I am a bit stuck then unless you have any good simulators you can recommend.  It needs to have the swiches I use and the routers.  Preferably the IOS version too.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 24375962
the only one i know of is GNS3

it only has routers really, (although you can emulate a switch by fitting a 16 port fastethernet module to the router)

you also need to get hold of the ios (copy them of you router)

and you will have a exact replica of your network.

its a bit fiddle to get going with, however its good enough that its worth sticking with it, and possbile setting up a pc or 2 dedicated to runnning it.
0
 

Accepted Solution

by:
Iain123 earned 0 total points
ID: 24610184
Solution found:  

We are using EIGRP.  We purchaced extra HWIC cards for the routers and installed them.  plugged the backup wireless link into the new HWIC cards and configured the routers using EIGRP:

!Bal end
router eigrp 100
network 10.0.0.0 0.0.0.255
network 10.1.0.0 0.0.0.255
network 172.16.0.0 0.0.15.255
no auto-summary
 
!Orkie end
router eigrp 100
network 10.0.0.0 0.0.0.255
network 10.1.0.0 0.0.0.255
network 192.0.0.0 0.255.255.255
no auto-summary

Open in new window

wireless-EIGRP-solution--Ally-.jpg
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month19 days, 9 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question