Solved

How to configure Cisco Switch ports with redundant link failover

Posted on 2009-05-07
33
10,213 Views
Last Modified: 2012-05-11
Hi There,
Here the scenario: Two Radio links between two sites - one Bridgewave microwave and the other Orthagon standard spread specrtrum.  
The Microwave is a Gig link and the Orthagon is 18mg link.  
The bridgewave needs to be used as a Primary link
The Orthagon needs to be used as backup link.  
The bridgewave uses fibre to interface with the switch
The orthagon uses cat5 to connect to switch.  

I need to configure the Cisco switches at either end if the radio links to auto failover onto the orthagon should the Bridgewave microwave link go down.  
If the Bridgewave Microwave link fails the fibre to the switch is still active.  It behaves just like another switch.  So according to the cisco switch there is still a link between the fibre interface and the Bridgewave.  

I need the switches to recognise when the radio has gone down and auto fail onto the Orthagon rf link.  

Can this be done with the Cisco switches and how?




0
Comment
Question by:Iain123
  • 16
  • 14
  • 3
33 Comments
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
dont know if a 2960 switch has this in its ios

but go in to config t

then try to type

ip sla ?

see if it gives you any options..

ip sla allows you to direct a ping (or other types of packets) to a far end station and monitor the responce.

if you have IP sla on the switch then you can tell it to send a ping across the bridgeway route. if this fails you can then tell the switch to shut down the port to it.

then as long as you have redundency set up to detect it the fibre link goes down, failover as you want.
0
 

Author Comment

by:Iain123
Comment Utility
ip sla ? is unrecognised command.  
IOS Ver: 12.2(35) se5

Thanks

0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
i know the enterprise version of 12.2(50)sg has this feature.

other than this it is ahrd to help.

you could with cleaver routing tables maybe do a simmler things. ie if you update routing protocals over the bridgeway link. Then have a short time out on these routes. only alow routing updates over this link. if it fails the route will drop out of the routing tables and if you have a back up route in place it will take over.

0
 

Author Comment

by:Iain123
Comment Utility
The routing option would be out of the question.  Our routers only currently have two interfaces each.  We would need an additional interface for the routers.

We have Cisco 2800 gig routers at both ends.  

Thought about LACP.  But I am not sure how to configure it using LACP.

0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
you could still use routing option, as long as teh router can see both routes out of the network. you can use sub interfaces so that an ip sla track suhts down the sub interface to the bridgeway link and monitor on the subinterface rather than the physical one.

Wuld you be able to draw a simple digram of what you have, I want to make sure I am picturing this correctly.

0
 

Author Comment

by:Iain123
Comment Utility
See file attached:
SKMBT-C45109050716420.pdf
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
here is how i would want to set that up.

now i would suggests you use a routing protocal such as eigrp, to update the route for the 172.26.x.x and 192.268.x.x routes on both routers.

set the 10.0.1.0 route to have a higher matrix (wont be used)

now if you insure route updates only travle across the bridgeway link. and have static entries for the back up link with a higher matrix (wont be used )

then if the main link fails, the routes will drop out of the routing tables. the static ljnks will come in to effect and the back up link will be used. when the link comes back up the routes will repopulate  and becing to work again..

you need to look in to setting up sun ineterfaces (requires VLANS)
eigrp or simmler routing protocal,
and how to stop route updates being sent out of chosen ports.

However this is not the only way to get this working, nither is it the prettest. however with out getting hold of your routers, and checking exactly what services they have, i can't easly suggest other methods.

I do know that 12.2(50) (enterprise version for switchs) does have the ip SLA feature. this is a nice feature as you can simple tell the router to send a ping every few seconds across the links and if they fail to reduce the priority of that link.

Of coures you could also have the local traffic using one port on the router, and the two links using another physical port split in to 2 sub interfaces (to get in to / create the sub interface simple type #int f0/1.1) this would incress the bandwith avalible if needed.
expert.png
0
 

Author Comment

by:Iain123
Comment Utility
The devices in between the switches are not routers,  They are RF bridge/switch devices that have an IP address on a 10.x.x.x network. If I separated the RF bridges to be on seperate sunbnets I would need another interface on the routers would,nt I?  The only routers I have are the Cisco 2800 IOS12.4 with 2 gig ports at each end of the link.  

0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
nope as I said you can use sub interfaces

all you do is make 3 seperate vlans each side of the links.

and trunk each one to the ports on the routes

If you look at the digram above you can see the router is handeling all the different subnets on one physical interface.

look up router on a stick to find out how to set this up.



0
 

Author Comment

by:Iain123
Comment Utility
Our Routers are Capable of EIGRP.  

The question is how to configure?
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
ok how much do you know ?

can you set up eigrp basics?

vlans ?
0
 

Author Comment

by:Iain123
Comment Utility
I know how to setup Vlans on the switches.  But not the routers.  I am using an SDM to interface into the router.  I can setup routes on the routers and configure interfaces.  

The only issue I have is I do not have spare Cisco routers to test this.  I have a lab setup with two Linux routers two 2960G cisco switches and hubs to simulate the rf bridges.  In the live environment the swich at the Orkie end is a 3560G switch that has routing capabilities built in with the same IOS as the 2960G.

 
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
Well you could download packet tracer 5 made by cisco.


I have my own copy but its easy to find copies on line.

this you can emulate this set up in and do the testing

0
 

Author Comment

by:Iain123
Comment Utility
Why would I need a packet sniffer/tracer?  I only want to test this scenario in lab environment.  

My linux routers are PC's running Centos with two interfaces and routes setup with a firewall to enforce packet flow between subnets.    I dought I could use IEGRP on linux box?

0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
ok let me get this stright

in the real world set up

each side has one 2800 series router with 2 gig ports
each these routers are connected to a 2960 Layer 3 capable switch?

the bridges are directly connected to these switchs ?

see below?

if this is the physical set up I will look in to the config to do what you need. However I only use command line so I can print out the configs of the routers and switchs, but I dont know how to use SDM to get the same result. (mind you with the configs its a copy and past to get it on to your routers)

is-this-it.jpg
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
packet tracer is not a sniffer ;)

its a switch/router emulator from cisco. the digram above is created in pacet trace. I have only created the physical network at the moment, thats why some of the ports are red (down)

its called packet tracer, becasue when you run the simulation you can watch a packet traveling across the network and see where problems are, then look at what is happening at each layer of the OSI and work out what the routing issues are. or the actul route a packet takes.


Its be no means the most power full emulator around, but it is very quick to pick up and easy to use.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Iain123
Comment Utility
Yes that is exactly the physical layout.  

0
 

Author Comment

by:Iain123
Comment Utility
Ah I see,  I have CCNA Network visualiser 6.   But I have not used extensivly enough to test this scenario.  I can only seem to get routers with serial interfaces instead of FE.  
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
below is the basic idea of how this is set up.

this sets up eigrp between the routers, the routers up date each other only across the 10.0.0.0 link (primary link)

and this gives them a routing entry for traffic between the 172.16.5.0 and 192.168.5.0 networks using this link.

if this link fails the route will drop out of the routing tables and the static route should take over. (eigrp packet are never sent over the secondry link)

Out of intrested though. could you not use spannign tree to get the same result. if both the primary links and the secondry link are in teh same spanning tree. then one would be blocked to prevent loops! if the other failed the back up link would come up.

If the RF bridge/switch  devices are running at layer 2, then vlans and spanning tree would be a simpler way to get the same result.


Router A
 

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.1

 encapsulation dot1Q 2

 ip address 10.0.0.254 255.255.255.0

!

interface FastEthernet0/0.2

 encapsulation dot1Q 3

 ip address 10.0.1.254 255.255.255.0

!

interface FastEthernet0/1

 ip address 172.16.5.254 255.255.255.0

 duplex auto

 speed auto

!

interface Vlan1

 no ip address

 shutdown

!

router eigrp 1

 passive-interface FastEthernet0/1

 network 172.16.5.0 0.0.0.255

 network 10.0.0.0 0.0.0.255

 no auto-summary

!

router rip

!

ip classless

ip route 192.168.5.0 255.255.255.0 10.0.1.253 255
 

router B
 

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.1

 encapsulation dot1Q 2

 ip address 10.0.0.253 255.255.255.0

!

interface FastEthernet0/0.2

 encapsulation dot1Q 3

 ip address 10.0.1.253 255.255.255.0

!

interface FastEthernet0/1

 ip address 192.168.5.253 255.255.255.0

 duplex auto

 speed auto

!

interface Vlan1

 no ip address

 shutdown

!

router eigrp 1

 passive-interface FastEthernet0/1

 network 192.168.5.0

 network 10.0.0.0 0.0.0.255

 no auto-summary

!

ip classless

ip route 172.16.5.0 255.255.255.0 10.0.1.254 255

Open in new window

0
 

Author Comment

by:Iain123
Comment Utility
Spanning tree works but it's a manual failover.  If the Prmary link fails you kinda have to do some unplugging and then plugging of the cat5 cables to get the backup link to failover.  plus it takes nearly 50 seconds before the link is active.  

That is not sufficiant.  It needs to at the very most 1 packet drop or none at best.
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
you do have rapid per vlan spanning tree which takes 1 to 2 seconds. and you should not have to do any re-patching.



0
 

Author Comment

by:Iain123
Comment Utility
I am not keen on Rapid spanning tree.  From what I have heard there should be a way by using LACP.
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
yer you could set up an eather channel across the links

to do this just add

interface Port-channel1
 description ### to other side ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/5
 description ### Ether Channel port ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode desirable
!
interface GigabitEthernet1/0/6
 description ### Ether Channel port ###
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode desirable


ithis is some of my code to set up a link between core switchs on ports 6 and 5.

the imporant command is the
channel-group 1 mode desirable.

you would set this up on the switchs. as long as it is all layer two between the two switchs then this would work

not sure if the 2960 switchs have this feature?
0
 
LVL 10

Expert Comment

by:lanboyo
Comment Utility
If you are limited to L2 then rapid spanning tree is a good bet. Sut the lower speed link with a much lower port cost, and it will be utilized only if the main link drops.

You can test lacp, but this requires your wireles bridges to pass and not participate in your trunking protocols. As it freqently polls the links, and allows you to use both connections at once when they are both good, then this is an advantage as well.

Finally, your spanning tree solutions will be greatly added with unidirectional link detection, keepalives and perhaps fast failover.
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
rapid spanning tree is still 1 or 2 seconds to recoverge after a failer.

Pagp or Lacp if you can get them to work would both give you the feature you want. both very easy to set up and will give sub second fail over.
0
 
LVL 10

Expert Comment

by:lanboyo
Comment Utility
Although setting them up as an ether channel or using lacp will cause cause management issues with the wireless bridges.

As traffic will be load shared over the two links the management to devices on a particular link will be either intermittent or non-existent.

I would recommend using DevilWAH's solution. Make the links Layer 3 connections, each in their own vlans on the switches, and the router connections are essentially trunks.

DevilWAH showed this, but he didn't emphasize... Cisco routers in the 2600 and 2800 series and above support making the encapsulation 802.1q or isl and building sub-interfaces on various vlans. So hard set the links from the switches to fa0/0 as 802.1q trunks, and permit vlans 2 and 3 on the trunks. Then put the links to the appropriate wireless bridges in the correct vlan.

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 2
 ip address 10.0.0.254 255.255.255.0
!
interface FastEthernet0/0.2
 encapsulation dot1Q 3
 ip address 10.0.1.254 255.255.255.0


So the wireless switches could be managed on 10.0.0.0/24 amd 10.0.1.0/24.

I further recommend just adding both interfaces to eigrp and using Unequal-Cost Load Sharing, because otherwise when both links are down you have no log notifications on the second link being down.

You forcibly set the metric to preferably select the faster link with the bandwidth command...

bandwidth 1000000
on the subinterface to the microwave,

and

bandwidth 18000
on the subinterface to the lightwave.

These statements are only used for routing protocol calculations, and could just as easily be 1000 and 18.

If you really want the second link to be backup, use devilwahs config exactly, but set the static route metric as 254. Ive had some issues with 255 :-) .

Or put the command

traffic-share min

in the eigrp network section so that eigrp will be aware of the dual link but will only use the primary. Keep the bandwidth statements.


By default the load sharing will be per flow, but adding "ip load-sharing per-packet" to the subinterfaces facing the wireless bridges you can force the network to load share the traffic on a packet by packet basis.





0
 

Author Comment

by:Iain123
Comment Utility
Would this be all configured on the switches or is there any config for the routers?  The reason I ask is because I am testing the scenarios with Linux routers instead of Cisco routers.  


If all can be configured using the switches then no problem.  
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
if you configured etherchannels (lacp) then you could do it all on the switchs, although as mentioned this may affect your managment of the bridges.
I have only set up this on direct swith to switch links, with out bridges inbetween. It should still work fine however.

however if you go for the layer 3 routed aproach it is set up on both the switchs and the router. this solution gives you much more control over the flow of data across the links.

0
 
LVL 10

Expert Comment

by:lanboyo
Comment Utility
Goodness. Linux supports 802.1q but ospf load sharing is an interesting and possibly difficult task for LFR or Zebra. You can set up OSPF for the main link and a static route much like DevilWahs suggestion. I would not suggest ethernet keepalives on vlan interfaces, but if you have a spare interface you can seperate the networks, use static routes with different metrics and let ethernet keepalive disable your ethernet links on the linux router.

You can make the l2 connectivity redundant using etherchannel, or LACP. You can manage the Lightwaves through an out of band port, but the brightwaves would not be reachable unless you deliberately disabled the microwave link. You will need to convince the link sharing protocols to use the 1000 / 18 ratio of link share, or an active passive setup.

Spanning tree is looking better all the time, really.

0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
I agree wit hte rest, for simplicity spannign tree is deffently the way to go. However it is slower to failover than some of the other methods. Although if configured correctly you will get subsecond proformance. And this should be invisible 99% of users.

Do you ahve real time critical data applications that require better than this? if so you want to set up loadbalanced routes which will insure failovers with in milliseconds and no intruptions to flows.

I think you are going to struggle testing this unless, you either invest in some cisco routers to test with, or get hold of a good simulator to set it all up with. A linux router is jsut not goin to give you the same features as cisco ios.
0
 

Author Comment

by:Iain123
Comment Utility
yes,  I think I am a bit stuck then unless you have any good simulators you can recommend.  It needs to have the swiches I use and the routers.  Preferably the IOS version too.
0
 
LVL 16

Expert Comment

by:Aaron Street
Comment Utility
the only one i know of is GNS3

it only has routers really, (although you can emulate a switch by fitting a 16 port fastethernet module to the router)

you also need to get hold of the ios (copy them of you router)

and you will have a exact replica of your network.

its a bit fiddle to get going with, however its good enough that its worth sticking with it, and possbile setting up a pc or 2 dedicated to runnning it.
0
 

Accepted Solution

by:
Iain123 earned 0 total points
Comment Utility
Solution found:  

We are using EIGRP.  We purchaced extra HWIC cards for the routers and installed them.  plugged the backup wireless link into the new HWIC cards and configured the routers using EIGRP:

!Bal end

router eigrp 100

network 10.0.0.0 0.0.0.255

network 10.1.0.0 0.0.0.255

network 172.16.0.0 0.0.15.255

no auto-summary
 

!Orkie end

router eigrp 100

network 10.0.0.0 0.0.0.255

network 10.1.0.0 0.0.0.255

network 192.0.0.0 0.255.255.255

no auto-summary

Open in new window

wireless-EIGRP-solution--Ally-.jpg
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Transparency shows that a company is the kind of business that it wants people to think it is.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now