Dual WAN Links - Failover on Cisco 3750

I have a Cisco 3750 switch at each remote office, two total remote offices.
I have two WAN links, separate ISP's, from each remote office back to our HQ.
At the HQ, each ISP is handing off one Ethernet port for the "Point to Point" link.
Each WAN link is plugged into a Cisco 3750 at our HQ site. (2 separate switches though)

Right now I manually unplug/plug in a different ISP if there is a failure on one.  How can I plug in both of these WAN links at the same time for automatic fail-over?  I have tried using spanning tree, and it just creates a loop.  Is there a specific protocol I could use that would allow for this?
LVL 1
bschwartingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gfbarronCommented:
By the sounds of it, you are using a Cisco 3750 as a Layer 3 switch. Please confirm and if so, you can configure a second default gateway so that if one goes down, the second will be used.
0
gfbarronCommented:
Post your routing table/switch config pertaining to the routes.

Thank you
0
bschwartingAuthor Commented:
Right now it is all layer2.

ip default-gateway 10.200.1.1
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

surbabu140977Commented:
If you do not do L3, there is no way of doing automatic failover at your present scenario.

Best,
0
bschwartingAuthor Commented:
OK, if I change to layer 3 what is the best way to set it up?
0
surbabu140977Commented:
What is the ios image you are running at the HO 3750?

Best,
0
bschwartingAuthor Commented:
12.2(55) SE3
0
surbabu140977Commented:
OH!!, I meant image name (.bin file)........eigrp is not fully supported in base image....you need Ipservices or higher.....
0
bschwartingAuthor Commented:
BOOT path-list      : flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9
-mz.122-55.SE3.bin
0
bschwartingAuthor Commented:
Will that work?
0
surbabu140977Commented:
OK, we need to verify it's license. Can you please issue "show license" and paste the output? If it's ip services, we will have a solution in hand then.

Best,
0
bschwartingAuthor Commented:
HQ#show license
Index 1 Feature: ipservices
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Priority: Medium
        License Count: Non-Counted

Index 2 Feature: ipbase
        Period left: 0  minute  0  second
Index 3 Feature: lanbase
        Period left: 0  minute  0  second
0
surbabu140977Commented:
:) nice......

switch1 HO
int fa0/0
desc connected to isp1
no switchport
ip address 1.1.1.1 255.255.255.0

int f0/1
desc connected to HO switch2
no switchport
ip address 12.12.12.11 255.255.255.0

router eigrp 1
no auto
net 0.0.0.0
#########################

switch2 HO
int fa0/0
desc connected to isp2
no switchport
ip address 2.2.2.2 255.255.255.0

int f0/1
desc connected to HO switch2
no switchport
ip address 12.12.12.12 255.255.255.0

router eigrp 1
no auto
net 0.0.0.0
###################################

In the branches.......
switch Branch
int f0/0
no switchport
ip address 1.1.1.2 (2.2.2.2 for other branch)


router eigrp 1
no auto
net 0.0.0.0
#########################


Rest all others (like vlans) remain unchanged everywhere.

Best,
0
surbabu140977Commented:
between f0/1 in sw1 and sw2 in HO, you will need trunk, if there are multiple vlans.

Best,
0
bschwartingAuthor Commented:
So the interfaces have IP's?  That's something new to me.
0
surbabu140977Commented:
"no switchport" command makes a L2 interface L3 and you can put Ip and routing...... there are some typo's in my above paste, hope you got the idea.

You can remove ip default-gateway  command. That is only used when routing is disabled in a L2 switch. Once eigrp starts working, you won't need it.

Best,
0
bschwartingAuthor Commented:
Some other thoughts...

1) do i need to list both routes now on the branch offices?
2) does this allow for both links to be up at the same time? is that possible to use all bandwidth?
3) all my other switches in remote buildings are default gateway instead of default route, can those stay the same as layer 2?
0
bschwartingAuthor Commented:
4) I already have separate subnets at remote offices, should this be different as well or is it ok to use the existing subnets?
0
surbabu140977Commented:
You do not need any routes anywhere now. Eigrp will take care of everything. Yes, both links would be up at the same time.

Yes, load balancing would be possible. Once you are done with failover, we will guide you with load balancing too.

Your other switches can stay exactly the same as they are. Only change would be the 2 3750's in HO and 2 branch switches.

Best,
0
bschwartingAuthor Commented:
5) why do you have 2 interfaces with IP's on each HO switch?  my switches are all home-run back to a couple Nexus 5548's by fiber.  is that 2nd interface config necessary?
0
surbabu140977Commented:
2 isp's handing you 4 point to point L2 links for 2 offices. One link between two switches in HO. So in 5 ports you are using ip addresses. 2ports in each of 2 branch office switches will need ip's now. Please assign the ip's correctly.

Best,
0
surbabu140977Commented:
Your connection is like this?

branch1      branch2
!   !                   !  !
!   !                   !   !
!   !                   !   !
!   !                   !   !
isp1&isp2      isp1& isp2    (both giving 2 hand off's)
switch1 <------> switch2
                  HO

switch 1 need to ping switch2 by IP and eigrp neighborship is necessary between switch1 and switch2 for failover. Hence Ip between switch1 &2.

Best,
0
bschwartingAuthor Commented:
sorry, i specified it at the top post, but it might not have been clear:

At the HQ, each ISP is handing off one Ethernet port for the "Point to Point" link.

So the ISP's are only giving us one port at the HO.  make sense?
0
Craig BeckCommented:
I don't think surbabu's solution is what you need.  Sorry but I just don't think it will work.

You have ISP links which are pure internet circuits (if I'm reading this right) between the sites so no EIGRP info will be sent over the links to the remote sites.

I think it would be a better solution if your ISP circuits terminate into separate L3 interfaces on the switches at each site, then you run IP SLA to track when an ISP's circuit goes down by using responders.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bschwartingAuthor Commented:
what do you mean "internet circuits"?
0
Craig BeckCommented:
Your WAN links... what exactly are they?  Are they standard internet circuits (like a T1 for example), or something else?
0
bschwartingAuthor Commented:
these are just an Ethernet hand-off from our ISP's that joins our remote office to branch offices.  it isn't a T1.  AT&T calls it "Metro E".  the the other is a local ISP and they have just extended their network to us and in between our offices.

http://www.business.att.com/enterprise/Service/network-services/ethernet/metro-gigabit/
0
Craig BeckCommented:
Hmmm so the chances are that only one of your WAN links would let you talk EIGRP between the sites natively.

I think the solution needs to be a little more extravagant to achieve what you want.
0
bschwartingAuthor Commented:
surbabu140977, thoughts in light of this info?

hardware solution might be needed?
0
gfbarronCommented:
I have to agree with craigbeck on this one.

If all you want is a secondary link for failover this can be achieved by configuring your switch as a layer 3 switch and providing two default gateways.

When one goes down the other will be utilized.

If you want aggregation between diverse carriers, you are better off doing this with another piece of hardware.

Check out www.teloip.com.  They specialize in autonomous network aggregation and they or one of their partners may have a good solution for you.

G
0
surbabu140977Commented:
I assumed (from the question) that 1) it's the SP not ISP so no internet circuits, 2) purely p2p links i.e 4 handoff's......so basically purely private handoff's....... 3) L2 handoff's capable of carrying vlan info.

If it's a single hand off i.e 2 isp's handing 2 L2 circuits and they are connected to diff switches(which are interconnected) and if EIGRP is running, no reason that backup and or load balancing won't work........   what's the hold in this then? (am I missing something?)

The only two cases which I remember was one of our customer was using pure L2 and in the other case AT&T was expecting some vlan tagging from the customer.

If this L2 handoff's are capable of vlan transmission, we should be able to use the iner vlan routing using eigrp  .

Best,
0
surbabu140977Commented:
If we don't want routed ports and a major change in config,  if the  L2 handoff is capable of  inter vlan routing, we can just make the whole thing as one eigrp AS (provided vlans are already there in the 3750's) and eigrp will bring up the neighbors in no time.

We did ran the above scenario with one of our old DC which was running AT&T Metro Ethernet. (2 yrs back).

Best,
0
Craig BeckCommented:
I labbed it last night and it didn't work... For a start the config doesn't redistribute the default route from the adjacent routers (easy to fix though) and without a default route the traffic goes nowhere.

It all hangs on whether you can run EIGRP across the ISP links.  If you can't you'd have to use GRE tunnels to get EIGRP to talk, and that's a much more complex solution to get working.
0
surbabu140977Commented:
I verified with our design team. They said it should work. I don't have a lab to work it out but since you did-- got to trust you. Technically, not sure where it would stuck. (unless something to do with the carrier).

I myself worked on that DC for a few yrs before it went decomm....... through metro only.

Best,
0
gfbarronCommented:
If you try to use EIGRP across an ISP without any type of bridge between the networks, it will not work as it uses MULTICAST to send updates, and therefore would not reach the destination as it would be filtered by your router.

Just to be clear, is the purpose if this thread is still for fail over between ISP's (gateways) ?

The aggregation of two links needs to be done on another device unless you want to do policy based routing.
0
Craig BeckCommented:
@surbabu - it 'might' work if EIGRP can talk over the ISP links, but you won't be exchanging any default routes with what you posted so it will only work for known routes within the routing table.

@gfbarron - Correct... EIGRP is multicast, hence mentioning GRE tunnels.  If you want to aggregate the links you can do it with what's there but some fancy routing is needed (OSPF would be better than EIGRP here).  IP SLA is a great solution if ISP links are used in an active/backup fashion.
0
surbabu140977Commented:
What happens if we use HSRP between the 2  HO switches (without any change in the existing scenario)? He will have load balancing as well as failover......... any thoughts? But still some routing needs to be there.

Best,
0
Craig BeckCommented:
You could do HSRP outbound, but not inbound unless you do MHSRP.
0
bschwartingAuthor Commented:
what about GLBP?
0
Craig BeckCommented:
GLBP is ok for outbound in some scenarios but no good for inbound routing ever.
0
gfbarronCommented:
Hey,

Just so I'm clear here.  Why do you not want to use 2 default routes at each site.  Are you looking to have them interconnected, or are they not similar in bandwidth?

By adding 2 default routes, it should load balance and provide fail-over, unless im mistaken...
0
bschwartingAuthor Commented:
one is 10mbps (but stable)
one is 100mbps (but not stable)
0
gfbarronCommented:
You definitely don't want that then.

what about BGP multi-hop with local-pref
0
gfbarronCommented:
I think the VPN solution is probably better, although it  would be more complex.
0
Craig BeckCommented:
I'd just use GRE tunnels and OSPF.
0
bschwartingAuthor Commented:
Where do you setup the GRE tunnels?
0
Craig BeckCommented:
On the switches where the ISP links connect.
0
bschwartingAuthor Commented:
I think I have found a solution.  We are going to put FortiGate-100D firewalls on either side, make it wide open, and use that to manage the two pipes.

Thanks everyone for helping me understand this was a pretty difficult thing to accomplish with the basic principles I was trying to use.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.