Cisco Switch - Redundancy

Hi,
I wondered if somebody could offer some instance on moving to an HA configuration on my Cisco VLAN Switches (DMZ and Internet).

So we have a pair of Firewalls (Sonicwall NSA4600) that are running in active / passive HA mode, and then we have the Cisco 3750 Switches that have 5 VLANs on them.

On the Firewall my X2 Interface is divided into 4 VLANs (10, 20, 30, 50) and both of the Firewalls are connected downstream to Interfaces Gi1/0/23 and Gi1/0/24 (Primary Firewall -> Gi1/0/23, Secondary Firewall Gi1/0/24). These two interfaces are configured as Trunk Ports and then the interfaces are in VLANs as required.

We then have X3 on the Firewalls (Sonicwall Sonicpoints) connected to ports Gi1/0/8 and Gi1/0/9 on the Switch. We then have 6 access points in a VLAN 40 for this.

So I have got redundancy on my Firewalls, but what I don’t have is redundancy on the switches.

At present there is a switch configured below the live one, that is ready to go and if the primary switch fails we have to manually move all of the network leads across.

Can someone please assist with a better way for this to be done?

Thanks very much

Paul
LVL 1
essexboy80Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
Stack up your switches and use NIC Teaming on your servers in conjuction with etherchannel on the switch (eg NIC A and NIC B on Server is teamed. Switch A and Switch B are stacked. Port 1 on SW A is bundled (etherchannell group) with Port 1 on SW B. NIC A connects to SW A-Port 1, NIC B connects to SW B-Port 1. If 1 switch fails, the server will not lose connection.

I hope this helps
0
kevinhsiehCommented:
Since your switches support stacking,  I agree that is the best method. My switches don't support stacking so I end HSRP to enable high availability at layer 2, and then failover NIC teaming for servers and I plus each firewall into a separate switches, so a switch failure would cause the connected firewall to become the passive one.
0
essexboy80Author Commented:
Hi,

None of the connected devices are actually servers, they are access points or routers.

Paul
0
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

kevinhsiehCommented:
I am trying to imagine why you would need a bunch of routers directly connected to your routers (the 3750s). The access points would obviously die. If the routers have extra interfaces you could plug one into each switch, and use different network on each interface between the router and switch, along with a dynamic routing protocol.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
essexboy80Author Commented:
Hi Kevin,

I will post a diagram up hopefully this will then help

Paul
0
Hamid AkbariNetwork AdminCommented:
We have tow aim of HA in switching

1-Port fail over : Aim-->increase availability and increase throughput
  you should use ether channel between servers and switches

2-Switch redundancy :Aim-->increase availability and provide fail over
You should use
Hardware solution:
*Stack-->in stack able switch is best solution (for Midsize network)
Software solution:
*VSS-->in High class switch (4500,6500) it is best solution(so better than Stack)
*GLBP-->if your switch support you can use weighted load balancing or round robin and host-dependent method.it is better than HSRP and VRRP.
*HSRP and VRRP-->HSRP:Cisco devices only and by default:premption:disable-->popular than VRRP
                                   VRRP:Standard and by default premption is enable

you can choose your scenario
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.