asked on Cisco Switch - Redundancy
Hi,
I wondered if somebody could offer some instance on moving to an HA configuration on my Cisco VLAN Switches (DMZ and Internet).
So we have a pair of Firewalls (Sonicwall NSA4600) that are running in active / passive HA mode, and then we have the Cisco 3750 Switches that have 5 VLANs on them.
On the Firewall my X2 Interface is divided into 4 VLANs (10, 20, 30, 50) and both of the Firewalls are connected downstream to Interfaces Gi1/0/23 and Gi1/0/24 (Primary Firewall -> Gi1/0/23, Secondary Firewall Gi1/0/24). These two interfaces are configured as Trunk Ports and then the interfaces are in VLANs as required.
We then have X3 on the Firewalls (Sonicwall Sonicpoints) connected to ports Gi1/0/8 and Gi1/0/9 on the Switch. We then have 6 access points in a VLAN 40 for this.
So I have got redundancy on my Firewalls, but what I don’t have is redundancy on the switches.
At present there is a switch configured below the live one, that is ready to go and if the primary switch fails we have to manually move all of the network leads across.
Can someone please assist with a better way for this to be done?
Thanks very much
Paul
I wondered if somebody could offer some instance on moving to an HA configuration on my Cisco VLAN Switches (DMZ and Internet).
So we have a pair of Firewalls (Sonicwall NSA4600) that are running in active / passive HA mode, and then we have the Cisco 3750 Switches that have 5 VLANs on them.
On the Firewall my X2 Interface is divided into 4 VLANs (10, 20, 30, 50) and both of the Firewalls are connected downstream to Interfaces Gi1/0/23 and Gi1/0/24 (Primary Firewall -> Gi1/0/23, Secondary Firewall Gi1/0/24). These two interfaces are configured as Trunk Ports and then the interfaces are in VLANs as required.
We then have X3 on the Firewalls (Sonicwall Sonicpoints) connected to ports Gi1/0/8 and Gi1/0/9 on the Switch. We then have 6 access points in a VLAN 40 for this.
So I have got redundancy on my Firewalls, but what I don’t have is redundancy on the switches.
At present there is a switch configured below the live one, that is ready to go and if the primary switch fails we have to manually move all of the network leads across.
Can someone please assist with a better way for this to be done?
Thanks very much
Paul
Switches / Hubs
Last Comment
Hamid Akbari
Since your switches support stacking, I agree that is the best method. My switches don't support stacking so I end HSRP to enable high availability at layer 2, and then failover NIC teaming for servers and I plus each firewall into a separate switches, so a switch failure would cause the connected firewall to become the passive one.
ASKER
Hi,
None of the connected devices are actually servers, they are access points or routers.
Paul
None of the connected devices are actually servers, they are access points or routers.
Paul
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Kevin,
I will post a diagram up hopefully this will then help
Paul
I will post a diagram up hopefully this will then help
Paul
We have tow aim of HA in switching
1-Port fail over : Aim-->increase availability and increase throughput
you should use ether channel between servers and switches
2-Switch redundancy :Aim-->increase availability and provide fail over
You should use
Hardware solution:
*Stack-->in stack able switch is best solution (for Midsize network)
Software solution:
*VSS-->in High class switch (4500,6500) it is best solution(so better than Stack)
*GLBP-->if your switch support you can use weighted load balancing or round robin and host-dependent method.it is better than HSRP and VRRP.
*HSRP and VRRP-->HSRP:Cisco devices only and by default:premption:disable-
VRRP:Standard and by default premption is enable
you can choose your scenario
1-Port fail over : Aim-->increase availability and increase throughput
you should use ether channel between servers and switches
2-Switch redundancy :Aim-->increase availability and provide fail over
You should use
Hardware solution:
*Stack-->in stack able switch is best solution (for Midsize network)
Software solution:
*VSS-->in High class switch (4500,6500) it is best solution(so better than Stack)
*GLBP-->if your switch support you can use weighted load balancing or round robin and host-dependent method.it is better than HSRP and VRRP.
*HSRP and VRRP-->HSRP:Cisco devices only and by default:premption:disable-
VRRP:Standard and by default premption is enable
you can choose your scenario
I hope this helps