Solved: Backup Interface Command

nathan.deane · ‎04-02-2007

Hi,

Very quick question.

Is there such a configuration (on the 2800 series) which allows both of the routed ports to be plugged into the same LAN and be represented as a single IP address ?

I thought this could be done via a "backup interface" command that specifies one as the backup for the other, on a physical level?

If this is not available then I will have to look at bridging the interfaces and creating a VLAN SVI

Thanks

m-haddad · ‎04-03-2007

Hello Nathan,

I have tested and it works. Follow the below steps:

1- Shut down both interfaces

2- Set the IP addresses (Same Address)

3- issue the backup interface command on the primary interface

4- No shut the primary

5- No shut the secondary

6- Enjoy testing.

Below you can find a smaple config:

interface FastEthernet0

description DMZ Primary

backup interface FastEthernet1

ip address 192.168.2.1 255.255.255.0

ip access-group INBOUND in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

crypto map IPSEC

end

Westport-1811#sh run int f1

Building configuration...

Current configuration : 171 bytes

!

interface FastEthernet1

description DMZ Backup

ip address 192.168.2.1 255.255.255.0

ip nat inside

Appreciate your rating,

Regards,

ip inspect FW_OUT in

ip virtual-reassembly

duplex auto

speed auto

View solution in original post

Richard Burts · ‎04-02-2007

Nathan

I am not clear whether it is supported to use backup interface on one ethernet pointing to another ethernet interface. Even if it is supported I am not sure that you want to use it. Backup interface depends on the primary interface going protocol down and there are lots of failure scenarios where the ethernet interface is not passing traffic but is still protocol up.

I believe that if you want to use one ethernet to back up another ethernet that you should not assign IP addresses to the ethernet interfaces, should configure bridging, put both ethernet interfaces into the same bridge group, configure Integrated Routing and Bridging, configure the BVI interface, and assign the IP address to the BVI.

HTH

Rick

HTH

Rick

m-haddad · ‎04-02-2007

Hello,

I have tried this with a loopback and it works. You have to shut down both ethernet interfaces. Set the IP addresses and then issue the backup command on the backup interface.

After that bring up the primary interface first and then the backup interface.

Let me know how it goes,

Appreciate your rating,

Regards,

nathan.deane · ‎04-02-2007

Interesting, im not going to have a chance to give this a go today, do you have a config output from the working appliance?

Thanks

m-haddad · ‎04-03-2007

Hello Nathan,

I have tested and it works. Follow the below steps:

1- Shut down both interfaces

2- Set the IP addresses (Same Address)

3- issue the backup interface command on the primary interface

4- No shut the primary

5- No shut the secondary

6- Enjoy testing.

Below you can find a smaple config:

interface FastEthernet0

description DMZ Primary

backup interface FastEthernet1

ip address 192.168.2.1 255.255.255.0

ip access-group INBOUND in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

crypto map IPSEC

end

Westport-1811#sh run int f1

Building configuration...

Current configuration : 171 bytes

!

interface FastEthernet1

description DMZ Backup

ip address 192.168.2.1 255.255.255.0

ip nat inside

Appreciate your rating,

Regards,

ip inspect FW_OUT in

ip virtual-reassembly

duplex auto

speed auto

nathan.deane · ‎04-03-2007

Thanks for the assistance, I will give this a go :)

m-haddad · ‎04-03-2007

Just to note that what Mr.rburts said is correct, that is this interface won't be considered down until the protocol/interface goes down and usually Ethernet interface don't go down. Therefore, I don't know your target or even how are you going to provide the failover functionality.

However, I provided the solution hoping this would answer your question,

Regards,