redundancy help

Unanswered Question
May 5th, 2008

Hi there,

Our network currently does not have redundancy and we are in the process of putting redundancy in place. I've done a bit of reading and I came up with the attached drawing. We currently have one of each and will be purchasing an additional of each.

Please see attached image and comment if I'm on the right track.

Edge routers

- configure HSRP

PIX 525s

- configure box to box redundancy

- gw standby ip of routers

Catalyst 2960s

- configure HSRP?

- gw ip of PIX


- box to box redundancy

- gw standby ip of 2960

Catalyst 2960s(last set)

- configure HSRP?

Can you point me in the right direction and some more stuff to read through.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 05/05/2008 - 22:26


The Catalyst 2960 is a layer 2 switch only so you should not be setting anything to have it's default-gateway as the 2960 switch. You won't be able to configure HSRP between the 2 2960's either.

For your apps servers/dbase servers you have two choices depending on how you are proposing to setup the CSS. Your diagram has no IP addressing so it's not possible to say which mode you are running the CSS in.

1) If you run the CSS1150's in bridge mode then the default-gateway for your apps/dbase servers will be the PIX 525 virtual address.

2) If you run the CSS11503's in routed mode then the default-gateway for your apps/dbase servers will be the CSS11503 virtual address.

One other thing. It is good practice to firewall your Dbase servers onto their own DMZ. The dbase servers presumably contain important company data and so should be segregated from all other servers including the apps servers.


cheng.j Tue, 05/06/2008 - 16:18

Hi Jon,

Thanks for your reply. I edited the diagram to include ip address.

I'm running the CSS in routed mode. The default gateway for the Apps is the CSS. The DBs are inaccessible from the outside. They are on a different ip block. Apps are using 192.168.8.x while DB's are using 192.168.88.x. The apps though are configured with 2 NICS. One on the 8.x block and one on the 88.x block to access the DBs.

I can configure the 2960 for redundancy right?

Thanks again.



This Discussion