high availability config with int vlan as default gateway

josephp · ‎01-06-2009

Hello folks, I am configuring an active/standby on ASA deployment.

The internet facing device are 2 3560's, the ports that are facing the internet are configured as routed port, the ports that are facing inside are vlan interfaces (svi). The switches are acting as primary and backup trough EIGRP.

I configured the ASA to track the outside interfaces of the switch through sla monitoring, because I can't track the svi's. it works but when the primary switch come back up it does not preempt the secondary switch. how do I do this.

Thanks,

JP

JORGE RODRIGUEZ · ‎01-06-2009

Hi, Im unclear why you are using ip sla track , do you have dual ISPs , perhaps we are missing more information.

If you are trying to have default gateway failover this can be easily done using hsrp provided that you only have one ISP.

3650-sw-1_Primary

interface FE0/1

ip address 20.20.20.2 255.255.255.0

speed 100

full-duplex

standby 1 ip 20.20.20.1

standby 1 preempt <- Defaults to 100

standby 1 authentication test

standby 1 name test

3650-sw-2_Secondary

interface FEt0/1

ip address 20.20.20.3 255.255.255.0

speed 100

full-duplex

standby 1 ip 20.20.20.1

standby 1 preempt 90

standby 1 authentication test

standby 1 name test

Your ASA Active/Standby Default route points 20.20.20.1

when 3650-sw-1_Primary fails , secondary takes over, when primary comes back prempt 100 value will make 3650-sw-1 resume primary role since sw-2 premtps to 90.

Regards

Jorge Rodriguez

gohweekee · ‎01-07-2009

i will create an sla monitor to do the failover