I would recommend that you use HSRP between with tracking (on the serial/internet interface) so that you can use a VIP as a gateway for your PCs. That way if there is an issue with either the public interface or the routers they will fail over but since the PCs would be using a VIP you don't need to alter any config on them.

A very basic HSRP config would be something like:

(config-if)# standby ip

(config-if)# standby priority preempt

(config-if)# standby track [interface]

The group ID needs to be the same on both routers. Also the priority is a default of 100 and higher is better. Therefore I would suggest on the router you want to be the "primary" one, that the priority be something like "110". Be careful with the decrement values though because the default is only 10 so the secondary may not take over if the values are too far apart.

You can find more info on HSRP at

What do you mean "primary" and "secondary" switch? Do you mean for spanning tree?

If you do then it would be the following command:

(config)# spanning-tree vlan [vlan id] root [primary,secondary]

If I have misunderstood what you are after please reply and I will try and help further.

Hi, Thanks for your solution, I would like to inform you that, I can achieve this on two router which are connected to Internet. But what I do for those switches which are behine the router/Firewall/NIPS. What configuration should I configure to achieve disaster.

Anyone can help me out on this solution given in the diagram. Disaster between sw-1 & sw-2, Sw-3 & Sw-4 respectively.


