Router - two interfaces,n same subnet? connecting to two switches

Answered Question
Apr 21st, 2009
User Badges:

I have one 2821 router connected to one 2960 switch, that is then connected to an ASA. I have added a 2960 for switch redundancy. I tried to define another IP in my public subnet on my other internal LAN interface on the router and it wouldn't let me. I was then going to setup HSRP between the two interfaces on the router. Then have the ASA route to the HSRP address. The switches are not routing. I'm not sure how to proceed with the router configuration....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
trippi Tue, 04/21/2009 - 18:07
User Badges:

Is that the only solution?

In a simpler way I am looking for a way to create a redundant interface like you can in the ASA...

Can this be done with SSG, Multilink, Port-channeling...Anything else or is IRB the only way?

lamav Tue, 04/21/2009 - 18:53
User Badges:
  • Blue, 1500 points or more


You cannot configure 2 routed interfaces on one device in the same subnet. If you want those two interfaces to belong to the same subnet, you will have to bridge them. It is similar to the way you place two ports in a vlan and then create the routed SVI interface for it.

You put both router interfaces in a bridge group and then configure a BVI interface for it.

What may be a possibility for you is to run HSRP between your 2960 switches (2960s are L3 switches) and have the ASAs point to an HSRP VIP between them.

Then you can configure the two routed interfaces to belong to separate subnets and leverage the HSRP tracking feature to track the primary interface.

Of course, this would require L3 isolation between your ASAs and switches and between your switches and router.

I dont know if anything Ive said helps, but there you have it.


thotsaphon Tue, 04/21/2009 - 19:48
User Badges:
  • Gold, 750 points or more


First of all, C2960 is a Layer2 switch. What you can do is that link redundancy. Setting up HSRP on 2 interfaces on the router is not going to work. I would recommend you to use BVI. You may see the only one is working at a time if your interfaces are connecting a loop and spanning-tree is working correctly.



lamav Wed, 04/22/2009 - 04:55
User Badges:
  • Blue, 1500 points or more


From the specs given at this link, I was under the impression that the 2960 was a layer 3 switch. I have used the 2950 switch for many years and I knew that was not L3, but I thought the 2960 was.

By the way, when you say "first of all," it implies there should be a second point, at least. :-)

DialerString_2 Thu, 04/23/2009 - 10:31
User Badges:
  • Bronze, 100 points or more

IRB. You got to bridge those interfaces.

Jon Marshall Thu, 04/23/2009 - 10:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


As far as i know all 29xx switches are L2 only. L3 switches start with the 3xxx switches.


DialerString_2 Thu, 04/23/2009 - 10:36
User Badges:
  • Bronze, 100 points or more

I just looked at you diagram. Look into ip sla and tracked objects. YOu can monitor an ip for failure and then force the router to route to another interface along with other things.


This Discussion