I have two routers 3845 both have two ISPs then I have two switches 3750 and 3560 connected to these routers and then further I have checkpoint firewalls. Now I want redundancy and load sharing of Lan traffic coming by firewalls to switches and routers . I choose GLBP for this but now I have some issues. Both routers have only two giga ports and 4 fast ethernet ports but these Fa ports are L2 ports so i cant give IP to those ports. Should I make vlans there ? then both ISPs provide me ethernet links so these interfaces never get down so cant able to use track command.Sometimes I thought I should do clustering between switches, these wll act as one switch then I can run GLBP easily. I m not sure what to do ? One main condition is that my internet should not never get down and also need load sharing between two routers.
Plz help me to sort out this issue .
thanx and regards,
I have tried this setting and it works. I have created SLA for tracking and now its shifting if icmp is unreachable but I have done one thing that my ISP's other end IP is not always unreachable so I have set the ICMP for google.com because if google is unreachable then it means internet is down .
Anyhow thanx for total support.
Thanx and regards,
That great that your problem has been resolved it will be great if you can mark this thread as resolved so that others can get benifitted if they have these type of problem in there network.
ispR1 ------cisco3750 ---
an alternative is to run your switches as L3. Each switch is then connected to both ISP routers. Run a dynamic routing protocol between the switches and the routers and send a default-route from both ISP routers to your switches. You will still need to track the next-hop on the ISP routers.
Then use HSRP or if you want GLBP (altho the same proviso's apply as before with GLBP) on the switch LAN interfaces facing the checkpoint. The checkpoint will send traffic to the active switch which then has 2 equal cost paths to the Internet via both ISP routers.
I woulg suggest you to do some change in your setup to have glbp running for local LAN and as well IP SLA configuartion for external ISP fail over.
1) Make a etherchannel between your two cisco switches and create a vlan between your check point and two switches.
2) configure GLBP in cisco switches for local lan load balancing and assign them a vip which will be acting as gateway for checkpoint.
3)configure two default routes in both the switches towards both the isp's as reachbilty will be there because of etherchannel bundling.
4)configure IP SLA track in both the switches for some destination server icmp.check out the below sample config fo IP SLA which will help out to track the link status and when ever there is link problem as per the track configuration the default route will removed from cisco switch and the traffic will moving to next available ISP.
Check out the below sample config on IP SLA with some explanation:-
ip sla 1
ip sla schedule 1 life forever start-time now
ip sla 2
ip sla schedule 2 life forever start-time now
IP sla 1 will sends icp echo to ISP 1 ip address every 1 second and IP sla 2 will send it to ISP 2
track 10 rtr 1 reachability
delay down 1 up 1
track 20 rtr 2 reachability
delay down 1 up 1
if ip sla 1 did not get icmp replay within 1 second track 10 will be considered as down ( from ISP 1) track 20 same for ISP 2
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10
ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
we have two default routes each one point to one of the ISP's IP address, also each static
default route is associated with the corresponding IP SLA track created above
in this case if ISP 1 link is down the first default route will disappear from the routing table.
Hope that clear your query !!