3560 HRSP part duex

Unanswered Question

Guys,

I have an HSRP setup on two 3560 L2 switches (thanks to your guys help).

I am trying to figure out the best way to get the back to the firewall on the standby router.

My guess is to make a 2nd interface on my sonicwall firewall ( i know trying to migrate to ASA's) and just create secondary default route with a lower metric distance to that interface.

I guess in a whole, when my main router goes down i need internet access.

Here is my design

2960_A------------3560_A---------Sonicwall Firewall

|

|

|

|

|

3560_HA

THANKS IN ADVANCE

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Dipesh Patel Mon, 07/12/2010 - 17:55

Dear Adam,

1st of All HSRP is working on Layer 3.

And for the same you need to connect your firewall with both 3650 switches.

Firewall has default route through standby ip.

e.g.

configuratio is like

3560 -1

int vlan 100

ip add 10.10.10.2

standby 1 prio 120

standby 1 preempt

standby 1 ip 10.10.10.1

3560 - 2

int vlan 100

ip add 10.10.10.3

standby 1 ip 10.10.10.1

Firwall:

For inside there are defult route to 10.10.10.1

For outside primary default route to primary router secondary route to internet router with matric.

Hope tp help.

Rate if it will help you.

Regards

Ganesh Hariharan Mon, 07/12/2010 - 22:51

Guys,

I have an HSRP setup on two 3560 L2 switches (thanks to your guys help).

I am trying to figure out the best way to get the back to the firewall on the standby router.

My guess is to make a 2nd interface on my sonicwall firewall ( i know trying to migrate to ASA's) and just create secondary default route with a lower metric distance to that interface.

I guess in a whole, when my main router goes down i need internet access.

Here is my design

2960_A------------3560_A---------Sonicwall Firewall

|

|

|

|

|

3560_HA

THANKS IN ADVANCE

Hi,

For stanby switch to forward traffic to sonic firewall in case of failure you need to have connection from from firewall to switch and if possible try to check with sonic vendor is there any clustering of port can be done in sonice firewall like two ports and on logical interface which will be default gateway for both switches and your thought is also good if the sonic can't have logical interface make another port with same segment ip address and assign the stanby switch default gateway to that ip of sonic firewall.

In this case if switch one goes down secondary comes to picture and traffic will be routed vis secondary port ip address.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Actions

This Discussion