2 LAN core switches with single WAN router

Unanswered Question
Nov 20th, 2012

Hello,

I am working on to design a network for small office and due to present limitations only 1 WAN router with 1 ISP is in place now, but LAN has 2 core switches with HSRP for all VLANs.

At present only core1 is connected to WAN router with the static route and there are no dynamic routing in core switches.

I am planning to connect to the WAN router from core 2 switch as well to achieve the failover in case core 1 fails.

All the devices are Cisco devices.

Failover.jpg

Question: What are the best available solution to this topology considering the limitations of no dynamic routing in cores and only 1 WAN with 1 ISP?

Thanks in Advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
asembay87 Tue, 11/20/2012 - 06:27

Hi,

You can this simple configuration, core1 as primary with preempt and core2 secondary. In case of failure primary switch secondary will take over. If link between core1 and router goes down it's priority decreases to 90 and core2 becomes primary because it's priority 100(by default). With preempt option when link recovers core1 becomes primary.

For example IP 192.168.1.1 interface connected to core1, 192.168.1.5 interface connected core2

Here is sample config

Core1:

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.2

frequency 5

ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability

interface Vlan 100

ip address 192.168.23.2 255.255.255.0

standby 1 ip 192.168.23.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 30

Core2:

interface Vlan 100

ip address 192.168.23.3 255.255.255.0

standby 1 ip 192.168.23.254

Hope it will help.

s-santhosh Tue, 11/20/2012 - 06:40

Hi Abzal,

I just picked this stmt from your first response "

"For example IP 192.168.1.1 interface connected to core1, 192.168.1.5 interface connected core2"

You mean these IP Addresses configured in WAN router ports which are connected to Core 1 and Core 2?

If yes, it is not possible to assign the same subnet IP Address on 2 ports in same router. Or Am i missing your point?

Thanks for your quick response

asembay87 Tue, 11/20/2012 - 07:00

Sorry) I didn't mention that mask is 192.168.1.0/30 for core1 and 192.168.1.4/30 for core2.

Abzal

s-santhosh Tue, 11/20/2012 - 07:26

Thanks Abzal, Yea that would be correct then...

I will try to apply this in lab.

s-santhosh Tue, 11/20/2012 - 07:39

Hi Abzal,

I have drafted the below configuration.

WAN Rouer Configuration

interface 1

desc port to core 1

ip address 192.168.1.1/30

interface 2

desc port to core 2

ip address 192.168.1.5/30

Core1 configuration

-------------------------------

interface 1

desc port to WAN

ip address 192.168.1.2/30

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.2

frequency 5

ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability

interface Vlan 100

ip address 192.168.23.2 255.255.255.0

standby 1 ip 192.168.23.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 30

Core 2 configuration

----------------------------------

interface 1

desc port to WAN router

ip address 192.168.1.6/30

interface Vlan 100

ip address 192.168.23.3 255.255.255.0

standby 1 ip 192.168.23.254

What should be the static route for forward traffic from Cores to WAN router?

For reverse traffic point to 192.168.23.254 in WAN router?

asembay87 Tue, 11/20/2012 - 07:51

Yes, you have to put routes on both core switches.

Core 1:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Core 2:

ip route 0.0.0.0 0.0.0.0 192.168.1.5

And if you have subnet behind core like 192.168.23.0/24, put these on WAN router:

ip route 192.168.23.0 255.255.255.0 192.168.1.2 1

ip route 192.168.23.0 255.255.255.0 192.168.1.6 2

Hoep it will help.

s-santhosh Tue, 11/20/2012 - 08:02

Thanks Abzal for your quick response.

I will put all these in a test env and try

s-santhosh Tue, 11/20/2012 - 08:40

Hi Abzal, I have 2 questions in mind.

What happens if the core1 switch itself goes down?

VLAN 100 is to track the IP reachability and switch to standy core when this track is in unreachability only?

asembay87 Tue, 11/20/2012 - 08:52

If core1 itself goes down secondary router core2 will take over. If link between WAN and core1 or WAN router itself goes down, ip addr.  192.168.1.1 from core1 will be unreachable. So track 1 will be down as well. Then HSRP on core1 will decrement priority as result it will be 90. Core2 has default priority 100 that's it will become primary router for VLAN 100.

Useful links

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8c.shtml

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml

Hope it will help.

paulstone80 Tue, 11/20/2012 - 06:32

Hi,

For traffic leaving your LAN, I would add a default route to both core switches to point to your ISP router, 0.0.0.0 0.0.0.0 x.x.x.x.

For traffic entering your LAN, I assume your ISP is forwarding all traffic to an IP on Core1? I would configure HSRP between both core switches and make the virtual IP the IP that your ISP is currently targeting.

HTH

Paul

s-santhosh Tue, 11/20/2012 - 06:47

Hi Paul,

Forward traffic: Right now traffic is routed to the router private IP Address from core1, you mean directly point to the ISP IP Address in Core 1 and Core 2?

Incoming traffic to LAN: Right now ISP is pointing to the WAN router public IP Address. With this HSRP virtual Ip Address it will bypass the WAN router?

Thanks for your quick response

paulstone80 Tue, 11/20/2012 - 06:57

Hi,

Yes point the core switches default routes to the private IP address of the WAN router. This would be the IP address assigned to the Ethernet interfaces that connect to core1 and core2.

I am making an assumption about the incoming traffic, but I assume the ISP will target the router WAN interface IP (public). The WAN router then forwards on to core1, so should have routes to reach the vlans via core1? Is this correct?

Kind regards,

Paul

s-santhosh Tue, 11/20/2012 - 07:24

What should be the IP Addresses on WAN router ports which are connected to core1 and core2?

I assume this way for forward traffic

Yes, you are correct WAN router forwards on to core 1 via VLANs.

Actions

Login or Register to take actions

This Discussion

Posted November 20, 2012 at 6:02 AM
Stats:
Replies:13 Avg. Rating:
Views:1425 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,730
4 7,083
5 6,742
Rank Username Points
155
77
70
69
45