cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6173
Views
0
Helpful
13
Replies

2 LAN core switches with single WAN router

s-santhosh
Level 1
Level 1

Hello,

I am working on to design a network for small office and due to present limitations only 1 WAN router with 1 ISP is in place now, but LAN has 2 core switches with HSRP for all VLANs.

At present only core1 is connected to WAN router with the static route and there are no dynamic routing in core switches.

I am planning to connect to the WAN router from core 2 switch as well to achieve the failover in case core 1 fails.

All the devices are Cisco devices.

Failover.jpg

Question: What are the best available solution to this topology considering the limitations of no dynamic routing in cores and only 1 WAN with 1 ISP?

Thanks in Advance!

13 Replies 13

Abzal
Level 7
Level 7

Hi,

You can this simple configuration, core1 as primary with preempt and core2 secondary. In case of failure primary switch secondary will take over. If link between core1 and router goes down it's priority decreases to 90 and core2 becomes primary because it's priority 100(by default). With preempt option when link recovers core1 becomes primary.

For example IP 192.168.1.1 interface connected to core1, 192.168.1.5 interface connected core2

Here is sample config

Core1:

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.2

frequency 5

ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability

interface Vlan 100

ip address 192.168.23.2 255.255.255.0

standby 1 ip 192.168.23.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 30

Core2:

interface Vlan 100

ip address 192.168.23.3 255.255.255.0

standby 1 ip 192.168.23.254

Hope it will help.

Best regards,
Abzal

Hi Abzal,

I just picked this stmt from your first response "

"For example IP 192.168.1.1 interface connected to core1, 192.168.1.5 interface connected core2"

You mean these IP Addresses configured in WAN router ports which are connected to Core 1 and Core 2?

If yes, it is not possible to assign the same subnet IP Address on 2 ports in same router. Or Am i missing your point?

Thanks for your quick response

Sorry) I didn't mention that mask is 192.168.1.0/30 for core1 and 192.168.1.4/30 for core2.

Abzal

Best regards,
Abzal

Thanks Abzal, Yea that would be correct then...

I will try to apply this in lab.

Hi Abzal,

I have drafted the below configuration.

WAN Rouer Configuration

interface 1

desc port to core 1

ip address 192.168.1.1/30

interface 2

desc port to core 2

ip address 192.168.1.5/30

Core1 configuration

-------------------------------

interface 1

desc port to WAN

ip address 192.168.1.2/30

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.2

frequency 5

ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability

interface Vlan 100

ip address 192.168.23.2 255.255.255.0

standby 1 ip 192.168.23.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 30

Core 2 configuration

----------------------------------

interface 1

desc port to WAN router

ip address 192.168.1.6/30

interface Vlan 100

ip address 192.168.23.3 255.255.255.0

standby 1 ip 192.168.23.254

What should be the static route for forward traffic from Cores to WAN router?

For reverse traffic point to 192.168.23.254 in WAN router?

Yes, you have to put routes on both core switches.

Core 1:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Core 2:

ip route 0.0.0.0 0.0.0.0 192.168.1.5

And if you have subnet behind core like 192.168.23.0/24, put these on WAN router:

ip route 192.168.23.0 255.255.255.0 192.168.1.2 1

ip route 192.168.23.0 255.255.255.0 192.168.1.6 2

Hoep it will help.

Best regards,
Abzal

Thanks Abzal for your quick response.

I will put all these in a test env and try

Hi Abzal, I have 2 questions in mind.

What happens if the core1 switch itself goes down?

VLAN 100 is to track the IP reachability and switch to standy core when this track is in unreachability only?

If core1 itself goes down secondary router core2 will take over. If link between WAN and core1 or WAN router itself goes down, ip addr.  192.168.1.1 from core1 will be unreachable. So track 1 will be down as well. Then HSRP on core1 will decrement priority as result it will be 90. Core2 has default priority 100 that's it will become primary router for VLAN 100.

Useful links

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8c.shtml

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml

Hope it will help.

Best regards,
Abzal

paulstone80
Level 3
Level 3

Hi,

For traffic leaving your LAN, I would add a default route to both core switches to point to your ISP router, 0.0.0.0 0.0.0.0 x.x.x.x.

For traffic entering your LAN, I assume your ISP is forwarding all traffic to an IP on Core1? I would configure HSRP between both core switches and make the virtual IP the IP that your ISP is currently targeting.

HTH

Paul

HTH Paul ****Please rate useful posts****

Hi Paul,

Forward traffic: Right now traffic is routed to the router private IP Address from core1, you mean directly point to the ISP IP Address in Core 1 and Core 2?

Incoming traffic to LAN: Right now ISP is pointing to the WAN router public IP Address. With this HSRP virtual Ip Address it will bypass the WAN router?

Thanks for your quick response

Hi,

Yes point the core switches default routes to the private IP address of the WAN router. This would be the IP address assigned to the Ethernet interfaces that connect to core1 and core2.

I am making an assumption about the incoming traffic, but I assume the ISP will target the router WAN interface IP (public). The WAN router then forwards on to core1, so should have routes to reach the vlans via core1? Is this correct?

Kind regards,

Paul

HTH Paul ****Please rate useful posts****

What should be the IP Addresses on WAN router ports which are connected to core1 and core2?

I assume this way for forward traffic

Yes, you are correct WAN router forwards on to core 1 via VLANs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: