Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX v8.0 redundant-interface + 2600XM router

Hi all,

I plan to configure a PIX-515E running 8.0(3) with a Redundant outside interface (comprising of two physical Ethernet interfaces - active/standby), both connected to two ports on a 2611XM router. The PIX will be configured as such:

interface Redundant1

member-interface Ethernet0

member-interface Ethernet2

nameif outside

security-level 0

ip address xx.xx.xx.234 255.255.255.248

By doing this I wish to achieve interface controller (by distributing interfaces across multiple modules) and media redundancy.

I am struggling to comprehend how I should configure the interfaces on the 2611XM to work in this configuration.

The PIX will have a global IPv4 address assigned to the logical Redundant outside interface. The 2611XM presently has a single interface (Fa0/0) configured as follows (IPv4 address within the same globally assigned subnet as the PIX outside interface). The 2611XM has a Multilink PPP (multiple ADSL) connnection to the world.:

interface FastEthernet0/0

description "Link to PIX_outside"

ip address xx.xx.xx.233 255.255.255.248

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip virtual-reassembly max-reassemblies 64

ip route-cache flow

duplex full

speed 100

interface Multilink1

description "Face to world"

ip unnumbered FastEthernet0/0

Please can someone advise me as to how I should re-configure the 2611XM so that both physical interfaces (i.e. Fa0/0 and Fa1/0) are able to participate in a dual-link redundant configuration with the PIX.

Many thanks for your time and advice.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: PIX v8.0 redundant-interface + 2600XM router

Hi,

If I understand correctly u want to have the two interfaces of your router to be in the same broadcast domain.

I think the best would be configure IRB.

Please refer to this link for more info:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

Hope it helps, rate if does,

Thanks

Krisztian

4 REPLIES
Silver

Re: PIX v8.0 redundant-interface + 2600XM router

Hi,

If I understand correctly u want to have the two interfaces of your router to be in the same broadcast domain.

I think the best would be configure IRB.

Please refer to this link for more info:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

Hope it helps, rate if does,

Thanks

Krisztian

New Member

Re: PIX v8.0 redundant-interface + 2600XM router

Hi Krisztian,

Thank you for your reply :-)

I had a feeling that bridging may be the way to achieve this, however I have not done this on a router before.

Given your advice, I believe that the following (straw-man) configuration on the router is what's required:

interface FastEthernet0/0

no ip address

no ip directed-broadcast

bridge-group 1

!

Interface FastEthernet1/0

no ip address

no ip directed-broadcast

bridge-group 1

!

interface BVI1

ip address xx.xx.xx.233 255.255.255.248

!

interface Multilink1

ip unnumbered BVI1

!

bridge 1 protocol ieee

bridge 1 route ip

I will try this over the weekend and reply/rate accordingly :-)

Silver

Re: PIX v8.0 redundant-interface + 2600XM router

Hi,

You also need the "bridge irb" command to enable the irb itself.

I don't see why do u need the the interface Multilink1 command.

Krisztian

New Member

Re: PIX v8.0 redundant-interface + 2600XM router

Hi Krisztian,

I can confirm that the following configuration is fully functional.

Router:

-------

bridge irb

!

interface Multilink1

ip unnumbered BVI1

ppp multilink

!

interface FastEthernet0/0

description Link to PIX515E-1 Ethernet4

no ip address

duplex auto

speed auto

bridge-group 1

!

interface FastEthernet0/1

description Link to PIX515E-1 Ethernet5

no ip address

duplex auto

speed auto

bridge-group 1

!

interface BVI1

ip address 172.20.1.1 255.255.255.252

!

bridge 1 protocol ieee

bridge 1 route ip

PIX:

----

interface Ethernet4

description Link to C1841 Fa0/0

no nameif

no security-level

no ip address

!

interface Ethernet5

description Link to C1841 Fa0/1

no nameif

no security-level

no ip address

!

interface Redundant1

description Redundant link to C1841

member-interface Ethernet4

member-interface Ethernet5

nameif outside_redundant

security-level 0

ip address 172.20.1.2 255.255.255.252

All associated interfaces on both devices are physically up and the configuration is tolerant of physical media/transceiver failures.

I can manually change the active interface on the PIX with the following command:

# redundant-interface Redundant1 active-member [ Ethernet 4 | Ethernet 5 ]

Many thanks for your help with this.

Tom

327
Views
0
Helpful
4
Replies