Re: Good Solution

rajeewa wickramarathna · ‎12-25-2013

My head office have 4 Radio link with and each connect my 2 branches with main and back link wise versa radio link 5GHz with HQ.

so my HQ have 3750 new cisco switch and also one of branch have 4500 series switch and reason of this operationally very critical.

this also separate vlan and using VRRP and Voice vlan to data also avalible .earlier our network is flat now I'm done to subnet wise and vlan wise inside my network. my requirement is,

is there any way to config load balancing with my wireless link with separate subnet no harm within inside my net work .also very appreciate if give me good technologically better solution for me.

Leo Laohoo · ‎12-25-2013

so my HQ have 3750 new cisco switch and also one of branch have 4500 series switch and reason of this operationally very critical.

Let me put it this way: If I have a critical (or very critical) site I would NOT be linking both of them using radio. The only reason why I'd link them radio is to get this site operational quickly while I provision for a more permanent solution.

Radio link can only give you limited speed and factors which will affect operation is very high. Permanent solution, such as direct fibre link, gives you higher speed, reliability and security.

rajeewa wickramarathna · ‎12-29-2013

Thanks lot for that and sorry to delay reply about my post, i would higly agree your advice also and things was Leo we have lot of issue with the Layer down fiber between both 2 branches,i also mention about the Wireless device whch im using to interconnect both end to my HQ.below i mention the product that i used

http://www.ubnt.com/airmax#nanostationm

very appreciate u re good suggestion to me.

Leo Laohoo · ‎12-30-2013

Thanks lot for that and sorry to delay reply about my post, i would higly agree your advice also and things was Leo we have lot of issue with the Layer down fiber between both 2 branche

You will need to sort out the issue with your fibre. If your traffic between the two branches have confidential traffic then, again, I would still be very cautious doing it over radio.

Even if you are going to put encryption over the radio links, this solution will SLOW your traffic down due to encryption overhead plus CPU overhead.

Rasika Nayanajith · ‎12-25-2013

Hi Rajeewa,

I agree with Leo, If this is for critical applications, I would go for more reliable link like fibre rather rely on wireless links.

Having said that, if you want to achieve load balancing with current setup, then you can simply configure a dynamic routing protocol across these layer 2 links (bridges). In this case you cannot have same L2 vlan (for users) span across site.

Here is an example how to do this with OSPF. I have two switches (C3750- Central site, R3750- Remote site)

vlan999: 192.168.99.0/24 (C3750-SVI:192.168 99.1, BR1:192.168.99.99, BR2:192.168.99.100, R3750-SVI:192.168.99.101)

vlan997: 192.168.97.0/24 (C3750-SVI:192.168 97.1, BR3:192.168.97.99, BR4:192.168.97.100, R3750-SVI:192.168.97.101)

C3750(SVI-999) - G1/0/11(VL999) -> BR1(RootBridge) < -----SSID:BR12----> BR2(Non-RB)-> F1/0/11 - R3750(SVI-999)

C3750(SVI-997) - G1/0/12(VL997) -> BR3(RootBridge) < -----SSID:BR34----> BR4(Non-RB)-> F1/0/12 - R3750(SVI-997)

===== BR1 ======

hostname BR1

!

dot11 ssid BR12

authentication open

authentication key-management wpa version 2

wpa-psk ascii Cisco123

interface Dot11Radio1

encryption mode ciphers aes-ccm

ssid BR12

station-role root bridge

no shut

!

interface BVI1

ip address 192.168.99.99 255.255.255.0

!

ip default-gateway 192.168.99.1

===== BR2 ======

hostname BR2

!

dot11 ssid BR12

authentication open

authentication key-management wpa version 2

wpa-psk ascii Cisco123

interface Dot11Radio1

encryption mode ciphers aes-ccm

ssid BR12

station-role non-root bridge

interface BVI1

ip address 192.168.99.100 255.255.255.0

!

ip default-gateway 192.168.99.1

===== BR3 ======

hostname BR3

!

dot11 ssid BR34

authentication open

authentication key-management wpa version 2

wpa-psk ascii Cisco123

interface Dot11Radio1

encryption mode ciphers aes-ccm

ssid BR34

station-role root bridge

no shut

!

interface BVI1

ip address 192.168.97.99 255.255.255.0

!

ip default-gateway 192.168.97.1

===== BR4 ======

hostname BR4

!

dot11 ssid BR34

authentication open

authentication key-management wpa version 2

wpa-psk ascii Cisco123

interface Dot11Radio1

encryption mode ciphers aes-ccm

ssid BR34

station-role non-root bridge

interface BVI1

ip address 192.168.97.100 255.255.255.0

!

ip default-gateway 192.168.97.1

===== C3750 =====

interface Vlan999

ip address 192.168.99.1 255.255.255.0

ip ospf network point-to-point

!

interface Vlan997

ip address 192.168.97.1 255.255.255.0

ip ospf network point-to-point

interface GigabitEthernet1/0/11

description BR1

switchport access vlan 999

switchport mode access

!

interface GigabitEthernet1/0/12

description BR2

switchport access vlan 997

switchport mode access

!

router ospf 1

passive-interface default

no passive-interface Vlan997

no passive-interface Vlan999

network 192.168.97.0 0.0.0.255 area 0

network 192.168.99.0 0.0.0.255 area 0

network 192.168.0.0 0.0.255.255 area 10

==== R3750 =====

interface Vlan999

ip address 192.168.99.101 255.255.255.0

ip ospf network point-to-point

!

interface Vlan997

ip address 192.168.97.101 255.255.255.0

ip ospf network point-to-point

!

interface FastEthernet1/0/11

description BR3

switchport access vlan 999

switchport mode access

!

interface FastEthernet1/0/12

description BR4

switchport access vlan 997

switchport mode access

!

router ospf 1

passive-interface default

no passive-interface Vlan997

no passive-interface Vlan999

network 192.168.97.0 0.0.0.255 area 0

network 192.168.99.0 0.0.0.255 area 0

network 192.168.0.0 0.0.255.255 area 20

Once you do this you will see you are establishing two equal cost path across these two bridges.

R3750#sh ip osp neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.129.2 0 FULL/ - 00:00:32 192.168.97.1 Vlan997

192.168.129.2 0 FULL/ - 00:00:31 192.168.99.1 Vlan999

R3750#traceroute 192.168.100.254

Type escape sequence to abort.

Tracing the route to 192.168.100.254

1 192.168.97.1 9 msec

192.168.99.1 0 msec

192.168.97.1 0 msec

R3750#sh ip route 192.168.100.0

Routing entry for 192.168.100.0/24

Known via "ospf 1", distance 110, metric 2, type inter area

Last update from 192.168.99.1 on Vlan999, 00:01:34 ago

Routing Descriptor Blocks:

* 192.168.99.1, from 192.168.129.2, 00:01:34 ago, via Vlan999

Route metric is 2, traffic share count is 1

192.168.97.1, from 192.168.129.2, 00:01:34 ago, via Vlan997

Route metric is 2, traffic share count is 1

HTH

Rasika

**** Pls rate all useful resposnes *****

rajeewa wickramarathna · ‎12-29-2013

Hi Rasika

I am very glad to you and reply to quickly about my post. Nice meet up same country teammate and again to share your experience and the person have good mutually to involve my matter resolve very peacefully. Very thankful to your advice you mentioned above. Referring my Diagram i used product call Ubiquiti NanoStation M, it’s very good and throughput wise very reliable with my opreation.im not giving 100% Plus mark to that product but I have a critical (very critical) site both my HQ and Branches. This was the reason i used for two links for BACKUP and MAIN link wise versa to both end Rasika. My aim was when 1 Link goes down another link want to activate automatically simultaneously without any interruption and using Routing protocol. Also Load balancing with using both links very useful to fulfil my aim.u re suggestion highly appreciates.

Rasika Nayanajith · ‎12-29-2013

Hi Rajeewa,

Nice to meet you too in here. Glad to see our responses were useful to you.

Pls do not forget to rate our responses if it helps you

Rasika

rajeewa wickramarathna · ‎12-29-2013

Hi Rasika,

I read ure blog and its very nice and very worthy, Also thanks again to reply my Post to quickly. I saw u suggested me to deploy OSPF to both my link and if my access point want to support Trunk in both end.your advice highly concern to me

Rajeewa

Rasika Nayanajith · ‎12-29-2013

Hi Rajeewa,

If you want to load balance then you have to run a routing protocol. OSPF taken as example, you can use EIGRP if needed.

If you pass multiple vlans (by configuring trunk port & allow same vlan across both links) then one link will be get blocked due to spanning tree. So effectively you could not use both link at the same time. That's why in my configuration I have configured Bridge connected switchport as access mode & in unique vlan.

If your bridges support only trunk port configuration at the switch end, then you can configure your switchport as trunk port and only pass the required vlan as native vlan.

In my example I have configured like this (as Access Ports)

interface GigabitEthernet1/0/11

description BR1

switchport access vlan 999

switchport mode access

If needed you can configure that switchport as trunkport as below

interface GigabitEthernet1/0/11

description BR1

switchport encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 999

switchport trunk allow vlan 999

Not too sure about your bridge configuration as I have zero experience/knowledge about that product

HTH

Rasika

**** Pls rate all useful responses ***