I am 99% certain that my design will work but just wanted to pose the question to you guys to confirm as I don't have a test lab!
I have a remote site that I have a Cisco 3560 - 24 Port switch installed with IP Services. At present it is a L2 switch only. I want to enable the L3 functionality of the switch. From what I have read the task is accomplished by executing the 'IP ROUTING' command?
Connected to the switch I have two L2 WAN circuits. Everything is in VLAN32.
The WAN circuits are connected to two VLAN sub-interfaces of my Fortigate firewall solution. This has been confirmed to be working. At the HQ site the IP address is 192.168.32.2 and at the DR site the ip address is 192.168.32.3
Behind the HQ interface I have several servers that I want to connect to from devices attached to the Cisco switch. They are 192.168.40.60 and 192.168.40.59
At the DR site I have another network 192.168.31.x/24 that I want to connect to via the 3560, so my plan is the following:
1) enable ip routing on the 3560 switch
2) add a static route to 192.168.40.59 via 192.168.32.2
3) add a static route to 192.168.40.59 via 192.168.32.2
4) add a static route to 192.168.31.x/24 via 192.168.32.3
I then plan to add static routes on the 40.59 and 40.60 devices to get back to the 192.168.32.x network via 192.168.32.2
The Fortigate policies will handle the traffic, etc.
Yes, you can use both. The purpose of these default routes is to allow you to access the device for managaement purposes. You can use 2 deafult routes. Im assuming the rest of your network is using dynamic routing....
Earlier in the post I stated that I have a kind of 'triangle' network with three sites involved. One is the HQ the other our DR site and the other the DR site for the primary DR site for a specific service/application. Our network is very small and I therefore use static routes in the network. There are other reasons that I won't go into also.
IP addresses 192.168.32.2 and 192.168.32.3 are VLAN interfaces (VLAN32) configured on my firewalls at the HQ and primary DR sites. I have a 3560 at the other DR site that has several machines attached to it. At present this is a layer 2 switch only. I am about to enable the layer 3 functionality of the switch and was just wanting to confirm the tasks involved.
My plan was to:
- enable IP routing
- configure static routes for the servers the machines on this VLAN (all switchports on 3560 are in VLAN 32) to get to servers at the HQ site (via 192.168.32.2)
- configure static routes for the machines on this VLAN to get to servers at the DR site (via 192.168.32.3)
What I was also hoping to achieve was some redundancy by using 'ip route 0.0.0.0 0.0.0.0 192.168.32.3' (which I was hoping would become the default route for all traffic) and also 0.0.0.0 0.0.0.0 192.168.32.2 with a higher metric so if the route 192.168.32.3 ever became unavailable the traffic would route through 192.168.32.2 to get to the other site?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...