Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3777
Views
0
Helpful
5
Replies

Need advice switch Active/Active or Active/Standby?

rechard_david
Level 1
Level 1

‎01-23-2014 06:13 AM - edited ‎03-07-2019 05:44 PM

Dear all,

I would like all of you advice on daigram as in the attach file.

I have 2 ASA 5520 and Core-switch 3560 (2unit), and i want to configure Active/Standy on ASA 5520

but on Core-switch 3560 i'm not sure the technology that i should apply on this.

Should i use Active/Standby or Active/Active? if i use Active/Active which protocal shoudl i use ?

How it process when it fail?

Best Regards,

Rechard

Labels:
Preview file
20 KB
0 Helpful
5 Replies 5

Amit Singh
Cisco Employee
Cisco Employee

‎01-23-2014 06:47 AM

Youc an use HSRP on the LAN side for active/active gateway for the users. You have to use MHSRP multiple groups if you want VLANS to be load-balanced. Typically HSRP works active/standby but can be used for Vlan load-balancing.

You can then deploy either a routing protocol between ASA and 3560's for automatic fail-over. You need newer OS on ASA's for routing protocl support. The easiest solution would be to point  static default route towards ASA and reverse static routes on ASA's to reach back the VLAN segements.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swhsrp.html

0 Helpful

rechard_david
Level 1
Level 1
In response to Amit Singh

‎01-23-2014 06:57 AM

Dear Amit,

On my site don't configure Vlan.

1- So on my ASA i use command Failover for Active/Standby .

i will use this command :

failover

failover lan unit primary

failover lan interface failover Ethernet0/3

failover key *****

failover replication http

           failover link failover Ethernet0/3

          failover interface ip failover 192.168.1.1 255.255.255.0 standby 192.168.1.2

2- i'm not clear about configure HSRP for Active/Active. Note on my site don't have Vlan configure.

Could you give some command for Active/Active on Cisco 3560?

Best Regards,

Rechard

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to rechard_david

‎01-23-2014 02:50 PM

Please could you pase the 3560 switch configurations?

0 Helpful

rechard_david
Level 1
Level 1
In response to Amit Singh

‎01-24-2014 12:23 AM

Dear Amit,

Now we not yet implement. before i implemet this sytem i would like to know the process failover on core-switch and ASA.

Do you have sample configure on Core-switch with ASA failover? or any document on this case?

Thanks your for your support!

Best Regards,

Rechard

0 Helpful

rechard_david
Level 1
Level 1
In response to Amit Singh

‎01-24-2014 08:53 PM

Dear Amit,

Could i ask you some question about connection from both ASA and both Core-switch as below that:

1- could i combine interface on ASA to Core-swith ?

Ex:

interface Redundant1

member-interface GigabitEthernet0/2

member-interface GigabitEthernet0/3

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2

================

I mean that G0/2 connect to Core-switch01 and G0/3 connect to Core-switch02.

Does command ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2 support interface redundant1 ?

or should we use separat interface ( don't use interface redundate 1) for failover?

which option that standart technology?

Best Regards,

rechard

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card