Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
3
Replies

2948G-L3 with VLANS and Routing #2

rwcrowe
Level 1
Level 1

‎01-17-2003 06:18 PM - edited ‎03-02-2019 04:18 AM

I guess I should have asked this the first time, I forgot to add it to the big picture.

----------- ------------

Firewall Firewall

----------- ------------

----------- ------------

2948G-L3 2948G-L3 ------------ Layer 2 devices

----------- ------------

----------- ------------

Firewall Firewall

----------- ------------

Basically the 2948G-L3 are running HSRP and have some VLANS. Port 49 of both 2948G-L3 goes to a Layer 2 device that they are providing HSRP for. Right now there is no link between the 2948G-L3's. I need to add a link connecting the 2948G-L3's to each other so if a single firewall fails on either side, hosts can still reach everything through the existing firewall.

Just not sure how to configure the link from 2948G-L3 to 2948G-L3.

One of the 2948G-L3 configs:

bridge irb

!

!

!

interface FastEthernet1

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet2

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet3

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet4

bridge-group 2

bridge-group 2 spanning-disabled

!

.........<omitted>

!

interface FastEthernet8

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet9

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet10

bridge-group 3

bridge-group 3 spanning-disabled

!

.........<omitted>

!

interface FastEthernet47

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet48

bridge-group 7

bridge-group 7 spanning-disabled

!

interface GigabitEthernet49 -----------> Physical connection to layer 2 User network

!

interface GigabitEthernet49.2 -----------> VLAN needed on here and layer 2 user network

encapsulation dot1Q 2

bridge-group 2

!

interface GigabitEthernet49.3 -----------> VLAN needed on here and layer 2 user network

encapsulation dot1Q 3

bridge-group 3

!

interface GigabitEthernet49.4 -----------> VLAN needed on here and layer 2 user network

encapsulation dot1Q 4

bridge-group 4

!

interface BVI 2

ip address 192.168.1.2 255.255.255.0

standby 2 ip address 192.168.1.1

standby 2 priority 110

bridge-group 2

!

interface BVI 3

ip address 192.168.2.2 255.255.255.0

standby 3 ip address 192.168.2.1

standby 3 priority 110

bridge-group 3

!

interface BVI 4

ip address 192.168.3.2 255.255.255.0

standby 4 ip address 192.168.3.1

standby 4 priority 110

bridge-group 4

!

interface BVI 5

ip address 10.0.1.2 255.255.255.0 --> VLAN needed only here

standby 5 ip address 10.0.1.1

standby 5 priority 110

bridge-group 5

!

interface BVI 6

ip address 10.0.2.2 255.255.255.0 --> VLAN needed only here

standby 6 ip address 10.0.2.1

standby 6 priority 110

bridge-group 6

!

interface BVI 7

ip address 10.0.3.2 255.255.255.0 --> VLAN needed only here

standby 7 ip address 10.0.3.1

standby 7 priority 110

bridge-group 7

!

bridge 1 protocol ieee

bridge 2 protocol ieee

bridge 3 protocol ieee

bridge 4 protocol ieee

bridge 5 protocol ieee

bridge 6 protocol ieee

bridge 7 protocol ieee

bridge 1 route ip

bridge 2 route ip

bridge 3 route ip

bridge 4 route ip

bridge 5 route ip

bridge 6 route ip

bridge 7 route ip

Labels:
0 Helpful
3 Replies 3

a-vazquez
Level 6
Level 6

‎01-23-2003 08:33 AM

If you are looking to build plain and simple firewall redundancy and assuming that you are using PIX firewalls, the following docs will help you immensely. How Failover Works on the Cisco Secure PIX Firewall (http://www.cisco.com/warp/public/110/failover.html#lanbasedfailover) and Installing Failover (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_60/install/failover.htm).

0 Helpful

rwcrowe
Level 1
Level 1
In response to a-vazquez

‎01-23-2003 03:47 PM

No i am not looking for firewall redundancy, I already have that. The top firewalls are Active-Active and the bottum firewalls are Active-Active. What I need is to add a link between the (2) 2948G so if either one of the top firewalls or either one of the bottum firewalls fail then traffic will continue to flow and not stop because it cant traverse from one 2948G to the other. But im not sure how this link should be configured between the (2) 2948G's.

0 Helpful

psijnja
Level 1
Level 1
In response to rwcrowe

‎01-24-2003 05:09 AM

Do you want to transport all VLANs over this link?

Then you need a trunk port. You can configure port to carry multiple VLANs.

Or do you want to create a fail-over link, then you need spanning tree.

Hope this helps.

Pim Sijnja

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents