Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

3550 SMI redundancy using 2 Internet access lines

We've bought 2 3550 SMI's to replace our 3524Xls, our network consists just of the 2 switches (single VLan 10.164.99.0 /24, one host/server per port) a corporate Internet access (256kbps, internal ip 10.164.99.3) wich deals with the corporate traffic (VPN Tunnel with a Pix 506) and standard internet traffic.

We've recently added a standard 2Mbps adsl line (internal ip 10.164.99.6, what I want to do is set one of the 3550's to make ip routing so that 'corporate' internal wan traffic uses the vpn tunnel (it has to) and non-corporate internet traffic goes through the 2Mb adsl line (freeing bandwith in the 256 Kbps link).

I'm quite new to this , this is what I've thought I could configure in one of the 3550's:

conf t

ip routing

ip route 10.0.0.0 255.0.0.0 10.164.99.3

ip route 172.16.0.0 255.240.0.0 10.164.99.3

ip route 192.168.0.0 255.255.0.0 10.164.99.3

ip route 0.0.0.0 0.0.0.0 10.164.99.6

Would this work?

How can I implement some kind of redundancy so that if the adsl line fails then standard internet traffic would be redirected tro the 256 Kbps line?

Many thanks

Fernando

3 REPLIES
New Member

Re: 3550 SMI redundancy using 2 Internet access lines

Hi

You can use PBR to allow the failover connection. There are several configurations that can be done, but here is a one that will not change the PIX config. You will have to change the ADSL gateway address into another subnet. (For example 10.20.30.41), the configuration will let failover to the corporate network. Please note that in order for the Cat to recognize the ADSL is down, the interface to which it is connected should report down/down (sounds impractical for ethernet).

Cat3550

vtp domain whatevername

vtp password whateverpassword

int vlan 1 x the ip address of the Cat

ip address 10.164.99.x 255.255.255.0

no shut

ip policy route-map corporate

int fast 0/x x is the port connected to the adsl

no switch port

ip address 10.20.30.40 255.255.255.0

no shut

route-map corporate permit 10

match ip address 101

set ip next-hop 10.164.99.3

route-map corporate permit 20

set ip default next-hop 10.164.99.3

ip route 0.0.0.0 0.0.0.0 10.20.30.41

access-list 101 permit ip any 172.16.0.0 0.15.255.255

access-list 101 permit ip any 192.168.0.0 0.0.255.255

Please check the config. No need to specify the 10.0.0.0 range in the access-list. The devices will ARP for that range.

Good Luck

New Member

Re: 3550 SMI redundancy using 2 Internet access lines

Thanks for your help,

but does the 3550 SMI support PBR?

Cisco says it doesn't.

Would my simple static routes work? How would you improve them?

Thanks again

New Member

Re: 3550 SMI redundancy using 2 Internet access lines

Yeah, you're right, you will need the EMI image indeed for PBR. Try these on the switch, you still need to change the ADSL gateway ip address.

ip routing

vtp domain whatevername

vtp password whateverpassword

int vlan 1 x is the ip address of the Cat

ip address 10.164.99.x 255.255.255.0

no shut

int fast 0/x x is the port connected to the adsl

no switch port

ip address 10.20.30.40 255.255.255.0

no shut

ip route 172.16.0.0 255.240.0.0 10.164.99.3

ip route 192.168.0.0 255.255.0.0 10.164.99.3

ip route 0.0.0.0 0.0.0.0 10.164.99.3 230

ip route 0.0.0.0 0.0.0.0 10.20.30.41

The route to the ADSL Gateway is at higher administrative distance.

Good Luck

192
Views
0
Helpful
3
Replies
CreatePlease to create content