We've bought 2 3550 SMI's to replace our 3524Xls, our network consists just of the 2 switches (single VLan 10.164.99.0 /24, one host/server per port) a corporate Internet access (256kbps, internal ip 10.164.99.3) wich deals with the corporate traffic (VPN Tunnel with a Pix 506) and standard internet traffic.
We've recently added a standard 2Mbps adsl line (internal ip 10.164.99.6, what I want to do is set one of the 3550's to make ip routing so that 'corporate' internal wan traffic uses the vpn tunnel (it has to) and non-corporate internet traffic goes through the 2Mb adsl line (freeing bandwith in the 256 Kbps link).
I'm quite new to this , this is what I've thought I could configure in one of the 3550's:
ip route 10.0.0.0 255.0.0.0 10.164.99.3
ip route 172.16.0.0 255.240.0.0 10.164.99.3
ip route 192.168.0.0 255.255.0.0 10.164.99.3
ip route 0.0.0.0 0.0.0.0 10.164.99.6
Would this work?
How can I implement some kind of redundancy so that if the adsl line fails then standard internet traffic would be redirected tro the 256 Kbps line?
Re: 3550 SMI redundancy using 2 Internet access lines
You can use PBR to allow the failover connection. There are several configurations that can be done, but here is a one that will not change the PIX config. You will have to change the ADSL gateway address into another subnet. (For example 10.20.30.41), the configuration will let failover to the corporate network. Please note that in order for the Cat to recognize the ADSL is down, the interface to which it is connected should report down/down (sounds impractical for ethernet).
vtp domain whatevername
vtp password whateverpassword
int vlan 1 x the ip address of the Cat
ip address 10.164.99.x 255.255.255.0
ip policy route-map corporate
int fast 0/x x is the port connected to the adsl
no switch port
ip address 10.20.30.40 255.255.255.0
route-map corporate permit 10
match ip address 101
set ip next-hop 10.164.99.3
route-map corporate permit 20
set ip default next-hop 10.164.99.3
ip route 0.0.0.0 0.0.0.0 10.20.30.41
access-list 101 permit ip any 172.16.0.0 0.15.255.255
access-list 101 permit ip any 192.168.0.0 0.0.255.255
Please check the config. No need to specify the 10.0.0.0 range in the access-list. The devices will ARP for that range.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...