Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet Edge Design Redundancy

We have dual ISPs. Each connected to its own router. Each router is connected to each switch, the router has a BVI interface for the inside. Switch 1 is connected to one ASA, Switch 2 is connected to the other ASA. Is there any reason to connect the two switches together or to connect each switch to each ASA and configure a 'redundant interface' on the ASA?

3 REPLIES

Re: Internet Edge Design Redundancy

Do you have hosts in the same VLAN connecting to different switches?

I presume you don't, since the switches aren't currently connected, but you may just be using L3 for reachability (and being unconcerned with ARP queries; multicast traffic and such).

If you in fact do not have a single VLAN segmented across the two switches then I do not see a reason to connect them now, unless you want yet a third failover link (since each switch already connects directly to both routers).

With a link between the switches you'll have to set up spanning tree (not a big deal) and give proper consideration to the now added potential for routing loops.

New Member

Re: Internet Edge Design Redundancy

switches are only configured with 1 vlan, they are layer 2 only.

I'm routing from the firewalls to the HSRP address on the routers.

Cisco Employee

Re: Internet Edge Design Redundancy

Hi,

I would prefer this design:

R1 connected to Switch 1 only

R2 connected to Switch 2 only

Switch 1 connected to Switch 2

ASA1 connected to Switch 1

ASA2 connected to Switch 2

ASA1 connected to ASA2 but for failover purpose only.

It will avoid you the BVI interface and save you one interface on each router.

Also with your design if R1 is HSRP master and looses its link with Switch 1, the traffic will do ASA1-Switch1-R2-Switch2-R1.

HTH

Laurent.

163
Views
0
Helpful
3
Replies