I have one 2821 router connected to one 2960 switch, that is then connected to an ASA. I have added a 2960 for switch redundancy. I tried to define another IP in my public subnet on my other internal LAN interface on the router and it wouldn't let me. I was then going to setup HSRP between the two interfaces on the router. Then have the ASA route to the HSRP address. The switches are not routing. I'm not sure how to proceed with the router configuration....
Solved! Go to Solution.
Is that the only solution?
In a simpler way I am looking for a way to create a redundant interface like you can in the ASA...
Can this be done with SSG, Multilink, Port-channeling...Anything else or is IRB the only way?
You cannot configure 2 routed interfaces on one device in the same subnet. If you want those two interfaces to belong to the same subnet, you will have to bridge them. It is similar to the way you place two ports in a vlan and then create the routed SVI interface for it.
You put both router interfaces in a bridge group and then configure a BVI interface for it.
What may be a possibility for you is to run HSRP between your 2960 switches (2960s are L3 switches) and have the ASAs point to an HSRP VIP between them.
Then you can configure the two routed interfaces to belong to separate subnets and leverage the HSRP tracking feature to track the primary interface.
Of course, this would require L3 isolation between your ASAs and switches and between your switches and router.
I dont know if anything Ive said helps, but there you have it.
First of all, C2960 is a Layer2 switch. What you can do is that link redundancy. Setting up HSRP on 2 interfaces on the router is not going to work. I would recommend you to use BVI. You may see the only one is working at a time if your interfaces are connecting a loop and spanning-tree is working correctly.
From the specs given at this link, I was under the impression that the 2960 was a layer 3 switch. I have used the 2950 switch for many years and I knew that was not L3, but I thought the 2960 was.
By the way, when you say "first of all," it implies there should be a second point, at least. :-)
As far as i know all 29xx switches are L2 only. L3 switches start with the 3xxx switches.
I just looked at you diagram. Look into ip sla and tracked objects. YOu can monitor an ip for failure and then force the router to route to another interface along with other things.