Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
7
Replies

Redundancy on gateway switches

parekhu136
Level 1
Level 1

‎01-24-2025 06:00 AM

 

Hi,

We have two Layer 3 switches with BGP running over two ISP connections. We wants HA between the two Layer 3 gateway switches, so I planned to configure VRRP on both.

However, I’m stuck because the gateway Layer 3 switches are connected to the LAN-side firewall with public IPs, and the Layer 3 switch interfaces also have public IPs assigned. We are not having 2-3 additional public IPs for VRRP as it's costly.

We also have two VLANs configured on the switches.

How can I achieve redundancy in case one Layer 3 gateway switch fails, without needing extra public IPs?

Thanks!

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎01-24-2025 06:03 AM

Can you share topolgy 

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2025 09:31 AM

I am thinking below options.

1. if the swithed owned by you make them layer2 and extend Layer 3 Firewall and run BGP

2. so same IP can be used in Firewall and switch act as layer2 only,

3. Firewall can do the Failover based on the BGP failover and Traffic engineering.

This high level - again this is my views (if that works for you)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Flavio Miranda
VIP
VIP

‎01-24-2025 09:50 AM - edited ‎01-24-2025 09:52 AM

@parekhu136 

  If you want redundancy for the layer2 switches connected to those layer3 switch, you still can use VRRP between the layer3 switches and the layer2 switches. 

 Now, for internet redundancy it will depend how your layer3 switches are connected to the ISP.  If they are independently connected to the ISP, you can use IPSLA on both switches and change routing priority and the VRRP. 

In case one layer3 switches crashes or one link drops, the traffic will be sent to the other L3 switch

 

FlavioMiranda_0-1737740784129.png

 

0 Helpful

parekhu136
Level 1
Level 1
In response to Flavio Miranda

‎01-24-2025 10:02 AM

I want redundancy between two layer 3 switches...

0 Helpful

Joshqun Ismayilov
Level 1
Level 1
In response to parekhu136

‎01-24-2025 10:12 AM

It would be good if you could share  topology 

Thanks,
Joshqun Ismayilov

0 Helpful

Flavio Miranda
VIP
VIP
In response to parekhu136

‎01-24-2025 10:16 AM

Use IPSLA to monitor both links and change route priority based on the IPSLA results.

Do load balance the traffic between the two ISPs or do you have one active and one standby?

0 Helpful

Joshqun Ismayilov
Level 1
Level 1

‎01-24-2025 10:08 AM

To achieve redundancy between the two Layer 3 gateway switches without requiring extra public IPs for VRRP, you can implement default gateway tracking with BGP failover instead of relying on VRRP.

##Both L3 sw - 
router bgp <ASN>
network <LAN Subnet>
neighbor <ISP1> remote-as <ISP ASN>
neighbor <ISP2> remote-as <ISP ASN>
exit

Sw1 :
ip route 0.0.0.0 0.0.0.0 <Firewall_IP> 1

Sw2: 
ip route 0.0.0.0 0.0.0.0 <Firewall_IP> 10

Redundancy without VRRP, since BGP and floating static routes handle failover.

Thanks,
Joshqun Ismayilov





0 Helpful
Customers Also Viewed These Support Documents