Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
0
Helpful
4
Replies

PIX v8.0 redundant-interface + 2600XM router

Go to solution
tomranson
Level 1
Level 1

‎10-23-2008 05:04 AM - edited ‎03-11-2019 07:01 AM

Hi all,

I plan to configure a PIX-515E running 8.0(3) with a Redundant outside interface (comprising of two physical Ethernet interfaces - active/standby), both connected to two ports on a 2611XM router. The PIX will be configured as such:

interface Redundant1

member-interface Ethernet0

member-interface Ethernet2

nameif outside

security-level 0

ip address xx.xx.xx.234 255.255.255.248

By doing this I wish to achieve interface controller (by distributing interfaces across multiple modules) and media redundancy.

I am struggling to comprehend how I should configure the interfaces on the 2611XM to work in this configuration.

The PIX will have a global IPv4 address assigned to the logical Redundant outside interface. The 2611XM presently has a single interface (Fa0/0) configured as follows (IPv4 address within the same globally assigned subnet as the PIX outside interface). The 2611XM has a Multilink PPP (multiple ADSL) connnection to the world.:

interface FastEthernet0/0

description "Link to PIX_outside"

ip address xx.xx.xx.233 255.255.255.248

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip virtual-reassembly max-reassemblies 64

ip route-cache flow

duplex full

speed 100

interface Multilink1

description "Face to world"

ip unnumbered FastEthernet0/0

Please can someone advise me as to how I should re-configure the 2611XM so that both physical interfaces (i.e. Fa0/0 and Fa1/0) are able to participate in a dual-link redundant configuration with the PIX.

Many thanks for your time and advice.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kerek
Level 4
Level 4

‎10-24-2008 04:41 AM

Hi,

If I understand correctly u want to have the two interfaces of your router to be in the same broadcast domain.

I think the best would be configure IRB.

Please refer to this link for more info:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

Hope it helps, rate if does,

Thanks

Krisztian

View solution in original post

0 Helpful
4 Replies 4

Go to solution
kerek
Level 4
Level 4

‎10-24-2008 04:41 AM

Hi,

If I understand correctly u want to have the two interfaces of your router to be in the same broadcast domain.

I think the best would be configure IRB.

Please refer to this link for more info:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

Hope it helps, rate if does,

Thanks

Krisztian

0 Helpful

Go to solution
tomranson
Level 1
Level 1
In response to kerek

‎10-24-2008 04:54 AM

Hi Krisztian,

Thank you for your reply :-)

I had a feeling that bridging may be the way to achieve this, however I have not done this on a router before.

Given your advice, I believe that the following (straw-man) configuration on the router is what's required:

interface FastEthernet0/0

no ip address

no ip directed-broadcast

bridge-group 1

!

Interface FastEthernet1/0

no ip address

no ip directed-broadcast

bridge-group 1

!

interface BVI1

ip address xx.xx.xx.233 255.255.255.248

!

interface Multilink1

ip unnumbered BVI1

!

bridge 1 protocol ieee

bridge 1 route ip

I will try this over the weekend and reply/rate accordingly :-)

0 Helpful

Go to solution
kerek
Level 4
Level 4
In response to tomranson

‎10-24-2008 05:16 AM

Hi,

You also need the "bridge irb" command to enable the irb itself.

I don't see why do u need the the interface Multilink1 command.

Krisztian

0 Helpful

Go to solution
tomranson
Level 1
Level 1
In response to kerek

‎11-09-2008 07:24 AM

Hi Krisztian,

I can confirm that the following configuration is fully functional.

Router:

-------

bridge irb

!

interface Multilink1

ip unnumbered BVI1

ppp multilink

!

interface FastEthernet0/0

description Link to PIX515E-1 Ethernet4

no ip address

duplex auto

speed auto

bridge-group 1

!

interface FastEthernet0/1

description Link to PIX515E-1 Ethernet5

no ip address

duplex auto

speed auto

bridge-group 1

!

interface BVI1

ip address 172.20.1.1 255.255.255.252

!

bridge 1 protocol ieee

bridge 1 route ip

PIX:

----

interface Ethernet4

description Link to C1841 Fa0/0

no nameif

no security-level

no ip address

!

interface Ethernet5

description Link to C1841 Fa0/1

no nameif

no security-level

no ip address

!

interface Redundant1

description Redundant link to C1841

member-interface Ethernet4

member-interface Ethernet5

nameif outside_redundant

security-level 0

ip address 172.20.1.2 255.255.255.252

All associated interfaces on both devices are physically up and the configuration is tolerant of physical media/transceiver failures.

I can manually change the active interface on the PIX with the following command:

# redundant-interface Redundant1 active-member [ Ethernet 4 | Ethernet 5 ]

Many thanks for your help with this.

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card