cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
12
Helpful
7
Replies

How to get redundancy?

maller
Level 1
Level 1

Hi.

I have 2 Cisco 3640 (Cisco1 & Cisco2) connected to a firewall (static routing) and behind it there is a DMZ. A group of customers are connected to Cisco1 and other group is connected to Cisco2. In case that Cisco 1 goes down , how can I change the route to Cisco 2.?

Any suggestion?

Thanks

7 Replies 7

steve.barlow
Level 7
Level 7

In case cisco1 goes down, how will you be able to connect to the customers that are connected to it? The customers must be connected to both routers then, correct? If that is the case, then use MHSRP (cisco1 is active for 1 group of clients and backup for the other group and cisco2 vice versa) on the routers.

Let me know if I misunderstood the design.

Steve

Hi Steve.

All customers are connected through PRI, in case that PRI1 or Cisco1 goes down then all ISDN calls are redirected (In TELCO switch) to PRI2 of Cisco2.

and viceversa.

Both routers have the same configuration.

Manel

Then yes, use HSRP on the routers (firewall's static route will point to the virtual IP that the 3640s will share - when one goes down the other takes over that IP).

Steve

Is similar HSRP to VRRP.?

First I thought to work with VRRP but this protocol is only supported in 7500 and 12000 platforms.

Manel.

Yes they are similar. Here is a quick link on it.

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm

Steve

It seems that is the solution , but I've got a new question, sorry.

If I have an active router with PRI1 and a standby router with PRI2 and PRI2 goes down. What happens?

I think the the solution would be to work with MHSRP :

Group 1 (Cisco1 active,Cisco 2 standby)

Group 2 (Cisco 1 standby, Cisco2 active)

But this method MHSRP is not suitable with 3600. Is it correct?

Manel

I have used the MHSRP on 7200 series only.

Several Ethernet (Lance and QUICC) controllers in low-end products can only have a single unicast MAC address in their address filter. On these platforms only a single HSRP group is permitted, and the interface address is changed to the HSRP virtual MAC address when the group becomes Active.

If the 3600 doesn't support it, try using subinterfaces and have one group on one subinterface and the second on a second subinterface. I haven't tried this, so if you have a lab, but it may work.

Another alternative is to put a layer 3 switch (eg 2948G-L3) inbetween the 3600s and the firewall and have the firewall point to the switch, and the switch route between the 2 routers and itself. More expensive but will work.

Steve

Review Cisco Networking for a $25 gift card