2960 redundancy

dataproservicesltd · ‎02-23-2012

Hi,

We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.

I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.

I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.

I've created an example of this setup -- is this possible, and does anyone have any suggestions?

Thanks,

Edison Ortiz · ‎02-23-2012

Yes, it is possible but if the top switch goes down, you lose your redundancy to the WAN.

Planning to have multiple lease lines?

Are your FWs going to be configured for First Hop Redundancy for your LAN?

What device is performing the CPE function for the WAN? Any redundancy there?

dataproservicesltd · ‎02-23-2012

Hi Edison,

Thank you for the reply. Good to know we're heading down the right track.

Yes, unfortunately the WAN is still a single point of failure with (currently) only one leased line connected to one of the switches. Our leased line has no backup provision (some offer failover to a broadband connection), and the CPE for the WAN is a Cisco 1800 series router with no redundancy.

I'm planning on using Linux-HA to switch between the primary and seconday firewalls. All traffic will only route to one or other firewall.

Thanks,

Edison Ortiz · ‎02-23-2012

It's a good start towards the end goal. Need to start thinking about redundancy at the WAN.