cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1080
Views
0
Helpful
5
Replies
Jonathan Bekkers
Beginner

Cisco ASR 1000 - Connecting to redundant switching?

Hi,

I was wondering if anyone knew whether or not you can connect an ASR1000 to two separate switches using the same VLAN? If this was an ISR G2 I could have used a BVI interface or installed a switch card and used VLANs. BVI and VLAN doesn't seem to exist. A BDI sounds like it could work however I was having problems getting mac-resolution to work using it. At this stage all I need to know is the design and feature to use for this type of design with an ASR.

Basic topology is:

____ASR____

|                    |

DMZ SW #1 ----- DMZ SW #2

|                    |

Firewall #1   Firewall #2

|                    |

Core #1 ------ Core #2

NOTE: DMZ switches aren't stacked so I can't use a port-channel.

Is it possible to connect an ASR like this and have it function? I'm pretty new to the IOS XE platform so any advice is welcome!

5 REPLIES 5
Jonathan Bekkers
Beginner

The answer is it can't be done.

  • ASR does not support bridged-interfaces
  • ASR does not support switchport (same VLAN on multiple interfaces)
  • ASR has a feature called "backup interface" but that isn't usable for GigEthernet interfaces (Serial/ISDN only I believe)

The best option is to stack the switches and run LACP from ASR to Switches. I can't do this as the switches won't stack.

Another option is to run the switches in L3 mode and have separate VLANs between DMZ switch and ASR. i.e. DMZ SW 1 to ASR = 10.1.1.x/24 and DMZ SW2 to ASR = 10.1.2.x/24 and use L3 routing failover.

For me, I am going to cut back to a single DMZ switch as that works in the topology/customer I am working with (single DMZ switch + single ASR router).

Worked with Cisco design team to validate this.

Is this now supported?

paul driver
VIP Mentor

Hello

Are the ASA fws in a  HA setting ?
Are the cores switches stack or applicable to be stacked

Just to validate the ISR can run individual or aggregated but really would like to know what are you trying to accomplish with this design? 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

We have 2 ASR connecting to 2 3650 switches which are trunked not stacked.
Thinking of doing a BDI config on the ASR1K.

Hello

Looking at you hardware setup, possible to:
ASR performing dynamic routing between WAN and FWs,
DMZ switches l2 handoffs between ASR and FWS
FW's in High Availability paring between ASR with Core switch(s)- (stacked)
Cores switchs performing L3 inter-lvan routing and have a default route pointing toward ASA HA virtual next-hop

 

No requirement for BDI...

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future