Hi saqiibiqbal ,

saqiibiqbal · ‎11-05-2015

Hello All,

i need your help in configuring internet failover on Cisco 3750 switch. what i have is:

- 1 Cisco 3750 switch
- 3 Cisco 2970 Switches that i want to use as distribution on LAN.
- have 2 internet from different ISP's.
- want to have 4 VLAN's for different departments.
- want to route traffic of 2 departments on ISP 1 and other 2 departments on ISP 2.
- want to configure 3750 as a failover as well that if ISP1 goes down all traffic shifts to ISP2 and vice versa.

please suggest how can i achieve this task.

Thanks.

MANI .P · ‎11-06-2015

Hi saqiibiqbal ,

My undestanding you have daul ISP's ISP1 & ISP2 . Internal user's need to access the internet ISP'1 as the primary and ISP'2 as the Backup .

Follow the below steps .

01. Create the VLAN SVI's for each subnet's

eg : 10.xx.xx.xx for vlan 10 , 20.xx.xx.xx for vlan 20

----------------------------------------------------------------------------------

02. To create the access list to permit

access-list 10 permit 10.xx.xx.xx XX.xx.xx.255

access-list 20 permit 20.xx.xx.xx xx.xx.xx.255

access-list 60 Permit any any

----------------------------------------------------------------------------------

03. to create the Route map

Route-map R_MAP permit 10

match ip address 10

set ip next-hop ISP'1 WAN IP address

Route-map R_MAP permit 20

match ip address 10

set ip next-hop ISP'1 WAN IP address

Route-map R_MAP permit 30

match ip address 60

set ip next-hop ISP's WAN IP address

----------------------------------------------

04 . to apply the rotue policy in SVI's interface

eg : int vlan 10

ip plicy route-map R_MAP

int vlan 20

ip plicy route-map R_MAP

--------------------------------------------------------------

i hope it would be useful....

saqiibiqbal · ‎11-06-2015

Thanks for the reply.

actually i want to route traffic of vlan 10 & 20 to ISP1 and traffic of vlan 30 & 40 to ISP 2.

in case either of the ISP goes down i want to route the traffic of all vlan's on the ISP that is up.

Thanks.

MANI .P · ‎11-06-2015

simple .

"actually i want to route traffic of vlan 10 & 20 to ISP1 and traffic of vlan 30 & 40 to ISP 2. "

----------------------------------------------------

By default VLAN 10 , VLAN 20 traffic thru ISP1 . --> Incase ISP1 Down--> traffic go thru ISP2

By Default VLAN 30 , VLAN 40 traffic thru ISP2 --> Incase ISP2 Down--> traffic go thru ISP1

---------------------------------------------------------------------------------------

"Load balancing & Auto failover.

----------------------------------------------

01. create a ACL for VLAN's IP Pools .

access-list 10 permit 10.0.0.0 0.0.0.255

access-list 20 permit 10.0.0.0 0.0.0.255

access-list 30 permit 10.0.0.0 0.0.0.255

access-list 40 permit 10.0.0.0 0.0.0.255

access-list 50 permit any any

02. create a route MAP & to match the ACL & set action.

---------------------------------------------
Route-map ISP1_Allow permit 10

match ip address 10

set ip next-hop (ISP1 Pub IP )

Route-map ISP1_Allow permit 20

match ip address 20

set ip next-hop (ISP1 Pub IP )

Route-map ISP1_Allow permit 50

match ip address 50

set ip next-hop (ISP2 Pub IP )
------------------------------------------------
Route-map ISP2_Allow permit 30

match ip address 30

set ip next-hop (ISP2 Pub IP )

Route-map ISP2_Allow permit 40

match ip address 40

set ip next-hop (ISP2 Pub IP )

Route-map ISP2_Allow permit 50

match ip address 50

set ip next-hop (ISP1 Pub IP )
------------------------------------------------

03. Apply the route-map in interface

Interface vlan 10
ip policy route-map ISP1_Allow
-------------------------
Interface vlan20
ip policy route-map ISP1_Allow
--------------------------------
Interface vlan 30
ip policy route-map ISP2_Allow
--------------------------------
Interface vlan 40
ip policy route-map ISP2_Allow
----------------------------------------------

Hope it's useful .

saqiibiqbal · ‎11-12-2015

First of all sorry for the delay as i was not able to test this scenario. i have started working on this and will let you know once i finished.

Thanks.

saqiibiqbal · ‎11-17-2015

hello,

i have tried the above configuration but unfortunetly it is not working. i am able to ping google from the switch but when i try to ping google from the workstation that is attached to one of the vlan it is unable to ping google or the gateway.

what i understand is that traffic is not able to go out of the switch. everything is working fine internally (inside switch).

any more suggestions?

Thanks.

internet failover with single 3750 switch