04-21-2009 01:08 PM - edited 03-04-2019 04:27 AM
I have one 2821 router connected to one 2960 switch, that is then connected to an ASA. I have added a 2960 for switch redundancy. I tried to define another IP in my public subnet on my other internal LAN interface on the router and it wouldn't let me. I was then going to setup HSRP between the two interfaces on the router. Then have the ASA route to the HSRP address. The switches are not routing. I'm not sure how to proceed with the router configuration....
Solved! Go to Solution.
04-21-2009 05:31 PM
04-21-2009 01:20 PM
04-21-2009 05:31 PM
04-21-2009 06:07 PM
Is that the only solution?
In a simpler way I am looking for a way to create a redundant interface like you can in the ASA...
Can this be done with SSG, Multilink, Port-channeling...Anything else or is IRB the only way?
04-21-2009 06:53 PM
Andy:
You cannot configure 2 routed interfaces on one device in the same subnet. If you want those two interfaces to belong to the same subnet, you will have to bridge them. It is similar to the way you place two ports in a vlan and then create the routed SVI interface for it.
You put both router interfaces in a bridge group and then configure a BVI interface for it.
What may be a possibility for you is to run HSRP between your 2960 switches (2960s are L3 switches) and have the ASAs point to an HSRP VIP between them.
Then you can configure the two routed interfaces to belong to separate subnets and leverage the HSRP tracking feature to track the primary interface.
Of course, this would require L3 isolation between your ASAs and switches and between your switches and router.
I dont know if anything Ive said helps, but there you have it.
Victor
04-21-2009 07:48 PM
Andy,
First of all, C2960 is a Layer2 switch. What you can do is that link redundancy. Setting up HSRP on 2 interfaces on the router is not going to work. I would recommend you to use BVI. You may see the only one is working at a time if your interfaces are connecting a loop and spanning-tree is working correctly.
HTH,
Toshi
04-22-2009 04:55 AM
Toshi:
From the specs given at this link, I was under the impression that the 2960 was a layer 3 switch. I have used the 2950 switch for many years and I knew that was not L3, but I thought the 2960 was.
http://www4.shopping.com/-is+cisco+2960+layer+3+switch
By the way, when you say "first of all," it implies there should be a second point, at least. :-)
04-23-2009 10:31 AM
IRB. You got to bridge those interfaces.
04-23-2009 10:42 AM
Victor
As far as i know all 29xx switches are L2 only. L3 switches start with the 3xxx switches.
Jon
04-23-2009 10:36 AM
I just looked at you diagram. Look into ip sla and tracked objects. YOu can monitor an ip for failure and then force the router to route to another interface along with other things.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide