Hi Abzal,

I just picked this stmt from your first response "

"For example IP 192.168.1.1 interface connected to core1, 192.168.1.5 interface connected core2"

You mean these IP Addresses configured in WAN router ports which are connected to Core 1 and Core 2?

If yes, it is not possible to assign the same subnet IP Address on 2 ports in same router. Or Am i missing your point?

Thanks for your quick response

Sorry) I didn't mention that mask is 192.168.1.0/30 for core1 and 192.168.1.4/30 for core2.

Abzal

Thanks Abzal, Yea that would be correct then...

I will try to apply this in lab.

Hi Abzal,

I have drafted the below configuration.

WAN Rouer Configuration

interface 1

desc port to core 1

ip address 192.168.1.1/30

interface 2

desc port to core 2

ip address 192.168.1.5/30

Core1 configuration

-------------------------------

interface 1

desc port to WAN

ip address 192.168.1.2/30

ip sla 1

icmp-echo 192.168.1.1 source-ip 192.168.1.2

frequency 5

ip sla schedule 2 life forever start-time now

track 1 ip sla 1 reachability

interface Vlan 100

ip address 192.168.23.2 255.255.255.0

standby 1 ip 192.168.23.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 30

Core 2 configuration

----------------------------------

interface 1

desc port to WAN router

ip address 192.168.1.6/30

interface Vlan 100

ip address 192.168.23.3 255.255.255.0

standby 1 ip 192.168.23.254

What should be the static route for forward traffic from Cores to WAN router?

For reverse traffic point to 192.168.23.254 in WAN router?

Yes, you have to put routes on both core switches.

Core 1:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Core 2:

ip route 0.0.0.0 0.0.0.0 192.168.1.5

And if you have subnet behind core like 192.168.23.0/24, put these on WAN router:

ip route 192.168.23.0 255.255.255.0 192.168.1.2 1

ip route 192.168.23.0 255.255.255.0 192.168.1.6 2

Hoep it will help.

Thanks Abzal for your quick response.

I will put all these in a test env and try

Hi Abzal, I have 2 questions in mind.

What happens if the core1 switch itself goes down?

VLAN 100 is to track the IP reachability and switch to standy core when this track is in unreachability only?

If core1 itself goes down secondary router core2 will take over. If link between WAN and core1 or WAN router itself goes down, ip addr.  192.168.1.1 from core1 will be unreachable. So track 1 will be down as well. Then HSRP on core1 will decrement priority as result it will be 90. Core2 has default priority 100 that's it will become primary router for VLAN 100.

Useful links

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8c.shtml

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml

Hope it will help.

Hi Paul,

Forward traffic: Right now traffic is routed to the router private IP Address from core1, you mean directly point to the ISP IP Address in Core 1 and Core 2?

Incoming traffic to LAN: Right now ISP is pointing to the WAN router public IP Address. With this HSRP virtual Ip Address it will bypass the WAN router?

Thanks for your quick response

Hi,

Yes point the core switches default routes to the private IP address of the WAN router. This would be the IP address assigned to the Ethernet interfaces that connect to core1 and core2.

I am making an assumption about the incoming traffic, but I assume the ISP will target the router WAN interface IP (public). The WAN router then forwards on to core1, so should have routes to reach the vlans via core1? Is this correct?

Kind regards,

Paul

What should be the IP Addresses on WAN router ports which are connected to core1 and core2?

I assume this way for forward traffic

Yes, you are correct WAN router forwards on to core 1 via VLANs.