Cisco Catalyst 4500 switch to 2 cisco routers

karamak2 · ‎01-20-2016

I am currently trying to set up a network. The service provider has provided us two circuit links. One is a wireless solution and the other is a 100 MB fiber connection. They have provided two routers one for each solution, plugging to our switch to two different interfaces. Each interface belongs to a different network, since we got two networks on this catalyst switch. They have got HSRP with 2x standby group set up between the routers and provided a VIP address. The default gateway on my switch is the VIP address. The setup is as follows

One link from the service provider has two interfaces plugging to our switch and given addresses in each subnet to the links, the same follows for the redundant wireless link. We have added static routes to both these addresses on the catalyst

The service provider claim that they see traffic only on the main link and do not see any traffic through the redundant wireless link. My question is what additional configuration is required on the CAT switch for this to take effect?

Jon Marshall · ‎01-20-2016

I'm not sure I follow.

There is one link per router but then you talk about each router having two interfaces and running HSRP ?

Do you mean each router has two connections to your switch and you are running HSRP with two different groups between the routers.

If your 4500 is using a VIP address then if the active router is the one with the 100Mb link the SP won't see any traffic on the wireless link.

You would need to add a default route pointing to the wireless VIP as well but that would mean equal cost routing and you haven't said whether you want to use both links at the same time.

Is your 4500 acting as a L3 switch ?

Can you clarify the setup because your description is a bit confusing.

Jon

karamak2 · ‎01-21-2016

Hi Jon,

Thanks for the response. Below is further clarification

There are two links per router, one for each network. They are two networks that plug to our catalyst switch. We dont want to use both links at the same time. If the 100 Mbps link fails, then it needs to failover to the wireless circuit for redundancy. The wireless circuit is just temporary, they are laying fiber for a secondary permanent circuit. I have attached the drawing of the current setup.

Below are the interface configurations on their router.

100 Mbps circuit

interface GigabitEthernet0/0

ip address x.x.y.251/24; standby 1 ip x.x.y.253; standby 1 priority 105;

standby 2 ip x.x.y.254; standby 2 priority 105; standby 2 preempt;

interface GigabitEthernet0/2; ip address x.x.x.251/24; standby 1 ip x.x.x.253; standby 1 priority 105

standby 2 ip x.x.x.254; standby 2 priority 105; standby 2 preempt

Wireless circuit

interface GigabitEthernet0/0

ip address x.x.y.252/24; standby 1 ip x.x.y.253; standby 1 priority 105;

standby 2 ip x.x.y.254; standby 2 priority 105; standby 2 preempt;

interface GigabitEthernet0/2; ip address x.x.x.252/24; standby 1 ip x.x.x.253; standby 1 priority 105

standby 2 ip x.x.x.254; standby 2 priority 105; standby 2 preempt

On my catalyst switch, I have two static routes for each network as .254 as the next hop.

My question is what additional configuration I will require on the catalyst switch. I need to have this for them to do a failover testing.

Jon Marshall · ‎01-21-2016

Thanks for clarifying.

So .254 is the VIP address for the primary router for both groups.

If one link fails you want to use the remaining link but if both links fail then you want to use the wireless router.

Is that correct ?

If so firstly you are complicating it by having two links per router because if one link fails then the .254 IP for that group moves to the wireless router.

Your 4500 now has two default routes pointing to the different .254 IPs but one is to the primary router and one to the wireless router and you don't want that.

It would be much simpler if you simply used one link from each router and used HSRP tracking to track the WAN interface on each router.

You could tie the tracking into IP SLA if you needed to track further into the SPs networks.

Can you clarify exactly what you want to happen if one link to the primary router fails ie. do you want to still send all traffic to the primary router ?

Jon

karamak2 · ‎01-22-2016

Jon,

Thanks for your response. No its not correct. One link is for one network and the other link is for another network on that same router. If the specific link on that router fails, then it should send that network traffic via the wireless router.

Jon Marshall · ‎01-22-2016

Then I can't see what else you need to do on the 4500.

You simply need the two default routes pointing to the .254 VIPs which would mean if a link fails that VIP switches to the other router.

Like I say you need HSRP tracking on the routers.

Jon

karamak2 · ‎01-22-2016

Yes the service provider has the hsrp configured on the routers. I need to perform failover testing on both the links. I have added static routes to both networks in my switch. But service provider claim they do not see anything to perform the failover

Ganesh Hariharan · ‎01-23-2016

Hello,

After seeing the attached diagram, Just need few clarification.

You have shown two link to each routers , How this two links are configured at 4500 switches w.r.t service provider.

Is this configured with HSRP at Service provider end ?

What i understand with ur goal , correct me if i am wrong. You would like to achieve failover in case Service provider router goes down or both the physical link goes down towards service provider ? If yes then that can be achieve by IPSLA tracking as stated by Jon.

Have a look on HSRP IPSLA tracking

Hope it Helps..

-GI

karamak2 · ‎01-25-2016

Thanks for your response. On the 4500 switch, we have two static routes, each one pointing to its network gateway.

The service provider router configurations are as above, they have HSRP configured. I am not confident about IP SLA tracking, I did go over the documentation. can someone please guide through the additional configuration on the switch?

Jon Marshall · ‎01-26-2016

You don't need IP SLA on the switch because your default routes are pointing to HSRP VIPs on the routers.

You do need HSRP tracking and possibly you need to tie that in with IP SLA on the routers.

The routers need to be aware of a link failure or you can use IP SLA as well to track an IP further into the SPs network and then they can switch between routers if the link fails or the IP address becomes unreachable.

But there is nothing else to do on the switches.

You would only need IP SLA on the switches if the default routes pointed to physical interface next hop IPs but they don't, they point to HSRP VIPs.

Jon

karamak2 · ‎01-27-2016

Ganesh/Jon,

Thanks for your response. I have not performed the interface traffic before and read over some documentation. Can someone guide me to configuration. By tracking the interface, do you just mean by:

conf t

track 1 interface x/y line-protocol (where x/y is one of the interface to the SP router)

end

Ganesh Hariharan · ‎01-26-2016

Thanks for your response. On the 4500 switch, we have two static routes, each one pointing to its network gateway.The service provider router configurations are as above, they have HSRP configured. I am not confident about IP SLA tracking, I did go over the documentation. can someone please guide through the additional configuration on the switch?

Hello,

Agree with Jon comments,

As your service provider is already running redundancy with HSRP running and you are pointing towards a VIP only.

Best is to track the interface which are connected with 4500 switch from both the service provider link and map with static route.

Hope it Helps..

-GI