12-25-2013 09:33 AM - edited 03-07-2019 05:14 PM
My head office have 4 Radio link with and each connect my 2 branches with main and back link wise versa radio link 5GHz with HQ.
so my HQ have 3750 new cisco switch and also one of branch have 4500 series switch and reason of this operationally very critical.
this also separate vlan and using VRRP and Voice vlan to data also avalible .earlier our network is flat now I'm done to subnet wise and vlan wise inside my network. my requirement is,
is there any way to config load balancing with my wireless link with separate subnet no harm within inside my net work .also very appreciate if give me good technologically better solution for me.
12-25-2013 02:45 PM
so my HQ have 3750 new cisco switch and also one of branch have 4500 series switch and reason of this operationally very critical.
Let me put it this way: If I have a critical (or very critical) site I would NOT be linking both of them using radio. The only reason why I'd link them radio is to get this site operational quickly while I provision for a more permanent solution.
Radio link can only give you limited speed and factors which will affect operation is very high. Permanent solution, such as direct fibre link, gives you higher speed, reliability and security.
12-29-2013 06:42 AM
Thanks lot for that and sorry to delay reply about my post, i would higly agree your advice also and things was Leo we have lot of issue with the Layer down fiber between both 2 branches,i also mention about the Wireless device whch im using to interconnect both end to my HQ.below i mention the product that i used
http://www.ubnt.com/airmax#nanostationm
very appreciate u re good suggestion to me.
12-30-2013 04:38 PM
Thanks lot for that and sorry to delay reply about my post, i would higly agree your advice also and things was Leo we have lot of issue with the Layer down fiber between both 2 branche
You will need to sort out the issue with your fibre. If your traffic between the two branches have confidential traffic then, again, I would still be very cautious doing it over radio.
Even if you are going to put encryption over the radio links, this solution will SLOW your traffic down due to encryption overhead plus CPU overhead.
12-25-2013 04:02 PM
Hi Rajeewa,
I agree with Leo, If this is for critical applications, I would go for more reliable link like fibre rather rely on wireless links.
Having said that, if you want to achieve load balancing with current setup, then you can simply configure a dynamic routing protocol across these layer 2 links (bridges). In this case you cannot have same L2 vlan (for users) span across site.
Here is an example how to do this with OSPF. I have two switches (C3750- Central site, R3750- Remote site)
vlan999: 192.168.99.0/24 (C3750-SVI:192.168 99.1, BR1:192.168.99.99, BR2:192.168.99.100, R3750-SVI:192.168.99.101)
vlan997: 192.168.97.0/24 (C3750-SVI:192.168 97.1, BR3:192.168.97.99, BR4:192.168.97.100, R3750-SVI:192.168.97.101)
C3750(SVI-999) - G1/0/11(VL999) -> BR1(RootBridge) < -----SSID:BR12----> BR2(Non-RB)-> F1/0/11 - R3750(SVI-999)
C3750(SVI-997) - G1/0/12(VL997) -> BR3(RootBridge) < -----SSID:BR34----> BR4(Non-RB)-> F1/0/12 - R3750(SVI-997)
===== BR1 ======
hostname BR1
!
dot11 ssid BR12
authentication open
authentication key-management wpa version 2
wpa-psk ascii Cisco123
interface Dot11Radio1
encryption mode ciphers aes-ccm
ssid BR12
station-role root bridge
no shut
!
interface BVI1
ip address 192.168.99.99 255.255.255.0
!
ip default-gateway 192.168.99.1
===== BR2 ======
hostname BR2
!
dot11 ssid BR12
authentication open
authentication key-management wpa version 2
wpa-psk ascii Cisco123
interface Dot11Radio1
encryption mode ciphers aes-ccm
ssid BR12
station-role non-root bridge
interface BVI1
ip address 192.168.99.100 255.255.255.0
!
ip default-gateway 192.168.99.1
===== BR3 ======
hostname BR3
!
dot11 ssid BR34
authentication open
authentication key-management wpa version 2
wpa-psk ascii Cisco123
interface Dot11Radio1
encryption mode ciphers aes-ccm
ssid BR34
station-role root bridge
no shut
!
interface BVI1
ip address 192.168.97.99 255.255.255.0
!
ip default-gateway 192.168.97.1
===== BR4 ======
hostname BR4
!
dot11 ssid BR34
authentication open
authentication key-management wpa version 2
wpa-psk ascii Cisco123
interface Dot11Radio1
encryption mode ciphers aes-ccm
ssid BR34
station-role non-root bridge
interface BVI1
ip address 192.168.97.100 255.255.255.0
!
ip default-gateway 192.168.97.1
===== C3750 =====
interface Vlan999
ip address 192.168.99.1 255.255.255.0
ip ospf network point-to-point
!
interface Vlan997
ip address 192.168.97.1 255.255.255.0
ip ospf network point-to-point
interface GigabitEthernet1/0/11
description BR1
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet1/0/12
description BR2
switchport access vlan 997
switchport mode access
!
router ospf 1
passive-interface default
no passive-interface Vlan997
no passive-interface Vlan999
network 192.168.97.0 0.0.0.255 area 0
network 192.168.99.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 10
==== R3750 =====
interface Vlan999
ip address 192.168.99.101 255.255.255.0
ip ospf network point-to-point
!
interface Vlan997
ip address 192.168.97.101 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet1/0/11
description BR3
switchport access vlan 999
switchport mode access
!
interface FastEthernet1/0/12
description BR4
switchport access vlan 997
switchport mode access
!
router ospf 1
passive-interface default
no passive-interface Vlan997
no passive-interface Vlan999
network 192.168.97.0 0.0.0.255 area 0
network 192.168.99.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 20
Once you do this you will see you are establishing two equal cost path across these two bridges.
R3750#sh ip osp neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.129.2 0 FULL/ - 00:00:32 192.168.97.1 Vlan997
192.168.129.2 0 FULL/ - 00:00:31 192.168.99.1 Vlan999
R3750#traceroute 192.168.100.254
Type escape sequence to abort.
Tracing the route to 192.168.100.254
1 192.168.97.1 9 msec
192.168.99.1 0 msec
192.168.97.1 0 msec
R3750#sh ip route 192.168.100.0
Routing entry for 192.168.100.0/24
Known via "ospf 1", distance 110, metric 2, type inter area
Last update from 192.168.99.1 on Vlan999, 00:01:34 ago
Routing Descriptor Blocks:
* 192.168.99.1, from 192.168.129.2, 00:01:34 ago, via Vlan999
Route metric is 2, traffic share count is 1
192.168.97.1, from 192.168.129.2, 00:01:34 ago, via Vlan997
Route metric is 2, traffic share count is 1
HTH
Rasika
**** Pls rate all useful resposnes *****
12-29-2013 07:07 AM
Hi Rasika
I am very glad to you and reply to quickly about my post. Nice meet up same country teammate and again to share your experience and the person have good mutually to involve my matter resolve very peacefully. Very thankful to your advice you mentioned above. Referring my Diagram i used product call Ubiquiti NanoStation M, it’s very good and throughput wise very reliable with my opreation.im not giving 100% Plus mark to that product but I have a critical (very critical) site both my HQ and Branches. This was the reason i used for two links for BACKUP and MAIN link wise versa to both end Rasika. My aim was when 1 Link goes down another link want to activate automatically simultaneously without any interruption and using Routing protocol. Also Load balancing with using both links very useful to fulfil my aim.u re suggestion highly appreciates.
12-29-2013 09:45 AM
Hi Rajeewa,
Nice to meet you too in here. Glad to see our responses were useful to you.
Pls do not forget to rate our responses if it helps you
Rasika
12-29-2013 11:12 PM
Hi Rasika,
I read ure blog and its very nice and very worthy, Also thanks again to reply my Post to quickly. I saw u suggested me to deploy OSPF to both my link and if my access point want to support Trunk in both end.your advice highly concern to me
Rajeewa
12-29-2013 11:29 PM
Hi Rajeewa,
If you want to load balance then you have to run a routing protocol. OSPF taken as example, you can use EIGRP if needed.
If you pass multiple vlans (by configuring trunk port & allow same vlan across both links) then one link will be get blocked due to spanning tree. So effectively you could not use both link at the same time. That's why in my configuration I have configured Bridge connected switchport as access mode & in unique vlan.
If your bridges support only trunk port configuration at the switch end, then you can configure your switchport as trunk port and only pass the required vlan as native vlan.
In my example I have configured like this (as Access Ports)
interface GigabitEthernet1/0/11
description BR1
switchport access vlan 999
switchport mode access
If needed you can configure that switchport as trunkport as below
interface GigabitEthernet1/0/11
description BR1
switchport encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allow vlan 999
Not too sure about your bridge configuration as I have zero experience/knowledge about that product
HTH
Rasika
**** Pls rate all useful responses ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide