Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
10
Helpful
7
Replies

Help on Network design?

srikanth ath
Level 4
Level 4

‎11-30-2011 11:38 PM - edited ‎03-07-2019 03:41 AM

Hi experts

as i have attached a network diagram of our medium sized org.

we have a sonicawall firewall in behind we have branch office and main office with vlans implemented on it..

firewall -------l3switch-----l2 switches(branch & main offices)

and we bought a new firewall of same sonicwall and an L3 switch of cisco 3750.got to implement HA mode for oraganization ?

looking about the lan HA design

cases

1. can i use HSRP here for HA mode m not aware of this). if this is a best practice way  can you please shw me an example link or simple explanation how it can help to the org.

2. or should i have to stack the switches where im aware of this. (making two switches into 1 switch with throughput of 32gbps and master/slave opt.)

3. if i want to have load balancing between branch and head office. how could i achieve this (was this really helpful in my scenario)

most importantly i want to have a suggestions from you on case1 and case3.

notes:

a. we have four service providers so wan links : 2 broadband and 2 leased lines (which provide us the bandwidth of 14 mbps)

b. total of 150 employees.. 100 in main office and 50 in branch office.

c. branch office connected to main office l3 switch via fibre link.

d. as of now l3 switch is handling only intervlan routing.

thanks & regards

srikanth

Labels:
Preview file
72 KB
0 Helpful
7 Replies 7

Latchum Naidu
VIP Alumni
VIP Alumni

‎12-01-2011 12:14 AM

Hi Srikanth,

I would suggest you to configure HSRP between your core switches (3750's) than doing STACK.
When you want load balance/sharing with HSRP then you need to configure multiple hsrp groups to do the job.
See the below example config...

Switch-1
interface FastEthernet0/0
ip address 10.10.12.1 255.255.255.0
standby 1 preempt
standby 1 ip 10.10.12.3
standby 1 priority 110
standby 2 preempt
standby 2 ip 10.10.12.4

Switch-2
interface FastEthernet0/0
ip address 10.10.12.2 255.255.255.0
standby 1 preempt
standby 1 ip 10.10.12.3
standby 2 preempt
standby 2 ip 10.10.12.4
standby 2 priority 110


After you did the above config, you will have group 1 with Switch-1 active (10.10.12.3) and group 2 with Switch-2 active (10.10.12.4). Of course you will have to find a way to push to the clients the 2 gateways (10.10.12.3 and 10.10.12.4) or to configure them manually on your users machines, to really achieve the load balance feature with HSRP.

Please rate the helpfull posts.
Regards,
Naidu.

srikanth ath
Level 4
Level 4
In response to Latchum Naidu

‎12-01-2011 12:31 AM

Hi naidu

thanks for the quick reply.

will catch or update this.. if i have any problem on this.. config. or topo.

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to srikanth ath

‎12-01-2011 12:36 AM

You are most welcome srikanth,
Please dont forget to rate all the helpfull posts as well.


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎12-01-2011 01:46 AM

First of all you need to find out how and what HA your firewalls can support active active or active standby

Then based on that you can use HSRP or stacking

If the firewalls will be in active standby what you do is put the switches in one stack

If they can work in active active you can use stacking with Policy based routing PBR to direct the traffic for load sharing based on the network and use ip sla for failover

HTH

if helpful rate

0 Helpful

srikanth ath
Level 4
Level 4
In response to Marwan ALshawi

‎12-01-2011 03:02 AM

Hi marwanshawi

firewall is in active standby mode.. but why we need to luk in the firewall HA stat?

so if i have one firewall.. cant we run hsrp for the core switches?

confused...

1. we have about 10 vlans and i want to run hsrp instance per vlan.

2. can i go with the etherchannel in trunking two core swithes(3750)   switch1--------------------swithc2  (ether channel between two siwtches).

can you please provide me the appropriate link for the above 2 requirements.

thanks

sreek

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to srikanth ath

‎12-01-2011 03:52 AM

Hi Srikanth,

What I gave in my first multiple HSRP groups as like per vlan base is much suites for you.
See the blelow link as you asked.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_14_ea1/configuration/guide/swhsrp.html#wp1044324


See the below link for etherchannel between 3750's
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00806cb982.shtml

Please rate the helpfull posts.
Regards,
Naidu.

Kishore Chennupati
Level 7
Level 7
In response to srikanth ath

‎12-01-2011 04:04 AM

Sreekanth,

" firewall is in active standby mode.. but why we need to luk in the firewall HA stat?

so if i have one firewall.. cant we run hsrp for the core switches?

confused..."

You can run HSRP on the L3 switches regardless of whether the FW's run in Active/Active or Active/Standby mode.

because the Active L3 switch will send the traffic to the vIP of the FW's and the FW's send the traffic back to the vIP of the HSRP. only thing if you are going to run active/active is to hardcode the static arp and mac address of FW vIP on the L3 switch.

HTH

Kishore

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card