Re:Hardware Redundancy for Switches

CSCO11776584 · ‎03-14-2012

Hi to All ,

In our network setup, we have couple of routers, firewalls and switches(Please find the attachment) connected. Switches 3560G are configured in Active-Passive mode using HSRP. On one end, we have connected these switches to Data Centre(Couple of servers), on the another end, we have ASA firewalls configured for Active-Active mode using HSRP and these firewalls are connected to Switch 2960S and from the switch they are connected to Routers 2911 and 1941. From routers, we have point-to-multipoint connection using MPLS. On the same switch 2960S, we have also ISP connection.

We are looking for the following solutions:

1) As you can see, 2960S switch is having "Single point of failure". I need a hardware redunduncy. I want to purchase another switch to achieve this redanduncy, but want to know the connectivity between these switches and ASA firewalls and what protocols to be used to achieve this.

2) Also, I want to conver the Active-Passive switches to Active-Active switches.

I have not configured any VLANs on the network.

Kindly help me out with the solution.

Thanks in Advance!!

Dan-Ciprian Cicioiu · ‎03-14-2012

Hi,

1) Buy another 2960S and use the stack option. Make sure that you have the stack module on the first one.

2) I would go for HSRP msec timers, but if you want Active/Active you can create 2 HSRP groups.

Regards

Dan

CSCO11776584 · ‎03-14-2012

Thanks Dan!!

But I have a little doubt...In the network topology, I have a ISP and MPLS connections to this switch. If I connect both MPLS line and ISP line to the master switch(stacking) and unfortunately master switch goes completely down(no power). As there is no power in master switch and the ports are connected to master, I want to know that the ISP and MPLS would be up through slave switch, since there is no power in master.

Joseph W. Doherty · ‎03-14-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Your diagram also show two links coming into the 2960 and two links leaving it. When you stack the switches, you move one ingress and egress link to the second stack member. If either stack member fails, you lose half your possible bandwidth but you don't have complete connectivity failure.

Dan-Ciprian Cicioiu · ‎03-14-2012

Hi ,

Stricly speaking about power of the 2960s , you can use Cisco RPS 2300 + 2 power circuits.

Regarding the Internet ... the redundancy comes with a cost, so here we have fewer posibilities :

- you get one more link , this comes with a cost.

- you accept that if the internet goes down, knowing that this does not affect the business - goes down for different reasons , power is just one of them.

Regards

Dan

Leo Laohoo · ‎03-14-2012

1. Instead of a 2960S between the router and the ASA, I'd invest in 3750X.

2. I'd also invest in 3750X to replace the 3560G. Aside from stacking the 3750X together to form one logical switch, you can get rid of your HSRP. This will also allow you to better manage this section of your network to the DC.

3. The 2911 and 1941 router does not have HSRP running between them.