Solved: Redunancy with two switches core

jhonrosas · ‎01-04-2019

Hello everyone,

I have a customes have just bougth ttwo switches core (L3), his today diagram network is:

Access Switches come to one Switch Core and this connect to a Firewall to reach Internet.

Now, I would like to set up Redunancy with this two core but the access switches only have one connection to core, I think split this connection half on one core and make a trunk each other core.

It is a good option or what do you recommend?.

Thanks in advance,

Andrew Khalil · ‎01-06-2019

Dear @paul driver

Greetings,

I totally agree with you,

Regarding the HSRP, if you check my first reply, I have mentioned FHRP, without specifying HSRP, VRRP or GLBP, because I didn't know the switch brand! but when @jhonrosas replied, he wrote HRRP, as a result, I though the he meant HSRP but mistaken in typing!

At any case! and according to his new topology diagram, I don't see that any of the solutions will work correctly because of the bad cabling!

I recommend that every access or distribution switch will be connected to both of the core switches! in order to get the desired redundancy, as for example if now Switch Core 3COm will be down, all of switch 5,1,2 will be isolated ! the same senario for others, the only good designed one is the Switch Selvidores as it's connected to both cores! even you can see the spanning-tree blocked port towards the Core 2 switch! which means that communications now occur through the Core 3COm!

Also one interesting position that should be taken in account is the ether-channel between the core switches and the fortinet, and the load balance method that should be used.

Last note, is the position of the DMZ in the topology, I would prefer to attached directly to the fortinet! as what I understood that we use usually the DMZ to be reached by the outside and the inside network as well, which requires some security procedures that can be done by the firewalls in general! so I don't know whether that position is good or not ?

Please, don't forget to rate posts that have been helpful!

Bst Rgds,

Andrew Khalil

View solution in original post

paul driver · ‎01-04-2019

Hello

To determine a solution of redundancy can you elaborate on the make/model of the two cores switch please?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Andrew Khalil · ‎01-04-2019

Hello Jhonrosas,

Greetings,

There are a lot of ways to redundant your network by using another core switch,

for example, you can you any of the FHRP protocols like the HSRP, VRRP or the GLBP,

or even you can use spanning tree to make each switch primary root for specific vlan while the other is secondary and the opposite through using PVST or rapid-pvst!

If you will provide us more details about your network, it will be better to support you!

Please don't forget to rate replies that have been helpful!

Bst Rgds,

Andrew Khalil

jhonrosas · ‎01-05-2019

Thanks for you anwser.

Well, attached actual topology and new.

Today all the routing is doing by the fortinet.

Now, I want to this function would be by the core swtiches and the fortinet only routing traffic to internet, all traffic LAN will be routing by core.

If I set up HRRP on two Switches, it is a good option?.

I ask that because if one core go down I must to move manually connection there are on the fail core to another core.

Thanks

Andrew Khalil · ‎01-05-2019

Hello Jhonrosas,

Greetings!

It will be an ideal solution for you and you will not need to manually change the cable,

once the active core will be down the standby one will be up, you can also configure through the HSRP a tracking feature which tracking the status of the interface connected to the internet! If it’s down it will make the standby switch up!

It is a great idea for a redundant networks!

You can also make both of them working together and when any of them go down the second one will handle the work of the down one!

I hope my my reply is helpful enough to get a helpful rating! Also please don’t forget to mark my reply as a solution if it’s helping you to solve your issues! It will be so nice from you!

Dont hesitate to ask if you have any inquiry!

Bst Rgds,

Andrew Khalil

Andrew Khalil · ‎01-05-2019

The second option is to make 1 switch root primary for VLAN A, B and C and secondary roof for VLAN D, E and F, while the second switch will be a root primary for VLAN D, E and F, and root secondary for the VLAN A,B and C!

If you will do so, you will be should that you have configured load balancing and also redundancy, as in the ideal situation for both switches each switch handle the jobs of its vlans once any of them become down, the second one will handle its work!

To configure such an option:

just configure rapvid-pvst on all the switches:

#spanning-tree mode rapid-post

and and additional commands on core 1:

#spanning-tree vlan A,B,C root primary

#spanning-tree vlan D,E,F root secondary

and the opposite exactly on core 2!

you can test this function by packet tracer!

Please, don’t forget to rate any helpful responses!

Bst Rgds,

Andrew Khalil

paul driver · ‎01-06-2019

Hello

you still didn’t answer what make/model of core switch you are/would be using but looking at you topology diagram it seem to suggest 3com-hp

Implementing HA on the core can be done without even using any FHRP If the core are stackable hence the query about make /model of your cores

As for the suggestion HRSP well this is Cisco propitary so itslimited to what other protocols it can work with so maybe you could look into vrrp which is open standard fhrp

regards changing spanning-tree modes I would strongly advise to do this with caution especially on a live production network as it could result is network outage.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Andrew Khalil · ‎01-06-2019

Dear @paul driver

Greetings,

I totally agree with you,

Regarding the HSRP, if you check my first reply, I have mentioned FHRP, without specifying HSRP, VRRP or GLBP, because I didn't know the switch brand! but when @jhonrosas replied, he wrote HRRP, as a result, I though the he meant HSRP but mistaken in typing!

At any case! and according to his new topology diagram, I don't see that any of the solutions will work correctly because of the bad cabling!

I recommend that every access or distribution switch will be connected to both of the core switches! in order to get the desired redundancy, as for example if now Switch Core 3COm will be down, all of switch 5,1,2 will be isolated ! the same senario for others, the only good designed one is the Switch Selvidores as it's connected to both cores! even you can see the spanning-tree blocked port towards the Core 2 switch! which means that communications now occur through the Core 3COm!

Also one interesting position that should be taken in account is the ether-channel between the core switches and the fortinet, and the load balance method that should be used.

Last note, is the position of the DMZ in the topology, I would prefer to attached directly to the fortinet! as what I understood that we use usually the DMZ to be reached by the outside and the inside network as well, which requires some security procedures that can be done by the firewalls in general! so I don't know whether that position is good or not ?

Please, don't forget to rate posts that have been helpful!

Bst Rgds,

Andrew Khalil

jhonrosas · ‎01-07-2019

Thanks for you anwser.

The switches are Dell EMC S4128F-ON