cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5430
Views
46
Helpful
31
Replies

Trunking 2 switches to 1 router

CiscoBrownBelt
Level 6
Level 6

So I have  4000 router I want to trunk to 2x switches. The router has a switchport module in it. I know I can't connect it to one of the normal routed ports because  the switches would be in different networks correct? The 2x switches are for the same networks and is redundancy for servers.

So I have one switch in g0/0 port with all the subinterfaces for the subnets, the other switch in one of the other ports that I configured for trunk.

I can't ping the router from the switch connected to the normal trunk port, only can ping router from switch connected to the g0/0 port with the sub-interfaces.

Is there something special I have to configure here?

If the 2nd switch will have devices in same VLANs as 1st switch, is the way I am doing it a good way or can I just connect it into another normal port let's say g0/1?

1 Accepted Solution

Accepted Solutions

Basically my big question is, how do I configure ports on a router/fw that connect to 2x redundant switches? (e.g. If let's say g1 on router has 10.1.1.1 going to switch1, how do I configure g2 on the router that goes to switch 2?

So, looking at your diagram again, the best way is to remove g2 from each router (no cross-connect) since the 4000 are just routers. So, g1 on accsw1 connects to g1 on internalRT1 and g0 on accsw2 connects to g1 on internalRT2.  

Likewise on FW. In the diagram I am showing a layer 2 switch that is used in between routers and FW. I know I should put ports in FW and routers into just a common VLAN let's say mgmt. 10, but how do I configure the corresponding ports on the routers and the FW?

For this one, you need a common vlan for internalRT1, internalRT2, edgesw, and the fw.  You would need to configure the 4000 routers with HSRP, layer-2 vlan only on the edgesw and one ip on the fw all in the same subnet/vlan.

HTH

View solution in original post

31 Replies 31

TONY SMITH
Spotlight
Spotlight

We need to see at least some of your configuration.  Could you post up at least the configuration for the two router interfaces, and the router vlan interfaces?

I am sorry I can't upload the config on here right now. From a physical standpoint and config possibility, can you look at my diagram. Would connecting this way work?

I'm afraid it's not really clear what you're trying to achieve.  Making a bit of a guess I would have thought you'd want different subnets for the two routes to the firewall.  And HSRP on the firewall rather than the L2 switches.  Depending on the firewall, a dynamic routing protocol my be better than HSRP.

Ok so basically I have a lab and am trying to create redundancy with the given equipment on the diagram.

See new diagram attachment.

Each server would connect to each switch (forgot to draw lines).

I didn't connect each switch to each router given I can't put the same IPs on each interface on the routers.

Am I making some sense :)?

Also, I would like to use a management vlan/subnet to use to access each device so would it be best to put that edge switch/interconnect switch ports that connect to the routers and FW in the management VLAN?

 

Please see attached diagram any help is appreciated.

Goal is to have as much redundancy with the given equipment on diagram.

Ok so there is no way to connect both redundant routers to 1 FW right meaning the FW would need to of the same "inside" interfaces I guess right?

Also, I can get the interfonnect switch to ping the router via trunk connection, but can only get the switch to ping the FW if I put the connecting interface in switcport access vlan 10 (which is same subnet as inside interface on FW).

My concern is if all internal subnets on the LAN will be able to pass through the interconnect switch and on out to the internet.

 

Any help is appreciated.

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

It is hard to understand your diagram and what you are trying to do. Can you give each device a hostname, for example, the switch at the far left, top "acc-sw1" the switch at the far left, bottom "acc-sw2" (if they are access switches)?  Also, add the interface number that connects these switches to the routers. Do the same thing on the routers and the switches on the right side, firewall and finally the router on the far right.  Is the router on the far right facing the Internet?  Explain what devices are layer-2 and what is layer-2/3. What devices are supporting users and what devices are used for server connectivity? Again, add more description to your diagram so, we can understand the functionality of each device and what you are trying to do.

HTH

Ok see attachment.

Basically all dual devices are for redundancy.

This setup is that I have only 1 FW for now. I I had 2 I guess I would show 2 connecting to the 1 Edge Sw correct or I assume it is best to double up everything there as well. 

Let me know if my connections are right for redundancy or please help make it clear what you suggest on my diagram. To my understanding, each interface on the router must not share same subnets (overlapping error) so I guess I can

t connect each AccSw to each Router.

 

Thanks! 

Ok, much better!

So, let's look at the physical layer first. According to your diagram, the servers right now connect to one switch only.  So, if you want redundancy, you need to connect each server to both access switches.

Next, your access switches connect to one router only, if you want redundancy, you need to connect each access switch to both routers with Etherchannels (one per access switch). 

Also, not sure why you have a note on the top router for sub-interfaces. Your access switches are layer-2 and they connect to the routers using trunk ports. This means every server vlan will terminate on both routers and the routers need to be configured with HSRP or VRRP for redundancy for every vlan.

Does all of these make sense so far?

HTH  

 

 

 

Sorry meant to show connections for each server to each sw.

As for routers, I thought I can't use the same subnets on each router connection for each Sw meaning how would I configure the connecting ports on the routers?

Yes the routers would be configured for HSRP, and the interface that connects to each switch would have the sub-interfaces for routing all the subnets. If AccSw1 is connected to InternalRt1 g1 (G1 has 10.0.0.1, g1.2 10.0.2.1, g1.3 10.0.3.1, etc.) how would I configure the port on InternalRt1 that connects to AccSw2? Vice versa for AccSw to InternalRt2

What type of routers are these?

Are there multilayer switches or routers?

Can you provide the model/type?

HTH

Yes the switches are multilayer 2960
Routers are 4431 series.

I have updated the diagram showing the redundant connections. Yes ideally I would want 2 firewalls.

Would it be beste to have 2 Edge switches connecting each edge sw to each FW? Just like my question about the router ports, how would I configure the ports on each FW? I can't have the same 2 nameif so how is it usually done?

 

Hello

yes you can have the L3 interfaces on both rtrs as resza suggested and it will provide resiliency for you lan users and will allow you to load share between the different vlans which will then traverse either router via a first hop routing protocol  ( hrsp vrrp glbp) 

Would alao suggest attach a direct physical connection between the router then them being interconnected eteeen a switch 

 

res

paul

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Ok but if I am connecting both Access switches to each Internal router (see attached diagram) how to I configure the ports on each router since I can't use the same subnets on each interface?

Also, according to my diagram which physical connetion are you referring to?

Review Cisco Networking for a $25 gift card