Redundant switch second time

Hi,

I'm having some difficulty to figure out how to achieve full redundancy on parts of my network. At this moment I have 2 routers 2821 in standby configuration (HSRP) and 2 PIX firewall in failover configuration with one switch between them. Client requires duplicate switches as well. Any idea how to achieve this? Any document out there?

Firewall Failover

| sw1 | | sw1a | Internet ^ ^ | | v v | fw1 | | fw1a | Firewall Failover ^ ^ | | v v | sw2 | | sw2a | LAN ^ ^ | | v v | RT1 | | RT1a | Router Standby (HSRP)

Much Appreciated

Reply to
John Strow
Loading thread data ...

add a set of outsider routers and then you could do this

BGP Across a PIX Firewall

formatting link

Reply to
Merv

Which parts are you concerned with? From your description and diagram, everything looks redundant already.

Reply to
Thrill5

That should be the goal, but how to achieve it?

Reply to
John Strow

Meaning how to configure the setup ?

Reply to
Merv

Yes that's right

Reply to
John Strow
  1. HSRP facing inside LAN

  1. OSPF between routers and PIX inside interface

  2. PIX default route pointing to ISP
Reply to
Merv

  1. PIX advertise default router to inside routers vis OSPF
Reply to
Merv

This will work until the link to one of your ISPs goes down and the does not take the Ethernet I/F of PIX down with it. Then you have half your packets being shipped out into oblivion.

If you really want to do this with no single point of failure, you also need a mechanism to detect that one of your ISPs is down. You'll also need a total of six switches, four routers and two firewalls, although you may choose to combine some of those functional blocks into multipurpose appliances, as long as your combos are vertical and not horizontal.

good luck and have fun!

Reply to
Vincent C Jones

see Cisco Doc "Data Center Networking: Internet Edge Design Architectures"

formatting link

take a look at page 3-41 of that document

Reply to
Merv

Thanks for your reply. I should have been more precise. Actually my job is to duplicate internal equipments including PIX but not part that conects to ISP. Anyway company has one ISP only

| sw1 | Internet ^ | v | fw1 | | fw1a | Firewall Failover ^ ^ | | v v | sw2 | | sw2a | LAN ^ ^ | | v v | RT1 | | RT1a | Router Standby (HSRP)

Thanks

formatting link

Reply to
John Strow

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.