Failover of a link

I have a 7204 core router with two uplinks.  Initially, the one uplink was a singular uplink via PPPoE so we built our outbound NAT translations on it as well as our VPN sessions.
As of today, we have two links.  The second link has much less bandwidth and is only setup as a backup link.  What we have setup is as follows:
ip sla monitor 100
type echo protocol ipIcmpEcho <**HOST ON END OF PPPoE LINK**> source-interface Dialer1
timeout 1000
threshold 100
frequency 30
ip sla monitor schedule 100 life forever start-time now
track 100 rtr 100 reachability
interface FastEthernet1/0.110
description Link to BackupLink
encapsulation dot1Q 110
ip address <**STATIC_IP_ISSUED_BY_UPSTREAM**> 255.255.255.0
ip nat outside
ip virtual-reassembly
interface Dialer1
bandwidth 30000
ip address negotiated
ip access-group WAN-InboundACL in
no ip redirects
ip mtu 1492
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username <**PPPoE_USERNAME**> password 7 <**PPPoE_PASSWORD**>
crypto map RemoteAccessVPN
max-reserved-bandwidth 90
service-policy output QoS_Outbound
ip route 0.0.0.0 0.0.0.0 Dialer1 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0.110 100
ip nat inside source route-map OutboundNatBackup interface FastEthernet1/0.110 overload
ip nat inside source route-map OutboundNat interface Dialer1 overload
ip access-list extended VPN_Selector
remark ACL for VPN
permit ip 192.168.80.0 0.0.3.255 192.168.5.0 0.0.0.255
ip access-list extended OutBoundACL
permit ip 192.168.80.0 0.0.15.255 any
route-map OutboundNatBackup deny 20
match ip address VPN_Selector
route-map OutboundNatBackup permit 990
match ip address OutBoundACL
match interface FastEthernet1/0.110
route-map OutboundNat deny 20
  match ip address VPN_Selector
route-map OutboundNat  permit 990
  match ip address OutBoundACL
As you can see we have the primary link monitored and it will flip the default route if the primary link's monitoring goes down to the far end (I know i can do this with an "event manager applet" however I am looking to just get the simple things working).  I am wondering if, since I have the second link, do I need to match on the dialer interface on the old route-map OutboundNAT for each entry?  Also, any ideas as to what to do to make the VPNs come up across the new link.  I am guessing I setup a second crypto peer on the far end but how do I set this end to only have the VPN up on the primary path unless the primary path is down?

I have a 7204 core router with two uplinks.  Initially, the one uplink was a singular uplink via PPPoE so we built our outbound NAT translations on it as well as our VPN sessions.
As of today, we have two links.  The second link has much less bandwidth and is only setup as a backup link.  What we have setup is as follows:
ip sla monitor 100
type echo protocol ipIcmpEcho <**HOST ON END OF PPPoE LINK**> source-interface Dialer1
timeout 1000
threshold 100
frequency 30
ip sla monitor schedule 100 life forever start-time now
track 100 rtr 100 reachability
interface FastEthernet1/0.110
description Link to BackupLink
encapsulation dot1Q 110
ip address <**STATIC_IP_ISSUED_BY_UPSTREAM**> 255.255.255.0
ip nat outside
ip virtual-reassembly
interface Dialer1
bandwidth 30000
ip address negotiated
ip access-group WAN-InboundACL in
no ip redirects
ip mtu 1492
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username <**PPPoE_USERNAME**> password 7 <**PPPoE_PASSWORD**>
crypto map RemoteAccessVPN
max-reserved-bandwidth 90
service-policy output QoS_Outbound
ip route 0.0.0.0 0.0.0.0 Dialer1 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0.110 100
ip nat inside source route-map OutboundNatBackup interface FastEthernet1/0.110 overload
ip nat inside source route-map OutboundNat interface Dialer1 overload
ip access-list extended VPN_Selector
remark ACL for VPN
permit ip 192.168.80.0 0.0.3.255 192.168.5.0 0.0.0.255
ip access-list extended OutBoundACL
permit ip 192.168.80.0 0.0.15.255 any
route-map OutboundNatBackup deny 20
match ip address VPN_Selector
route-map OutboundNatBackup permit 990
match ip address OutBoundACL
match interface FastEthernet1/0.110
route-map OutboundNat deny 20
  match ip address VPN_Selector
route-map OutboundNat  permit 990
  match ip address OutBoundACL
As you can see we have the primary link monitored and it will flip the default route if the primary link's monitoring goes down to the far end (I know i can do this with an "event manager applet" however I am looking to just get the simple things working).  I am wondering if, since I have the second link, do I need to match on the dialer interface on the old route-map OutboundNAT for each entry?  Also, any ideas as to what to do to make the VPNs come up across the new link.  I am guessing I setup a second crypto peer on the far end but how do I set this end to only have the VPN up on the primary path unless the primary path is down?

Similar Messages

  • Failover ISDN backup link

    I have situation where half of my network is connected with one central location and other half with second central location. Every router is connected with primary frame-relay link and ISDN as backup link (floating static route conf).
    I need to configure that in case backup link can't manage to connect with one central location start connection with second central location. Failover ISDN backup link. Any sugestions? Thanks

    Configure the two numbers under dialer interface. These will be tried in sequence, and in fact if things are configured properly it will be no problem if some branches are connected to primary hub and some to secondary.
    Hope this helps, please rate post if it does!

  • Exchange 2010 failover of 2 Links

    Good Afternoon, Evevryone
    I have the following scenario.
    TMG as edge.
    Exchange the internal network as
    CAS, HUB and MailboxServer.
    I do not use Exchange edge.
    I have 2 internet link.
    The external clients access Exchange
    via OWAPP, Activesync,
    Outlook Anywhere through webmail.dominio.com.br
    name that points to one of my internet
    IPs.
    Well I would like to create one
    failover. If the Link that
    p falls webmail be redirected
    to the IP of another internet link.
    Is this possible?
    I did a search and the only
    thing I found was that we put the
    TTL Host pointing (in my case)
    webmail with at most 5 minutes.
    If the link drop I change the
    IP of the host webmail
    for the other link is working.
    There is no way to automate this? Remembering that it is
    for OWAPP, Activesync,
    Outlook Anywhere services.
    To receive e-mail I use good old
    MXs.
    Fazzani - MCP, MCSA, MCTS-ISA,VISTA

    HI 
    YOu need to think of ISP failover in your case  if one line goes down second will  kick in. 
    Or you might need to think of Adding an additional public IP address to the External DNS and pointing it to a cas server but still the load will be distributed equally to 2 ip's
    You can try to accomplish this with TMG 
    Similar thread for your reference
    https://social.technet.microsoft.com/Forums/en-US/b0133ede-b198-4736-9edb-b7b9f82db5e2/how-to-publish-owa-anywhere-active-sync-in-case-of-dr
    Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
    (MVP)

  • ASA redundant failover links

    Hi,
    We are setting up a new ASA which is in multi context mode.  I was wondering if it is possible to setup redundant failover and state links?  I know that it is possible to run failover on one link and state on another, or both over the same link, but is it possible to have both failover and state running on 2 links?  For example, failover and state on ten1/0 as well as failover and state on ten1/1.
    Hope I have explained my question well enough.  If not I will try to explain better.
    thanks

    I would suggest to make a redundant logical link and attach two physical links to it. Than during failover link configuration specify your redundant link as a failover link. Not sure if it works but dont see any obstacles for this solution to fail..

  • Reroute some vrf traffic between 2 sites over redundant link

    hey guys,
    We have a single client (in vrf) with 2 sites in different states and running over our mpls core.. Our primary link in our core is experiencing degredation of service and want to route this client over our redundant link while keeping all other clients going over our primary link - is this possible?
    The client in question has its own vrf (L3VPN) at both sites and is running over mpls between both sites. We want to re-route this particular client to take our backup path, while keeping everyone else between both sites going over the primary. We are not using TE, instead LDP to build MPLS.
    I don't believe this is possible to only re-route one client, however I thought I would ask the question.
    We cannot failover to secondary link for everyone between both sites because the link doesn't have the capacity.
    Thanks in advance.

    Hi,
    Using MPLS TE would certainly be an option. You would need to setup an MPLS TE LSP over the backup. You would also need to configure a separate lookback interface on each PE and use this loopback interface address as the next hop for the specific VRF
    ip vrf X
    bgp next-hop loopback 999
    ip route 255.255.255.255 Tu1
    This way you would make sure that only the traffic for this specific VRF would travel over the TE tunnel.
    Regards

  • IP Failover between nic cards, not servers

    This maybe a very simple question, I just haven't found the answer to it...
    Our Xserve's are running on a Cisco switch and a switch port for the primary NIC card of one AFP server recently failed.
    While the server had both cards connected to the switch and the second NIC card was live, the users lost connectivity to the internal server address (internal DNS) as is was pointing only to the primary IP address of that server.
    This makes sense as there was no mechanism to tell the server to start using the secondary IP address.
    We are now planning to connect all secondary NIC's to a second switch for both the LAN and the DMZ (VLANs) for better redundancy.
    The DMZ uses IP addresses only due to port forwarding.
    My question is now what is the best way to continue services on a secondary NIC if the first NIC fails.
    Add a new DNS entry for the LAN? If so, how? Just enter the secondary NIC IP with the same server name?
    Use FAILOVERBCASTIPS for the DMZ?
    IP Failover works great between machines, but can the server send heartbeat messages to itself (example: FAILOVERBCASTIPS="NIC1-IP NIC2-IP")?
    Is there any way to maintain the mount status of AFP volumes during the switch of IP's (since it's still the same machine)?
    Thanks in advance for your help!
    Xserve G5   Mac OS X (10.4.3)  

    Since you're using Cisco switches and are already familiar with VLANs, your simplest solution would be to use link aggregation to create a trunk between the Mac and the switch using both the NICs, then configure VLANs so that both subnets use the trunk interface rather than the physical interfaces.
    That way traffic for either IP address can traverse either NIC, and you get automatic failover (thanks to link aggregation) should either NIC fail.
    Note that this will only work if you're connecting to the same switch. If you have 'internal' and 'external' switches this won't work without some re-architecting of the network topology.

  • Layer 3 redundancy; individual layer 3 links vs Portchannel

    Does anyone have evidence as to which technique is "better" (more reliable, faster)?
    Cat6500, dual SUP720, native IOS mode.
    Partial topology:
    Sw_1 (5/1)----Layer3 link----(5/1) Sw_2
    Sw_1 (5/2)----Layer3 link----(5/2) Sw_2
    In the above scenario, there will be 2 equal cost layer3 path from Sw_1 to Sw_2. So, on any link failure, we rely on IGP protocol (in our case, OSPF) for redundancy.
    If we have something like,
    Sw_1 (5/1)---L3 port-ch----(5/1) Sw_2
    Sw_1 (5/2)---L3 port-ch----(5/2) Sw_2
    Then, we have to rely on channel hashing algorithm for redundancy.

    Hi
    I did something like this this week - we found that both worked well, although the failover between the links wasn't great with port-channels.
    We have two 100Mb Ethernet presented circuits between two sites - we configured as an L3 port-channel (using 3750s at either end in this case). If you hard code them as on (channel-group 1 mode on) and the link went down beyond the NTEs the ethernet link to the switch never dropped, so the Etherchannel never failed the unavailable link.
    If we used PAgP/LACP the switches either end did detect the failure, however it took 2 minutes (presumably 4x the hello time) - this didn't seem to be tunable (at least on that platform).
    We ended up using OSPF to control the links - which failed over in a few seconds and also performs even-cost load balancing.
    With regard to load balancing FEC bases it's choice of path on source MAC, dest IP or some other factor - although this is configurable on some platforms you need to think it through and trial it for your traffic platforms to get near-even load balancing.
    Same applies to routing protocols really - you can per-packet load balance which should be pretty even but it's best avoided if using latency sensitive stuff like voice...
    Regards
    Aaron
    p.s. please rate helpful posts :-)

  • Failover option(s) for remote site VPN

    Currently, I have several remote VPN locations, in which most of them of ISDN dial backup in case the primary connection goes down. Can I use DSL/T1 circuit as a failover/dial backup link? If so, please point me to the right direction in finding documentations. Thank you.

    As per your config, I guess you are referring to the VPN connectivity with Peer IP 166.149.125.81.
    If yes than you have missed the other subnets of main site in the ACL outside_cryptomap_1
    which have been mapped in the VPN with this Peer.
    object-group network DM_INLINE_NETWORK_2
    under this statement match the network-object with the subnets at main site that needs communication with the subnet 192.168.90.x/24 at remote site (same as you have done for 192.168.0.0/24 subnet)and vice versa.
    BR
    Please rate if this solve your problem.

  • Pix Failover Configuration with 1 Public

    Have 1 PIX 515e (6.3(3)) in production that is currently assigned ip 1.1.1.2 w/ a 255.255.255.248 mask.  All of my remaining publically assigned ips are being used so I don't have a free ip for the standby ip on the outside interface.  Can I just do the standbys on the inside, failover and stateful link and not worry about having the standby for the outside?  I'll be using lan-based failover w/ a few ports vlan'd out on my 3560 for the failover and stateful links.

    Hello David,
    The Pix firewall is getting to end of life this month, on version 6.3 I don't think this is supported or what will be the behavior on this scenario, on version 7.0 and higher you can use the command:
    no monitor-interface if_name
    http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/mr.html#wp1582411
    And just monitor the other interfaces.
    I hope this helps.
    Regards,
    Felipe.

  • Round robin DNS for load balancing between multiple network adapters (Xserve)

    I'm attempting to use 'round robin' DNS to load balance between the two ethernet adapters of an Xserve.
    Both ethernet adapters are connected to the same LAN and have static IP addresses of 192.168.2.250 and 192.168.2.251.
    The DNS zone for the server's local domain/host (macserver.private) has a machine record with both IP addresses (set up in the Lion Server UI).
    Having read up on round robin DNS, I would have expected DNS requests for 'macserver.private' to be answered with the two IP addresses ordered at random, achiving my aim of requests being served at random via each ethernet adapter.
    However this doesn't seem to be the case. Doing a 'nslookup' from any of the network clients results in the two IP addresses being listed in the same order everytime. And pinging 'macserver.private' only ever results in a response from the same address.
    Does anyone know why this is the case? Does Lion Server use a non-standard DNS configuration? Are there any additional settings I need to configure in Lion's DNS server to make adopt a round robin approach to responding to requests?
    Thanks in advance for any help!

    Be careful what you wish for
    Round Robin DNS is rarely the best option for 'load balancing'. At the very least it's subject to caching at various point on the network - even at the client side, once the client looks up the address it will cache that response - this means that subsequent lookups may be served from the client's cache and not refer back to the server. Therfore any given client will always see the same address until the cache expires.
    I suspect this is what you're seeing.
    You can minimize this by setting a lower TTL on the records. This should result in the response being cached for a shorter period, meaning the client will make more requests to the server, with a higher change of using the 'other' address.
    However, you're also going to run into issues with the server having two interfaces/addresses in the same LAN. This isn't recommended.
    As Jonathon mentioned, you may be better off just bonding the two interfaces. This will provide an automatic level of dynamic load balancing without the latency of DNS caches, as well as automatic failover should one link fail (as opposed to round robin DNS which will cause 50% of requests to fail until the client cache expires and a new lookup is performed (and, even then, there's still a chance the client will try to use the failed link).

  • ASA 5520: Configuring Active/Standby High Availability

    Hi,
    I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.
    I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).
    I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is 10.1.70.1/24 and secondary is 10.1.70.2/24. The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of 10.1.70.2 and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.
    I tried this using a crossover cable to connect the interfaces directly with the same result.
    Any ideas?
    Thanks.
    Dan

    The command Varun is right.
    Since you want to know a little bit more about this stuff, here goes a bit. Every interface will have a secondary IP and a Primary IP where the Active/Standby pair will exchange hello packes. If the hellos are not heard from mate, the the unit is delcare failed.
    In case the primary is the one that gets an interface down, it will failover to the other unit, if it is the standby that has the problem, the active unit will declare the other Unit "standby failed). You will know that everything is alright when you do a show failover and the standby pair shows "Standby Ready".
    For configuring it, just put a secondary IP on every interface to be monitored (If by any chance you dont have an available secondary IP for one of the interfaces you can avoid monitoring the given interface using the command no "monitor-interface nameif" where the nameif is the name of the interface without the secondary IP.
    Then put the commands for failover and stateful link, the stateful link will copy the connections table (among other things) to avoid downtime while passing from One unit to another, This link should have at least the same speed as the regular data interfaces.
    You can configure the failover link and the stateful link in just one interface, by just using the same name for the link, remember that this link will have a totally sepparate subnet from the ones already used in firewall.
    This is the configuration
    failover lan unit primary
    failover lan interface failover gig0/3
    failover link failover gig0/3
    failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
    failover lan unit secondary
    failover lan interface failover gig0/3
    failover link failover gig0/3
    failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
    Make sure that you can ping each other secondary/primary IP and then put the command
    failover first on the primary and then on the secondary.
    That would fine.
    Let me know if you have further doubts.
    Link for reference
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
    Mike

  • VFM (Virtual File Manager): End of life and replacement products

    In our organization, we are heavy users of VFM (Virtual File Manager) for DFS management and file replication.  Unfortunately VFM is going end of life in Nov 2012 and we have not been able to find suitable product(s) to replace its functionality.We have looked at many alternate products, including Autovirt and ScriptLogic SecureCopy for DFS management and file migration/replication and have not found a suitable replacement so-far.  The products we have seen so-far do not scale well for larger environments and do not provide the ability to import or batch create tasks.  For the DFS management functionality, it looks like Netapp may be able to create a custom tool for us, but we have not found anything suitable from the replication/migration side of things.  Either way, off the shelf products would be preferable to a custom made tool if available.Here is a breakdown of the VFM features that we use and their importance to our teams:Feature UsedFeature TypeFeature DescriptionImportanceAvailability PoliciesAdmin View, Namespace PoliciesDFS Link replicationHigh, used to replicate DFS namespace between serversBackup PoliciesAdmin View, Namespace PoliciesBackup DFS namespaceHigh, used for contingencyClient Recovery PoliciesAdmin View, Business Continuity PolicyAlllows failover of DFS links from PROD to DRHigh, used for BCP / DRCreation PoliciesAdmin View, Namespace PoliciesFiler recovery policies Admin View, Business Continuity PolicyDFS link managementVery, currently used for contingencyMigration PoliciesAdmin View, Data Movement PolicyData copy/ migrationHigh, many migrationsReplication PoliciesAdmin View, Data Movement PolicyServer recovery policiesAdmin View, Business Continuity PolicyDFS link managementVery, currently used for contingencyVFM GUILogical View, add linksDFS link addition / update / deleteVery, used to manage all links
    We are looking for suggestions for replacement products for the functionality of VFM.  Has anyone identified a successor for VFM that would still work within larger environments?  Any suggestions would be appreciated.

    You can get the same functionality that was provided by this product if you take a slightly different approach by using symlinks or CIFS widelinks.  I've been using a script I wrote which effectively replaced what we were doing in Netapp VFM. I create symlinks in the main share that I consider to be the primary tier of storage. The symlinks are to the folders residing on secondary SATA tiers of storage. This script parses through the secondary tier, then adds said symlink into the main tier. To enable this you basically change the options in your share to allow external shares to be traversed (though, it's on the same storage system itself). Create a hidden clone share for the primary tier and change the option on that share to not follow external links/only allow internal. That share will then show the secondary tier folders as 0 byte files that are the shortcuts, you can literally manage those by deleting those files, or using the remove-nafile command in the PowerShell toolkit. This is 7-mode still, but you could do this approach all the same w/ cifs widelinks. This script itself only parses and creates the symlinks that point to secondary tiers of storage, it isn't doing any data migration. You could very easily integrate it into a data migration workflow where you scanned your main tier for folders that have files that haven't been modified in say a year, then auto move those to the SATA tier, then run this script. You could go one step further and auto move them back to primary if you detect your SATA share were in use again, just delete the symlink shortcut and migrate back to primary by doing a standard copy from the one share to other. In addition, this in my opinion is better than using a DFS shortcut for reach folder on each tier of storage whereever it was (like NetApp/Brocade VFM did). Essentially the client was handling linking the shortcuts. This moves the responsibility to the server building and presenting the share and the client knows no different. On a Mac system, this makes a HUGE difference as it is only seeing one DFS pointer in this approach. You can download it here: https://gallery.technet.microsoft.com/scriptcenter/NetApp-symlink-generator-e1de2185

  • Cisco VPN in Cluster

    how to route traffic for Remote end LAN from inside L3 switch to the firewalls in cluster. as firewalls in cluster will have cluster ip only for outside interface & not to inside interface.

    If by firewall in cluster you mean firewalls in failover then following link may help you for configuration
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

  • Througput towards 5555x from 68k for Firewall contexts

    If you were connecting a 5555x to a 6500, would you use a single port channel with 8 uplinks, or two 4 port etherchannels, with one representing the "out" and one representing the "in"
    I intend to use ten or more contexts, and in the past have done this with a FWSM, which had a 6 gig etherchannel on the chassis backplane.  I imagine that using one etherchannel would be similar to the FWSM approach.
    Would there be any benefits in using 2 ether channels with a concept of in and out? If so why.  Any design insight at the physical layer would be appreciated.
    Or further to this - would you use 6 ports and keep 1 or 2 ports dedicated for the failover and state interfaces, rather than run these interfaces as sub-interfaces that traverse the switching infrastructure. - Update - have to use 6 links, not 8:
    •If you use an EtherChannel interface for a failover or state link, then to prevent out-of-order packets, only one interface in the EtherChannel is used. If that interface fails, then the next interface in the EtherChannel is used. You cannot alter the EtherChannel configuration while it is in use as a failover link. To alter the configuration, you need to either shut down the EtherChannel while you make changes, or temporarily disable failover; either action prevents failover from occurring for the duration.
    •Although you can configure failover and failover state links on a port channel link, this port channel cannot be shared with other firewall traffic.
    I have attached a small diagram to explain the physical / logical differences. (6 interfaces total - as this would be dedicated failover link scenario)

    Hi Nick
    The Cisco recommendation was always to use an even number of ports in the etherchannel because this worked better with their load balancing algorithm but I'm not sure how relevant this is nowadays.
    So leaving that aside personally I would use just one etherchannel between the firewall and the switch.
    The issues with using two that I see are firstly unless your traffic patterns are 50/50 in terms of traffic going to and coming from the firewall you are not going to utilise the links evenly. For example an FTP request is small but the resulting download could be very large and a fair number of applications work like this.
    Which would mean one etherchannel could be very heavily utilised, if not oversubscribed, while the other one could be just ticking along.
    Secondly if you use two etherchannels a single port failure could have a much more pronounced effect on throughput especially if the etherchannel is the one being utilised more because of traffic direction.
    You don't gain any extra redundancy from having two separate etherchannels so I personally can't see any advantages to it but that doesn't mean there aren't any so happy to discuss if you feel there are.
    Obviously whichever you use spread the ports across modules for maximum redundancy.
    I should say though that I have never done this where I needed that much throughput to a firewall other than using an FWSM which as you say does not have these concerns.
    Edit - I assumed when you referred to in and out you were referring to traffic direction and it was not related to contexts. if I have misunderstood please clarify.
    Jon

  • Leased Line Redundancy

    Hi
    I'm just wondering what would be the best way to implement leased line redundancy using serial connections.
    I have Site A (Main) and Site B (Branch). I have two links between both but am currently only using one of these links. If link one failed I want link two to kick in.
    I am currently using static routes on the routers.
    I will attach a network diagram showing the current setup.
    Thanks in advance!

    Hi
    I'm just wondering what would be the best way to implement leased line redundancy using serial connections.
    I
    have Site A (Main) and Site B (Branch). I have two links between both
    but am currently only using one of these links. If link one failed I
    want link two to kick in.
    I am currently using static routes on the routers.
    I will attach a network diagram showing the current setup.
    Thanks in advance!
    Hi,
    If you want to achive only active/standby configuration then configure one router as active and other one as stanby for lan traffic going out using HSRP implementation in lan side of both the routers making gateway as virtual ip of the group for lan subnet and also configure tracking along with IP SLA so in case of failover of the link automatically the standby router will be become active for lan user as tracking will decrement the pirporty of active router.
    http://cisco.biz/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swhsrp.pdf
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

Maybe you are looking for


HashFlare