LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

Routing rules for backup switch in a VRRP configuration/topology

H5TECH-IT
Occasional Contributor

Routing rules for backup switch in a VRRP configuration/topology

Hi,

I would like to figure out which is the best solution to the following:

A main switch(5412zl) has a common base static route 0.0.0.0 to the firewall.
The main switch is directly connected to the firewall through a normal rj-45 network cable.

What type of routing configuration should I have on the backup switch, so that traffic flows to the firewall if the main switch is unavailable?

Thank you in advance for your help.

3 REPLIES
Ian Vaughan
Honored Contributor

Re: Routing rules for backup switch in a VRRP configuration/topology

Howdy,
The backup switch can have a duplicate default route to the main switch but with a higher metric (cost).
Your main challenge is going to be how you get the backup switch to take over from the main switch at Layer2 (read up on spanning tree secndary root) and at Layer 3 (read up on VRRP - especially how the virtual IP addresses work).
Once your clients are using a virtual (floating) IP address as their default gateway and the switches each have a route to the firewall (one preferred low-lost and one standby higher-cost) all will be rosy in the garden.
HTH
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
H5TECH-IT
Occasional Contributor

Re: Routing rules for backup switch in a VRRP configuration/topology

Hi,

Can I ask you something also?

If using cross connect cabling

1) Between backup switch and main switch

2) Main switch to firewall

Will that allow the network traffic to pass through the main switch even if the main switch is powered off or otherwise unavailable?

Thank you.

Ian Vaughan
Honored Contributor

Re: Routing rules for backup switch in a VRRP configuration/topology

Howdy,
Short answer - no.
Longer answer - only appliances such as IPS units or WAN accelerator nodes that act as "a bump in the wire" - meaning they are effectively transparent to the network - can "fail to wire" in the way that you suggest.

Unfortunately a powered off / failed switch will do nothing to help.

That's why routing protocols and resilient switching and suchlike are great to implement in order to keep things working.
HTH
Ian
Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me