gokul varma nk's questions

Currently we have a Cisco ISA570 Firewall which does failover load-balancing between two ISP links.

I would like to get a Sonicwall NSA6000 which should be primary and the ISA570 as a failover device. How should I re-design network such that the WAN Links as well as LAN traffic gets loadbalanced properly?

The ISPs provide just one Gateway IP each.

Currently LAN traffic comes over through Cisco 2960s.

The network should be able to switch from the Sonicwall to ISA570 in case of any failure at Sonicwall. The two Firewalls should also be able to load balance between the two ISP links.

Please suggest possible designs to accomplish the same with the extra equipment required.

Thanks,

This is the topology I have set up in my GNS3.

The RIP V2 protocol of Router R2 is recognizing and advertising the two networks that are advertised in EIGRP, even though the said information should only have been received through redistribution. How Do I ensure that RIP advertises only those subnets I want advertised and not all the subnets of that Classful network that may exist on that particular router?

The below is the Show Ip route and Show Running-config informations from the routers R2 and R3,

    R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/24 is variably subnetted, 5 subnets, 2 masks
C       192.168.1.64/28 is directly connected, Loopback1
R       192.168.1.32/28 [120/1] via 192.168.1.133, 00:00:00, Serial0/0
R       192.168.1.16/28 [120/1] via 192.168.1.133, 00:00:00, Serial0/0
R       192.168.1.128/30 [120/1] via 192.168.1.133, 00:00:00, Serial0/0
C       192.168.1.132/30 is directly connected, Serial0/0
R3#

//////////////////////////////////////////////////////////////////////////////

R3#sh run
Building configuration...

Current configuration : 1063 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.1.65 255.255.255.240
!
interface Serial0/0
 ip address 192.168.1.134 255.255.255.252
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial0/1
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
router rip
 version 2
 passive-interface default
 network 192.168.1.0
 neighbor 192.168.1.133
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

R3#s


//////////////////////////////////////////////////////////////




R2#sh run
Building configuration...

Current configuration : 1240 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.1.17 255.255.255.240
!
interface Loopback2
 ip address 192.168.1.33 255.255.255.240
!
interface Serial0/0
 ip address 192.168.1.130 255.255.255.252
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial0/1
 ip address 192.168.1.133 255.255.255.252
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
router eigrp 10
 network 192.168.1.16 0.0.0.15
 network 192.168.1.128 0.0.0.3
 no auto-summary
!
router rip
 version 2
 passive-interface default
 network 192.168.1.0
 neighbor 192.168.1.134
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

I am trying to design a topology in which I need to use VMPS and unfortunately the resources are rather few on the internet.

Based on this Configuration document

VMPS

I have created a sample configuration document. However I see in it a particular command, viz

download vmps

Which I believe creates a copy of the VMPS database from the TFTP server to the NVRAM.

Now my question is: Are any of my assumptions above true? Is that the method to create a more permanent copy of the VMPS database into the NVRAM ? Is there any way for the VMPS database to be edited and management from the Catalyst switch itself or does it always have to be updated via the TFTP Server?

Finally does anyone have any authoritative document or tech notes for the VMPS? I have not seen this particular technology in the syllabi of either CCNA, CCNP or even CCIE.

Thanks

I am designing a topology with one Core Switch and around 6 Edge Switches with around 10 Vlans managed through the VTP Server running on Core Switch. Inter Vlan routing is also enabled on the core switch.

Now I need to restrict traffic into one particular Vlan. I know how to write the statements using Extended Access List and apply it on an interface in a Router, but how do I create an Access List / Filter condition in the Core Switch to govern traffic going to that particular VLAN ?