Switching

Here is the description of my problem:

A have an EX-4300 switch configured in a single vlan name Admin. Theis switch is pointing to a firewall which is the default Gateway.

My Boss tasked me to configured two additional EX-4300 switches with the same configuration as the first working switch.

My question is how can I use the same default Gateway for all three switches? The goal is for users to failover to the 2nd switch should the first switch malfunction. Also if the first two switches fail then the third switch should take over and the users should never notice any down time.

Presently when I daisy chain the 2nd and 3rd switches to the 1st switch, the users can aquire IP address via DHCP and all is well. But my Boss wants standalone failover for each switch.

I am thinking about using a small 6port high-bandwidth hub between the default Gateway(Firewall) and the three switches to solve my problem or use a first hop redundant protocol such as VRRP to solve my problem.

Any suggestions, comment and ideas are welcome.

Thanks,

Hansen Kannie  

If your firewall has the interfaces to support it, I would suggest a 3-port LAG between the firewall and all three switches, which should be configured as a virtual chassis.  The VC offers you route engine redundancy and simpler management.

Bear in mind that unless your end users all have a connection to each switch, the individual switches are still a single point of failure.  In other words, if Switch A goes down, then all the end users on Switch A will go down.

Agree 100% with this solution, BUT it would all depend upon how your user physical redundancy is accomplished.

When the first switch fails then I will have to go over in the server room and physically move the users over to the 2nd switch. No automation here. LOL!

My Boss likes it like this. Wow!

Hansen

OK, so when you are physically moving the user connections, also move the connection from the FW/DefGW to the 2nd switch.  This network redundancy design is not even good in 1985, never mind 2015.

I'd agree with this assessment.  This type of configuration is just a waste of time and the company's money because now you have two spare switches (for some reason) just sitting there collecting dust on the off-chance that the first one dies.

If your boss really cared about resiliency, he would have you put the switches into a VC and evenly distribute user connections across all three switches. Doing this spreads your risk amongst the three switches so that if you lose one, your entire userbase is not down - just a group of them.

One might even go as far as putting users into a port scheme such as on the first switch, users would go into ports 0, 3, 6, 9, 12, etc., users on the second switch would go into 1, 4, 7, 10, 13, etc., and the third would go 2, 5, 8, 11, 14, etc.  If your port usage remains relatively static, and one of your switches goes down, it would be really easy to move configurations from one switch to the next with a simple copy-paste.  Then you go and move them physically if your "dead" switch is not going to recover soon.

Thanks. But ny boss does not virtual-chassis solution.

---

@hkannie wrote:

Thanks. But ny boss does not virtual-chassis solution.

 

 

---

Is there a particular reason why?  It's really the most resilient solution there is. 

Big question is how do you users or potentially servers physically failover to the 2nd and 3rd switches, is it active-standby physical NICs?  Start there and then maybe can provide you a solution.  BTW, who did you purchase the switches from - that is which or who is the Juniper partner?  Did you raise this question to them?  If you just purchased these on-line somehow from a Juniper distributor, then they would be not help, as not a value-add type of partner.