LAN interface Failover
Freshman Member
Hello guys
I have an USG 1100 with an physic interface (internal) like 172.16.0.254 with a policy route that send all traffic to 172.16.0.1(another router) for all destination network 172.16.0.0/16
I want add a failover interface (172.16.0.253) that route a secondary router (172.16.0.2) when primary is down.
I saw failover (TRUNK) working only WAN interface, how can I implement it on internal interfaces too?
Should i add only a lower policy route with the secondary rout with connectivity check on primary?
many thanks
All Replies
-
Some problems with your placeholders IP you say you have if LAN is 172.16.0.254/16 how will it get to 172.16.0.1 on the WAN interface?
In a normal simple Failover you have a LAN 192.168.0.1/24 and two WAN interfaces ideally real WAN IPs or say WAN1 10.1.1.2/24 gateway 10.1.1.1 and WAN2 10.2.2.2/24 gateway 10.2.2.1
you then add two routing rules
top is
incoming LAN
next hop WAN1
ping checkbottem is
incoming LAN
next hop WAN20 -
My mistake, it is 172.16.0.0/12 (not /16) therefore from 172.16.0.0 to 172.16.31.255, it is therefore not a WAN interface but always a LAN (LAN2), I deduce in any case that your procedure does not change and is also functional with LANs.
0 -
Can you say more on what your goal is? maybe I misunderstood?
0 -
I want redundancy in case the interface (Port 5) connecting an external router (172.16.0.1) goes down, and automatically starts a connection via Port 6 with a second router (172.16.0.2).The 2 routers have fiber connections on different routes.
0 -
Why do you use these two routers on LAN side, instead of WAN1 and WAN2?
0 -
I'm still unsure of the setup does the USG 1100 do anything? It seems like clients are not even going to its gateway? Is that about right? In which cause the USG 1100 can't do anything because clients are going to another routers gateway....
can you not have real WAN IP's? why only 172.16.0.1 to one and 172.16.0.2 to the other? can they not be different subnets?
0 -
what I think will work is my fail over idea on a switch
vote for it
Fail over without NAT — Zyxel Community
The idea on how it works is you setup both gateways as 172.16.0.1 on your two routers
So that you have switch management VLAN 100 untag one cable from port 1 to primary router then this is the tricky bit you have another cable from primary router to port 2 of the switch in untag VLAN200 and the secondary router to port 3 on VLAN200 of switch with your clients on VLAN 200 which would normally cause problems because two same gateways only the fail over idea on a switch comes in to play that you make a policy rule to discard the packet when ping check fails for ARP on port 2 and a policy rule to discard the packet low Weight for ARP port 3 and a policy rule high Weight to No change enable rule when ping check fails for ARP on port 3
You might also need a policy rule to discard the packet for ARP of the source MAC of switch on port 2
This then toggles between gateways without conflict
0
Guru Member
Ally Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 150 Nebula Ideas
- 97 Nebula Status and Incidents
- 5.7K Security
- 268 USG FLEX H Series
- 273 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
