Cisco switches load balance w/ 2 barracuda web filters question

Hey all, I'm trying to figure out the best way to load balance two barracuda web filters. I was thinking this:

Internet
Router
Cisco 2950*Outside*

(Port 1 Outside) Barracuda 1(Port 1 Inside)
(Port 2 Outside) Barracuda 2(Port 2 Inside)

Cisco 2950*Inside* -- All computers here or whatever

I thought I did a setup like that in my Cisco course which was a while ago. Setup trunking or load balancing on two ports to another cisco switch. But instead of going right to the switch, go through the barracudas then to the other switch. Will that work or am I thinking too simplistic and have no idea what I'm talking about?

Thanks for your input.

Do the web filters support load balancing or failover (active/active, active/standby)?

It should not really matter how you are setting up the switches in order for load balancing of these two devices, although I have very little knowledge of these products it seems that they would be what needs to support this feature.

The filters will be transparent to the network. They do support managment clustering (same rules throughout the cluster) but as for the load balancing I will get back to you on that. It shouldn't matter as these units are just transparent...right?

So they are layer 2 transparent devices?

They have the ability to be and that is how we are going to set it up. Looking further into the Cisco switches I need to execute these command, please tell me if I'm wrong to get load balancing working:

conf t
int fa0/1
channel group 1 mode desirable
int fa0/2
channel group 1 mode desirable
end
conf t
port-channel load-balance -mac

By reading the cisco stuff that is what I would need to get load balancing between two switches. I'm assuming if I throw transparent filters between the switches that would still keep working right?

Thanks for your time here ;-)

The reason I ask if I'm doing this properly is I'm seeing most of the traffic going through one port and not 50/50.

Gotcha, those look like the proper commands to set up EtherChannel, but don't you also need something similar to this?

switch#(config)interface port-channel 1
switch#(config-if)switchport mode trunk
switch#(config-if)switchport trunk native vlan XX

It's been a while for me, if you post your running config that would help...

http://www.cisco.com/en/US/tech/tk3..._tech_note09186a0080094714.shtml#cat2950_3550

I meant to help but do not have a 2950 to try it on.

It's interesting. I plugged a fluke in on each switch and started generating traffic between the two. I'm not sure if this is how these switches do load balancing but this is what's happening:

Switch 1
--Port 1 - Transmit
--Port 2 - Recieve
Switch 2
--Port 1 - Recieve
--Port 2 - Transmit

I find it weird to do it that way because these are TX lines and should be able to trans and receive on the same line with no problem. I thought it would shuffle the packets from one port to the other and back again to give it true load balancing.

Is there a debug command where I can see what ports are accepting data?

Anyways, here is the config (Port 15 and 16 are the load balanced ports):

Switch#sh ru

Current configuration : 1335 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret secret
enable password enable
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface Port-channel1
switchport mode trunk
flowcontrol send off
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
switchport mode trunk
channel-group 1 mode desirable
!
interface FastEthernet0/16
switchport mode trunk
channel-group 1 mode desirable
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
ip address 10.10.10.231 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
password password
login
line vty 5 15
password password
login
!
!
end
Switch#

you might want to delete your password from the config you posted, just a thought

Heh, thought I got them all, missed the secret password. It's a test switch anyways so I wasn't too worried. Thanks for the heads up ;-)