Other Network

Anna · ‎03-25-2020

Hello everyone! :)

I have 2 PaloAlto Active/Standby, connected to 2 X Cat9500Stack, in campus distribution layer . I would like to configure 2 Etherchannels. One to Active,one to Standby Firewalls. So if the Active FW fails, primary Etherchannel will switch to secondary one, in order to continue forward with Standby FW, that became active at this moment.

What and how to this config, on Cat9500?

Please advice what and how to configure both sides. Mean Cat9500 and PaloAlto.

Thank you in advance! Other Network Architecture Subjects, Other Networkin

Cristian Matei · ‎03-25-2020

Hi,

In the end is just a regular LACP, doesn't matter if there is a stack of switches or just one switch, or if there is an HA pair of firewalls, or just one firewall. Here's the Cisco side, and here's the Palo Alto side.

Regards,

Cristian Matei.

Anna · ‎03-25-2020

Thank you for quick reply, i will check and come back in case of doubts.

pigallo · ‎03-25-2020

Hello @Anna ,

i am pointing you to the configuration guide for etherchannels (Cat9500):

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-10/configuration_guide/lyr2/b_1610_lyr2_9500_cg/configuring___etherchannels.html#concept_4685AEC0AD9E4DBFA49AEE35D3B4A028

Please consider, as connection scheme to enhance redundancy, to split port-channel interface members and connect to both modules of the stack (active and standby).

Best regards.

Anna · ‎03-25-2020

Thank you, going though docs now.