Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
861
Views
0
Helpful
2
Replies

Failover problem: CS-3850 stack to Sonicwall NSA 2600 HA

jeffbruns44
Level 1
Level 1

‎01-20-2015 08:44 PM - edited ‎03-05-2019 12:37 AM

Trying to establish a highly resilient edge for a client who desires to spend little coin.

The Internet edge consists of 2 NSA 2600's in an HA deployment. 

The Inside edge is a pair of CS-3850-24t's

Each 3850 connects to each SW

3850 G1/0/19 to SW1 x0

3850 G1/0/20 to SW2 x0

3850 G2/0/19 to SW1 x2

3850 G2/0/20 to SW2x2

All 3850 ports are set as access ports in the same vlan (800)

The 3850's have 2 additional downstream 2960 switchstacks connecting to it

All LAN SVI's are on the 3850

The active switch is switch 1

 

If I power off switch 1, internal LAN routing and intra connectivity fails over to switch 2  ie if I have a continuous ping going from devices on different vlans and switches, there is a 3 tick no response then it replies again.  That's acceptable.

 

However, a continuous ping from inside to an internet host dies during and after failover.  My perspective is that the primary SonicWall has the former active 3850's mac address (from G1/0/19) in it's ARP table and unless I recycle that primary sonicwall, there is no egress or ingress connectivity.  If I do recycle the primary sonicwall, I eventually reestablish complete connectivity. 

Am I on the right path that it's some kind of ARP issue at the sonicwall?  If so, what are my options (not a sonicwall dude)?

If not, what other options do any of you suggest to create an unattended failover environment?

I've considered creating routed links rather than l2 connections between the switch stack and sonicwalls with OSPF????

Thoughts?

Thanks for any help

 

 

 

 

Labels:
0 Helpful
2 Replies 2

johnd2310
Level 8
Level 8

‎01-20-2015 09:45 PM

Hi,

 

Have you tried using vrrp on the 3850? Sonicwalls point to vrrp address of 3850s for internal networks and 3850s point to HA address of Sonicwalls

 

 

**Please rate posts you find helpful**
0 Helpful

grochowskir
Level 1
Level 1

‎12-07-2015 09:00 AM

Had the same problem. Looks like Sonicwalls consider this a spoof. Don't connect your Core switches directly to your Sonicwalls. Put a stack of switches between your cores and Sonicwalls. The uplinks between your new stack and Sonicwalls I would put in a L2 port-channel.

thx.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card