Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
344
Views
0
Helpful
4
Replies
soporteca
Beginner
Beginner
‎10-04-2019 11:15 AM
‎10-04-2019 11:15 AM

Layer 3 HA

Hi Cisco Gurus!

 

I'm having a big doubt related to Layer 3 HA or Bonding. On one side I have cisco 4900M layer 3 sw, where I 've configured a port channel with 2 ports, and assigned it and ip address:  172.26.114.1

On the other side there is a Fortinet array in HA mode (2 500e). I have set up an IP address 172.26.114.2. Now, the qst is :

How can I connect my 4900 to fortinet? Is it posible to take one port to forti1 and other port of the port channel to port of the forti2? Am I right?

Thanks

Mariano

Labels:
0 Helpful
4 REPLIES 4
balaji.bandi
VIP Guru VIP Guru
VIP Guru
‎10-04-2019 11:24 AM
‎10-04-2019 11:24 AM

No, You can not do that, you need to have different network segments and 1 L2 Link for HA ( Fortinet point of view) ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
soporteca
Beginner
Beginner
In response to balaji.bandi
‎10-04-2019 11:34 AM
‎10-04-2019 11:34 AM

Thanks for your answer. You mean one segment at cisco and other at forti. lets say: 172.26.114.1/30 forti and 172.26.114.5/30 Cisco? I don't really understand your idea. I don't want to use anothr switch as support.

Thanks

Mariano

0 Helpful
balaji.bandi
VIP Guru VIP Guru
VIP Guru
In response to soporteca
‎10-04-2019 11:49 AM
‎10-04-2019 11:49 AM

As per your orginal post, you looking to HA (Pair of Forti kits) and you like to connect those both in to One Switch?

 

if that is the case, its not the best solution and you can not split the port-channel in to 2 links (one for Forti1 and another 1 to Forti 2)

 

Look at high availability design :

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/661074/high-availability-with-two-fortigates

 

If my understanding wrong, please explain with diagram, so we can suggest better.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
luis_cordova
VIP Advisor VIP Advisor
VIP Advisor
‎10-04-2019 11:58 AM
‎10-04-2019 11:58 AM

Hi @soporteca 

 

You could review this guide for reference. As @balaji.bandi  indicates, you cannot connect one port of one PortChannel to one device and another port of the same Portchannel to another.

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_config_802.htm

As the guide indicates, you can connect a PortChannel to Forti1 and another PortChannel to Forti2.

 

Regards

0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
0
5
0
5
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad