Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
4
Replies

Layer 3 HA

soporteca
Level 1
Level 1

‎10-04-2019 11:15 AM

Hi Cisco Gurus!

 

I'm having a big doubt related to Layer 3 HA or Bonding. On one side I have cisco 4900M layer 3 sw, where I 've configured a port channel with 2 ports, and assigned it and ip address:  172.26.114.1

On the other side there is a Fortinet array in HA mode (2 500e). I have set up an IP address 172.26.114.2. Now, the qst is :

How can I connect my 4900 to fortinet? Is it posible to take one port to forti1 and other port of the port channel to port of the forti2? Am I right?

Thanks

Mariano

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎10-04-2019 11:24 AM

No, You can not do that, you need to have different network segments and 1 L2 Link for HA ( Fortinet point of view) ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

soporteca
Level 1
Level 1
In response to balaji.bandi

‎10-04-2019 11:34 AM

Thanks for your answer. You mean one segment at cisco and other at forti. lets say: 172.26.114.1/30 forti and 172.26.114.5/30 Cisco? I don't really understand your idea. I don't want to use anothr switch as support.

Thanks

Mariano

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to soporteca

‎10-04-2019 11:49 AM

As per your orginal post, you looking to HA (Pair of Forti kits) and you like to connect those both in to One Switch?

 

if that is the case, its not the best solution and you can not split the port-channel in to 2 links (one for Forti1 and another 1 to Forti 2)

 

Look at high availability design :

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/661074/high-availability-with-two-fortigates

 

If my understanding wrong, please explain with diagram, so we can suggest better.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

luis_cordova
VIP Alumni
VIP Alumni

‎10-04-2019 11:58 AM

Hi @soporteca 

 

You could review this guide for reference. As @balaji.bandi  indicates, you cannot connect one port of one PortChannel to one device and another port of the same Portchannel to another.

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_config_802.htm

As the guide indicates, you can connect a PortChannel to Forti1 and another PortChannel to Forti2.

 

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card