cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
345
Views
0
Helpful
4
Replies
soporteca
Beginner

Layer 3 HA

Hi Cisco Gurus!

 

I'm having a big doubt related to Layer 3 HA or Bonding. On one side I have cisco 4900M layer 3 sw, where I 've configured a port channel with 2 ports, and assigned it and ip address:  172.26.114.1

On the other side there is a Fortinet array in HA mode (2 500e). I have set up an IP address 172.26.114.2. Now, the qst is :

How can I connect my 4900 to fortinet? Is it posible to take one port to forti1 and other port of the port channel to port of the forti2? Am I right?

Thanks

Mariano

4 REPLIES 4
balaji.bandi
VIP Guru

No, You can not do that, you need to have different network segments and 1 L2 Link for HA ( Fortinet point of view) ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for your answer. You mean one segment at cisco and other at forti. lets say: 172.26.114.1/30 forti and 172.26.114.5/30 Cisco? I don't really understand your idea. I don't want to use anothr switch as support.

Thanks

Mariano

As per your orginal post, you looking to HA (Pair of Forti kits) and you like to connect those both in to One Switch?

 

if that is the case, its not the best solution and you can not split the port-channel in to 2 links (one for Forti1 and another 1 to Forti 2)

 

Look at high availability design :

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/661074/high-availability-with-two-fortigates

 

If my understanding wrong, please explain with diagram, so we can suggest better.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

luis_cordova
VIP Advisor

Hi @soporteca 

 

You could review this guide for reference. As @balaji.bandi  indicates, you cannot connect one port of one PortChannel to one device and another port of the same Portchannel to another.

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_config_802.htm

As the guide indicates, you can connect a PortChannel to Forti1 and another PortChannel to Forti2.

 

Regards