03-29-2022 01:15 PM - edited 03-29-2022 01:16 PM
Hi
With the below topology, is it possible to get VRRP up and running between the two switches if I create L3 portchannels to the firewall instead of sub-ifs or SVI's with trunked vlan's?
I'm guessing the only way would be if the two L3 port channels were attached to a L2 switch or is there a way that the switches can use their own L2 port channel between them to get it working?
Thanks
Solved! Go to Solution.
03-29-2022 01:20 PM
That isn't going to work because there is no L2 path between the L3 port channels.
You need to use SVIs if those are L3 switches.
Jon
03-29-2022 01:20 PM
That isn't going to work because there is no L2 path between the L3 port channels.
You need to use SVIs if those are L3 switches.
Jon
03-29-2022 01:25 PM
Yup pretty much what I thought. Was hoping I’d missed a trick with all the years of sub-ifs and SVI’s.
03-29-2022 01:23 PM
You need to create FW side VRRP, then you need to Layer 2 right ?
03-29-2022 01:26 PM
Hi
its all about the switches. Need vrrp there on the l3 port channels. The firewalls are actually mis-represented in the diagram and just have a floating active address in an active / standby setup.
03-29-2022 11:51 PM
You need Layer 2 for the peer to communicate each other., suggest that you can have SVI using L2 port-channel.
03-29-2022 02:58 PM
FW is HA
You need to connect via L2,
L3 port channel can not config here.
One SVI in each L3SW and in FW sub interface IP. during the failover the Sub-interface IP is change and need to send ARP to declare it new Active FW.
Need L2.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide