Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
15
Helpful
6
Replies

VRRP Setup

Go to solution
anthonykahwati
Level 1
Level 1

‎03-29-2022 01:15 PM - edited ‎03-29-2022 01:16 PM

 

Hi

With the below topology, is it possible to get VRRP up and running between the two switches if I create L3 portchannels to the firewall instead of sub-ifs or SVI's with trunked vlan's?

I'm guessing the only way would be if the two L3 port channels were attached to a L2 switch or is there a way that the switches can use their own L2 port channel between them to get it working?

Thanks

 

vrrp_topology.PNG

 
 
 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-29-2022 01:20 PM

 

That isn't going to work because there is no L2 path between the L3 port channels. 

 

You need to use SVIs if those are L3 switches. 

 

Jon

View solution in original post

6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-29-2022 01:20 PM

 

That isn't going to work because there is no L2 path between the L3 port channels. 

 

You need to use SVIs if those are L3 switches. 

 

Jon

Go to solution
anthonykahwati
Level 1
Level 1
In response to Jon Marshall

‎03-29-2022 01:25 PM

Yup pretty much what I thought. Was hoping I’d missed a trick with all the years of sub-ifs and SVI’s. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-29-2022 01:23 PM

You need to create FW side VRRP, then you need to Layer 2 right ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
anthonykahwati
Level 1
Level 1
In response to balaji.bandi

‎03-29-2022 01:26 PM

Hi

its all about the switches. Need vrrp there on the l3 port channels. The firewalls are actually mis-represented in the diagram and just have a floating active address in an active / standby setup. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to anthonykahwati

‎03-29-2022 11:51 PM

You need Layer 2 for the peer to communicate each other., suggest that you can have SVI using L2 port-channel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-29-2022 02:58 PM

FW is HA
You need to connect via L2, 
L3 port channel can not config here.

One SVI in each L3SW and in FW sub interface IP. during the failover the Sub-interface IP is change and need to send ARP to declare it new Active FW. 
Need L2.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card