Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1431
Views
25
Helpful
6
Replies

can be deleted

Go to solution
AE111
Level 1
Level 1

‎09-02-2020 10:47 AM - edited ‎09-22-2020 08:50 AM

can be deleted

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎09-02-2020 11:14 AM - edited ‎09-02-2020 11:14 AM

Hi,

1.  the stack shows the primary switch as master and the secondary one as member. How to make the secondary one to look as slave instead of member?

There is no need to change that. Salve and member are the same.

 

As long as you have uplink from both switches to the firewall when one switch fails, the other one will take over packet forwarding. Think of stack as one logical switch. You only configure the master and the master pushes the config to members.

HTH

View solution in original post

6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-02-2020 11:10 AM

try below config :

 

switch 1 priority 15

switch 2 priority 14

 

Switch 1 fails Switch 2 become master and all the ports start working as expected in the data path.

 

Make sure you connect your uplink Switch 1 and Switch 2.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎09-02-2020 11:14 AM - edited ‎09-02-2020 11:14 AM

Hi,

1.  the stack shows the primary switch as master and the secondary one as member. How to make the secondary one to look as slave instead of member?

There is no need to change that. Salve and member are the same.

 

As long as you have uplink from both switches to the firewall when one switch fails, the other one will take over packet forwarding. Think of stack as one logical switch. You only configure the master and the master pushes the config to members.

HTH

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-02-2020 11:17 AM - edited ‎09-02-2020 11:18 AM

I've haven't work with 2960 stacks, but I believe they function (logically) like Catalyst 3K stacks, i.e. if the master fails, another stack unit will become the master and keep the config.  You will, of course, lose the ports of any stack unit that fails.

As to connecting devices to a stack, ideally, (at least on 3K stacks) you want an Etherchannel link between the stack and the other device with at least one link, of the Etherchannel, connected to different stack units.  If other device doesn't support Etherchannel, other choices include having the other stack unit port in the same VLAN (STP may be required) or a different VLAN (multi-homed).  Cannot say what your options are for your FW.  Check its documentation for something like redundancy options.

Go to solution
AE111
Level 1
Level 1

‎09-02-2020 01:13 PM - edited ‎09-22-2020 08:50 AM

can be deleted

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to AE111

‎09-02-2020 01:40 PM

That looks about right.

You could also use the same port numbers (except the member number) on both switches.  I.e. if you're using something like 1/0/47 and 1/0/48 now, you might use 1/0/47 and 2/0/47 or 1/0/48 and 2/0/48.

After you get the FW on the other switch member, you can "reclaim" the prior, now unused, switch port for another purpose.

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to AE111

‎09-02-2020 02:24 PM

Hi Sinan,

Link aggregation with LACP should work. Since you are using the FWs in active/passive mode, I would also talk to FGT to make sure if the connection to the active firewall fails, the traffic is then routed to the backup FW and the backup FW uses the interlink to send the traffic to the primary FW to be forward it upstream and not get blocked.

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top