Solved: Re: can i configure same ip on stack switch

Lalaram Raika · ‎03-05-2025

i have 2 cisco 9300 in stack as a core switch so i want to make redundent up link so uplink has 2 fortinet firewall swi1's gig1/0/1 connected to fw1's lan (192.168.1.1/29) and sw1's gig2/0/1 connected to fw2's lan so both firewall configured in ha so both fw's lan port has same ip

will it work proper or anyone have any idea

please suggest

can i configure same ip 192.168.1.2 in both switch sw1's gig1/0/0 and sw2's gig2/0/1

M02@rt37 · ‎03-05-2025

Hello @Lalaram Raika

No, you can not.

You should configure instead a portchannel on your 9300 stack, bundling both uplinks into a single logical interface. This approach allows both links to be active simultaneously !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎03-05-2025

Hello @Lalaram Raika

No, you can not.

You should configure instead a portchannel on your 9300 stack, bundling both uplinks into a single logical interface. This approach allows both links to be active simultaneously !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Lalaram Raika · ‎03-05-2025

sopouse i configured in cisco switch and other end is fortigate device will that work

balaji.bandi · ‎03-05-2025

If you're looking HA or Firewall deployment, then try using HSRP between the switch for redundancy

Look at the Fortigate HA design guide.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Lalaram Raika · ‎03-05-2025

will l3 etherchannel work

balaji.bandi · ‎03-07-2025

for HSRP you need Layer 2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Lalaram Raika · ‎03-06-2025

what will best according to this diagram

M02@rt37 · ‎03-06-2025

Hello @Lalaram Raika

Good start this diagram.

Configure Portchannel on COREs and configure FW1/2 in a HA cluster. Active/Passive should be sufficient.

Since C9300 are stacked, they are considered like only one platform...so Gi 1/0/1 and Gi2/0/1 on a Portchannel towards LAN1 and LAN2 on Active FW and Gi 1/0/2 and Gi 2/0/2 on a Portchannel towards LAN1 and LAN2 towards Passive FW.

We can think about routing if you explain a little bit more your context.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Lalaram Raika · ‎03-06-2025

fw's LAN1 AND LAN2 are in vlan in that vlan has ip 192.168.10.1 and sw1's gig1/0/1 is connected to fw's lan1 port which has ip 192.168.10.2 , now my question is will both port channel use a single ip

M02@rt37 · ‎03-06-2025

@Lalaram Raika

Gi 1/0/1 and Gi 2/0/1 on PortChannel-01 in trunk mode towards FW-01 Active

Gi 1/02 and Gi 2/0/2 on PortChannel-02 in trunk mode towards FW-02 Passive

On these ports allow the vlan id identified by the SVI.

On FW side, configure sub-interface based on the vlan id too.... and SVI !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Lalaram Raika · ‎03-06-2025

i want to make fw and sw in HA which config will be best vrrp, hsrp or etherchannel