11-12-2014 07:23 PM - edited 03-07-2019 09:29 PM
Hi all,
We're planning buy 6 set of Cisco 2960-X with stacking with existing two firewall with HA function (please see attached diagram), if firewall 01 down will auto failover to firewall 02, is this network design good ?
Please some expert give us suggestion.
Thanks
11-12-2014 07:51 PM
Hi,
Are these Cisco firewalls?
You need a connection between the firewalls and configure them as HA so when the link to fw-1 fails fw-2 will take over. You don't need multiple links between each fw and each switch, one connection from each switch to each firewall should be enough since the switches are stacked.
HTH
11-12-2014 08:21 PM
Hi Reza Sharifi,
Thanks for your helping.
Those firewall not Cisco, is ZyWALL USG-310, the HA concept is each interface has VIP, all client gateway use VIP within same interface subnet, so needed multiple links for each VLAN for different subnets (We have four subnets).
Thanks
11-13-2014 06:29 AM
Hello moongoolioo,
ZyWALL USG-310 not support ether channels, I think my setup is good enough, right ?
Thanks
11-12-2014 09:18 PM
Good day.
If your firewalls support ether channels (with lacp) and subinterfaces, i will recoomend to unite FW ports into etherchannel trunk and spread other side over access switches for e.g. FW1 connect to first and last switch, FW2 to second and forth switch. All vlans are passed over those portchannel trunks and terminated on FW subinterfaces with configured HA.
But if you want to build scalable, predictable and HA block you should consider introducing some type of aggregation layer between FW and access layer.
11-14-2014 07:42 AM
Hello,
1. Do 2960-X support 6 member stacking ?
2. Do 2960-X support Bladeswitch stack cable ?
3. I think need buy stack module, right ?
Thanks
11-14-2014 03:10 PM
1. Do 2960-X support 6 member stacking ?
2960X support a stack size of 8, however, you need to be careful. The stacking speed of the 2960X is 20 Gbps. So you need to know if stacking up 8 is beneficial or not.
2. Do 2960-X support Bladeswitch stack cable ?
No. The stacking cable for the 2960S/X/XR are specific only for this models.
3. I think need buy stack module, right ?
Stacking modules and stacking cables.
11-14-2014 03:47 PM
Hi Leo, thanks for your helping,
1. I just checked here , 2960-X stack member up to 8.
2. You said Bladeswitch stack cable for the 2960S/X/XR, the range included 2960-X, is it support ? or I need buy Flexstack cable ?
3. I forgot request modules on the quotation ....
Thanks
11-14-2014 06:34 PM
I need buy Flexstack cable
You need FlexStack cable for 2960S/X/XR. You need to specify the length too. Default length is 0.5 metres in length. If you want to have a stack of 6 then one of the cables will have to be a long one.
11-14-2014 06:41 PM
Thanks, I will request stack modules and Flexstack cable.
11-15-2014 02:45 AM
Hello
Here is away of doing it with short cabling
1-2
1-3
2-1
2-4
3-1
3-5
4-2
4-6
5-4
5-6
6-5
6-4
Res
Paul
11-15-2014 08:17 AM
Hi Paul,
I don't understand what is your stack method.
Thanks
11-15-2014 10:54 AM
Hello
it basically cuts out having one long flexstack cable
Draw it out and it will give you full resiliency for a 6 switch stack
res
Paul
11-15-2014 11:00 AM
Hi Paul,
I saw switch 5 connecting switch 3,4,6 ?
3-5
5-4
5-6
Thanks
11-15-2014 11:09 AM
Hello
apologies that's a typo - let me make it clearer:
1-2
2-4
3--1
3-5
4-6
5-6
Res
paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide