Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
0
Helpful
1
Replies

Cisco 3750X stack behaviour

darren-carr
Level 2
Level 2

‎09-28-2011 02:01 AM - edited ‎03-07-2019 02:28 AM

Hi Guys,

I'm after a bit of advice.

In my environment I have a pair of Fortigate firewalls configured in a Active-Passive configuration, that are connected, through a 802.3ad interface to a pair of stacked Cisco 3750X (distribution). I also have a downstream Cisco 2960 switch (access) that my workstation is patched into.

Cisco 3750X-01 = master

Cisco 3750X-02 = slave

So ports are mapped as:

Cisco 2960G Gi 1/0/49 -> Cisco 3750X-01 Gi 1/1/1

Cisco 2960G Gi 1/0/50 -> Cisco 3750X-02 Gi 2/1/1

Gi 1/0/49 and Gi 1/0/50 = po1 (Cisco 2960G)

Cisco 3750X-01 Gi 1/0/1 -> FW001 port3

Cisco 3750X-01 Gi 2/0/1 -> FW001 port4

Cisco 3750X-01 Gi 1/0/2 -> FW002 port3

Cisco 3750X-01 Gi 2/0/2 -> FW002 port4

Gi 1/0/1 and 2/0/1 make up a portchannel = po1 (Cisco 3750X)

Gi 1/0/2 and 2/0/2 make up a portchannel = po2 (Cisco 3750X)

I am working through a number of failure scenraios. One that I am struggling with is the failure of a switch in the stack by pulling the power to one of the stack of Cisco 3750X switches.

My test is to issue a continuous ping from an workstation that is patched into the Cisco 2960G.This switch is dual connected to the Cisco 3750X-01 (see above).

If I issue a ping from the workstation it passes through the switch, up through the Cisco 3750-X, through the Fortigate to the host that resides on a different physical interface.

Now, for my test. ...........

When I pull the power to Cisco 3750X-01 the PING stops, then after about 45 seconds it starts again.

I found this behaviour to be odd as:

- the access switch that the workstation is patched into still has an uplink to the Cisco 3750X-02 (Gi 1/0/50) and the port-channel from the Cisco 3750X-01 (po1) still has a uplink to the FW001 (Gi 2/0/1). So both port-channel should remain up?

- I've checked the Fortigate appliance and it has not failed over to the other member in the cluster. So it looks like a switch problem?

Any idea what causes this behaviour? I've looked around the stack configuration but can't find anything here?

Has anyone experienced anything similar or know of any known issues with this?

Thanks,

Darren

Labels:
0 Helpful
1 Reply 1

darren-carr
Level 2
Level 2

‎09-28-2011 09:47 PM

Further to the above I have observed some strange behaviour with the stack I have configured.

So I have 2 x 3750X connected in a stack. I also have 1 x 2960S. And 2 x Fortigate 200B.The appliances are connected as follows:

3750X-01(Gi 1/1/1) -> 2960S (Gi 1/0/49)

3750X-02(Gi 2/1/1) -> 2960S (Gi 1/0/50)

3750X-01(Gi 1/0/1) -> Fortigate1 (port3)

3750X-01(Gi 1/0/2) -> Fortigate2 (port3)

3750X-02(Gi 2/0/1) -> Fortigate1 (port4)

3750X-02(Gi 2/0/2) -> Fortigate2 (port4)

I connected to the stack, then to the configured master and reloaded the switch (to simulate a switch failure), the reload took the port-channel to the 2960S down? Why would this happen? Shouldn't it stay up?

Can anyone explain this? After a while the port-channel comes back up and traffic is forwarded again from the 2960S via the 3750X-02 to the Firewall?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card