Cisco 4500X connecting to CheckPoint Firewall Quad NIC Card

RakeshBoodram · ‎04-04-2018

Good day,

New to the forum, hope everyone is doing great.

I am deploying two 24port Cisco 4500X configured with VSS as the Switch Core. The CheckPoint Firewall cluster are Dell Servers with multiple NIC cards.

I am aware that spanning tree has to be considered and i have three networks coming off the same Quad interface card.

Can i connect all the Server interfaces (7 networks segments) to VLANs on the 4500X without creating network issues or the potential for performance problems?

Any feedback will be appreciated.

Thanks.

Dennis Mink · ‎04-04-2018

Personally I would run a link from each 4500 into each stack (and port channel), so 8 links in total between your stacks and 4500's. so each stack connects to both 4500's

Please remember to rate useful posts, by clicking on the stars below.

Deepak Kumar · ‎04-04-2018

Hi,

This is recommended to use the port-channel / EtherChannel to utilize all links without making any STP issue.

First, you have to make sure that EtherChannel / Port-Channel is configured on your Server (Checkpoint) Vswitch. And second, you can use One port on every chassis of your Core switch and make configure all ports as in a port channel (Multi-Chassis port channel).

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

RakeshBoodram · ‎04-05-2018

Thank you very much Dennis and Deepak.

Deepak please forgive me, you are saying that if I connect the networks off the Firewall as in the attached file, I can encounter STP issues?

The Checkpoint servers are not virtual machines so I'm not sure how to configure the network interfaces for port-channel / EtherChannel. I will research this.

Deepak Kumar · ‎04-05-2018

Hi,

As you mentioned that this is a dell server so I thought that firewall is installed in the virtual environment. Now you cleared it. Thanks.

As per your diagram, every port belongs to a different subnet (VLAN) so on these four port configuration will like an access port (If you didn't tag the VLAN on Checkpoint) as below:

Interface gig1/0/2

description "Connected to Checkpoint LAN Port 1-10.250.90.0"

switchport mode access

switchport access vlan X

spanning tree portfast

Exit

if you configured VLAN on checkpoint and tagged on the port then your switch port configuration as below:

Interface gig1/0/2

description "Connected to Checkpoint LAN Port 1-10.250.90.0"

switchport mode trunk

switchport trunk allowed vlan X

Exit

I am not sure about two extra ports, I hope those ports for your ISP. If I am right then these both ports are must be as an access port (If ISP is not supplied VLAN Tag).

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

RakeshBoodram · ‎04-06-2018

Hi Deepak,

Thanks again for your reply.

The last diagram was only to show that multiple networks are configured on the Quad card. The attached file shows all the interfaces and networks.

A network engineer suggested to me that it is not recommended to connect more than two networks from the same quad card to VLANS on the 4500X switch. He said that the switch can see network loops because of this. I am trying to confirm if this is in fact the case.

VLANs and tagging is not configured on the Checkpoint Server.

Regards,