Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
3
Replies

Cisco SG550 switch to firewall - LACp configuration

Yasmeen
Level 1
Level 1

‎10-17-2019 02:06 AM

Hi Team, 

        I have connected two core layer cisco SG550 switch with two firewall, i have attached my office network topology, kindly check the details,

i have configured LACP configuration on my cisco SG550 switch ports gi 1/0/4 and 1/0/5 another end my two firewalls connected 

In firewall also i have configured LACp configured, 

when i shutdown one switch port my data traffic not passing from another port automatically why ?

i have get two active ports in LACp port channel 1 

in Show interface port channel 1 

Po1  - gi 1/0/4-5

 

Is that i need to configure any thing in firewall side , please confirm me the switch side configuration.

 

Thanks,

Regards,

Yasmeen Shaul Hameed.

 

Labels:
Preview file
37 KB
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎10-17-2019 02:18 AM

Hi there,

According to your diagram you are trying to establish a port-channel with two logically separate firewalls, and to make things worse they are from different vendors, so unlikely to ever be logically aggregated. As such you will never get the two member links in the SG switch port-channel to be up.

 

What are you trying to achieve with this setup?

A increase in bandwidth? why not have separate port-channels to each firewall.

Layer 3 failover? Have separate Layer 3 links to each firewall, adjusting link costs to facilitate path selection.

 

cheers,

Seb.

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎10-17-2019 02:24 AM

Hi,

Why is it happening because you are using two different devices at remote (Different Firewall)? It is not matching with the Port-Channel condition. Both firewalls must be in the same control panel for multi-chassis port-channel and it is not possible due to different vendors.

 

 I am not sure what is your firewall configurations. If there is no duplicate IP address then you can make an SVI and assign it to the gi 1/0/4-5 ports (Access ports).

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

DivineMuteta90931
Level 1
Level 1
In response to Deepak Kumar

‎05-21-2020 12:30 AM

Good day

 

I have the same exact topology for my environment so what I did was creating a default route to the ISP Link on the Firewall

Static route from the Firewall to the Core Switch within the same subnet with the SG350 switches as well 172.16.x.x

 

Question should i make the port trunk from the Core to the Firewall advice 

 

Please let me know if the above makes sence 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card