10-17-2019 02:06 AM
Hi Team,
I have connected two core layer cisco SG550 switch with two firewall, i have attached my office network topology, kindly check the details,
i have configured LACP configuration on my cisco SG550 switch ports gi 1/0/4 and 1/0/5 another end my two firewalls connected
In firewall also i have configured LACp configured,
when i shutdown one switch port my data traffic not passing from another port automatically why ?
i have get two active ports in LACp port channel 1
in Show interface port channel 1
Po1 - gi 1/0/4-5
Is that i need to configure any thing in firewall side , please confirm me the switch side configuration.
Thanks,
Regards,
Yasmeen Shaul Hameed.
10-17-2019 02:18 AM
Hi there,
According to your diagram you are trying to establish a port-channel with two logically separate firewalls, and to make things worse they are from different vendors, so unlikely to ever be logically aggregated. As such you will never get the two member links in the SG switch port-channel to be up.
What are you trying to achieve with this setup?
A increase in bandwidth? why not have separate port-channels to each firewall.
Layer 3 failover? Have separate Layer 3 links to each firewall, adjusting link costs to facilitate path selection.
cheers,
Seb.
10-17-2019 02:24 AM
Hi,
Why is it happening because you are using two different devices at remote (Different Firewall)? It is not matching with the Port-Channel condition. Both firewalls must be in the same control panel for multi-chassis port-channel and it is not possible due to different vendors.
I am not sure what is your firewall configurations. If there is no duplicate IP address then you can make an SVI and assign it to the gi 1/0/4-5 ports (Access ports).
05-21-2020 12:30 AM
Good day
I have the same exact topology for my environment so what I did was creating a default route to the ISP Link on the Firewall
Static route from the Firewall to the Core Switch within the same subnet with the SG350 switches as well 172.16.x.x
Question should i make the port trunk from the Core to the Firewall advice
Please let me know if the above makes sence
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide