11-01-2019 02:44 PM
Hi,
need to configure MEC ports in VSS for Firewall,
existing Scenario:
existing 4500 and 6807 switch are configured in HSRP,
below configuration of ports :
6807 (config) #interface TenGigabitEthernet1/1
description "To Firewall "
ip address 192.268.25.1 255.255.255.252
4500(config) #interface GigabitEthernet1/1
description "To Firewall"
no switchport
bandwidth 1000000
ip address 192.168.25.1 255.255.255.252
Please help to configure this port in MEC for VSS
Solved! Go to Solution.
11-06-2019 12:30 PM
This will be a routed, layer-3 Po. So, there is no need for Switch port trunk command at all.
HTH
11-01-2019 02:59 PM
Can you elaborate more on the issue?
You can not mix 2 devices into one MEC
HSRP is a Virtual IP address you can have the same IP address on different devices in the same network.
existing 4500 and 6807 switches are configured in HSRP, <<- is this your live environment?
the configuration you provided was working one, or proposing one?
Like to see your high-level network diagram how these 2 switches connected and how your FW connected, what mode you like to configure, transparent or route mode?
11-01-2019 03:26 PM
existing 4500 and 6807 switches are configured in HSRP, <<- is this your live environment? Yes Running environment,
Now we are migrating from HSRP to VSS
we will replace 4500 series switch with 6807xl ; ( please find the attach design)
in two 6807 switches we will configure VSS, after achieving VSS i need how to configured Firewall ports,
existing configuration of firewall ports in HSRP mode is in my first post.
11-01-2019 03:52 PM
attachment missed here--post again.
11-02-2019 11:57 AM
11-02-2019 12:15 PM
In order to achieve what you need is that you have to put both ports from the VSS 6807 switches in a Portchannel and than configure a /30 subnet on the Portchannel interface (Layer-3 PO). You also have to make sure that the firewall supports some sort of aggregation with LACP or mode on. I am assuming this is only one firewall and not 2.
HTH
11-02-2019 12:29 PM
Thank you for your reply @Reza Sharifi
Correct me in below configuration :
VSS- Switches :
interface Port-channel10
description *** To firewall ***
switchport
switchport mode trunk
interface TenGigabitEthernet 1/1/7
description *** To Firewall ***
switchport mode trunk
channel-group 10 mode active
!
interface TenGigabitEthernet 2/1/7
description *** To Firewall ***
switchport mode trunk
channel-group 10 mode active
1) Please suggest for L3 PO ???
2) please suggest me for Cisco firewall side configuration .
3) only 1 firewall is there.
11-02-2019 12:37 PM
Ok, the config you posted in for a lyer-2 po. If you are planning to do layer-3, the config should look like this
interface Port-channel10
description *** To firewall ***
no switchport
ip address x.x.x.x/30
interface TenGigabitEthernet 1/1/7
description *** To Firewall ***
channel-group 10 mode active
!
interface TenGigabitEthernet 2/1/7
description *** To Firewall ***
channel-group 10 mode active
You also need a po config on the firewall with an IP in the same segment as the /30.
HTH
11-06-2019 11:51 AM
Thank you for reply @Reza Sharifi @balaji.bandi
so i will configure L3 PO as below
interface Port-channel10
description *** To firewall ***
no switchport
ip address 182.30.210.1 255.255.255.252 ( and my other side ip 182.30.210.2 255.255.255.252)
interface TenGigabitEthernet 1/1/7
description *** To Firewall ***
channel-group 10 mode active
!
interface TenGigabitEthernet 2/1/7
description *** To Firewall ***
channel-group 10 mode active
we don't need Switch port trunk command in Interface ports ????
Please reply me as above commands will work or i need to add Switch port command in Interface ports .
11-06-2019 12:30 PM
This will be a routed, layer-3 Po. So, there is no need for Switch port trunk command at all.
HTH
11-06-2019 12:36 PM
Thank you for Support @Reza Sharifi
11-02-2019 12:42 PM
Since VSS virtually 1 chassis you do not need HSRP here, just configure MEC with L3 PO that should do the trick for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide