cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

253
Views
0
Helpful
11
Replies
Beginner

Configuring MEC ports in VSS

Hi,

need to configure MEC ports in VSS for Firewall,

existing Scenario:

existing 4500 and 6807 switch are configured in HSRP,

below configuration of ports :

6807 (config) #interface TenGigabitEthernet1/1
                         description "To Firewall "
                         ip address 192.268.25.1 255.255.255.252

 

4500(config) #interface GigabitEthernet1/1
                      description "To Firewall"
                      no switchport
                      bandwidth 1000000
                      ip address 192.168.25.1 255.255.255.252
Please help to configure this port in MEC for VSS

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Expert

Re: Configuring MEC ports in VSS

This will be a routed, layer-3 Po. So, there is no need for  Switch port trunk command at all.

 

HTH

View solution in original post

11 REPLIES 11
VIP Advisor

Re: Configuring MEC ports in VSS

Can you elaborate more on the issue?

 

You can not mix  2 devices into one MEC 

HSRP is a Virtual IP address you can have the same IP address on different devices in the same network.

 

existing 4500 and 6807 switches are configured in HSRP,  <<- is this your live environment?

 

the configuration you provided was working one, or proposing one?

 

Like to see your high-level network diagram how these 2 switches connected and how your FW connected, what mode you like to configure, transparent or route mode?

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: Configuring MEC ports in VSS

 

existing 4500 and 6807 switches are configured in HSRP,  <<- is this your live environment?  Yes Running environment,

Now we are migrating from HSRP to VSS

we will replace 4500 series switch with 6807xl ; ( please find the attach design)

in two 6807 switches we will configure VSS, after achieving VSS i need how to configured Firewall ports,

 

existing configuration of firewall ports in HSRP mode is in my first post.

VIP Advisor

Re: Configuring MEC ports in VSS

attachment missed here--post again.

BB
*** Rate All Helpful Responses ***
Beginner

Re: Configuring MEC ports in VSS

please find the attach visio design,

 

 

VIP Expert

Re: Configuring MEC ports in VSS

In order to achieve what you need is that you have to put both ports from the VSS 6807 switches in a Portchannel and than configure a /30 subnet on the Portchannel interface (Layer-3 PO). You also have to make sure that the firewall supports some sort of aggregation with LACP or mode on. I am assuming this is only one firewall and not 2.

HTH

Beginner

Re: Configuring MEC ports in VSS

Thank you for your reply @Reza Sharifi 

 Correct me in below configuration :

VSS- Switches :

 

interface Port-channel10
description *** To firewall ***
switchport
switchport mode trunk

 

interface TenGigabitEthernet 1/1/7
description *** To Firewall ***
switchport mode trunk
channel-group 10 mode active
!
interface TenGigabitEthernet 2/1/7
description *** To Firewall ***
switchport mode trunk
channel-group 10 mode active

 

1) Please suggest for L3 PO ???

2) please suggest me for Cisco firewall side configuration .

3) only 1 firewall is there.

VIP Expert

Re: Configuring MEC ports in VSS

Ok, the config you posted in for a lyer-2 po. If you are planning to do layer-3, the config should look like this

interface Port-channel10
description *** To firewall ***
no switchport 
ip address x.x.x.x/30

 

 

interface TenGigabitEthernet 1/1/7
description *** To Firewall ***
channel-group 10 mode active
!
interface TenGigabitEthernet 2/1/7
description *** To Firewall ***
channel-group 10 mode active

 

You also need a po config on the firewall with an IP in the same segment as the /30.

HTH

Beginner

Re: Configuring MEC ports in VSS

Thank you for reply @Reza Sharifi @balaji.bandi 

 

so i will configure L3 PO as below

 

interface Port-channel10
description *** To firewall ***
no switchport
ip address 182.30.210.1 255.255.255.252   ( and my other side ip 182.30.210.2 255.255.255.252)

 

 

interface TenGigabitEthernet 1/1/7
description *** To Firewall ***
channel-group 10 mode active
!
interface TenGigabitEthernet 2/1/7
description *** To Firewall ***
channel-group 10 mode active

 

we don't need Switch port trunk command in Interface ports ????

 

Please reply me as above commands will work or i need to add Switch port command in Interface ports .

Highlighted
VIP Expert

Re: Configuring MEC ports in VSS

This will be a routed, layer-3 Po. So, there is no need for  Switch port trunk command at all.

 

HTH

View solution in original post

Beginner

Re: Configuring MEC ports in VSS

Thank you for Support @Reza Sharifi 

VIP Advisor

Re: Configuring MEC ports in VSS

Since VSS virtually 1 chassis you do not need HSRP here, just configure MEC with L3 PO that should do the trick for you.

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards