cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

314
Views
0
Helpful
3
Replies
Beginner

Eterchannel on CAT 4500 in VSS for cisco FTD Firewall

Hello Expert,

 

I am trying to interconnect two CAT 4500 in VSS to cisco Firewall FTD.

I have Configure Eterchannel on FTD Firewall. Below is the architecture that I am trying to do.

 

My ip adresses are on the Etherchanel ports.

I am thinking that port-channel 3 and port-channel 2 on the vss can't us the same IP adress.

so how can this work ?

 

Please Help me.

 

Regards,

 

Zanga
FTD cap.PNG

3 REPLIES 3
VIP Advisor

Re: Eterchannel on CAT 4500 in VSS for cisco FTD Firewall

Lets Look at Failure Scenarios here.

 

FTD is Active / Standby, Means if the Active Fails, Standby kick on and process all request by Becoming Active.

 

In this Case all the IP address will move from Active to Standby (depends on how you configure)

 

in this above scenario if you looking, then you need to introduce SVI with HSRP on both the SWITCHES.

 

Look at some reference document :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

 

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: Eterchannel on CAT 4500 in VSS for cisco FTD Firewall

Hi,

1. Configure the port channel on VSS switch as trunk to allow only the dedicated transitional VLAN (E.g. vlan99).
2. Configure SVI of VLAN99, assign IP address to it.
3. Configure subinterface with dot1q encapsulation (vlan 99) on firewall, assign IP address to it.

It should now able to communicate between the primary unit and to the VSS.

I think HSRP is not needed if VSS is formed on both C4500 unit..
VIP Advisor

Re: Eterchannel on CAT 4500 in VSS for cisco FTD Firewall

Hello

The FW PC's will be in the same subnet anyway so unless I am missing something here whats wrong with having one PC on the VSS (same subnet as the FW active/standby pc interfaces) with all 4 ports assigned to it?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards