Re: etherchannel support between Active-passive FTD-VSS switch

yong khang NG · ‎10-06-2021

Hi All

Would like to check out is it feasible to do both end back-to-back etherchannel between these device

a pair of cisco FTD in active-passive HA setup connecting catalyst switch doing VSS.No cross connection, mean

FW01 g0/1- SW01 g0/1,

FW02 g0/1- SW02 g0/1.

Question: Can i do L2 etherchannel on this case, the challenge i se reside at the FTD side.

If not support, mean the loop prevention still stick back to STP, am i correct?

Any comment welcome, thanks

Noel

balaji.bandi · ‎10-06-2021

FW01 g0/1- SW01 g0/1,

FW02 g0/1- SW02 g0/1.

this is not best approach here, with the single Link to parent switch, Suggest model always have dual link to both the switches in VSS / vPC deployment

you can find deployment models as below :

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

yong khang NG · ‎10-06-2021

Hi Sir,

Thanks for the comment.

But due to single connection from each device this constraint, can i say the link between sw02 - passive ftd unit will have STP block mode, to prevent loop?

Noel

balaji.bandi · ‎10-06-2021

if that is contrain of the deployment, and we need to consider as Risk and deploy.

where is the STP coming in to picture here ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help