Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
1
Helpful
3
Replies

Help with port config

gavinr98
Level 1
Level 1

‎02-29-2024 11:59 AM

Need a little help. I currently have 2 Cisco 9500's configured in a virtual stack, with one of the ports on sw1 configured as a layer 3 port to route traffic to our FW. What I would like to do is add another port from the 2nd switch that is in the stack as an HA port in the case that something happens to sw1. How would I go about doing this?

This is the config of the port.

interface HundredGigE1/0/3
description Uplink to FW
no switchport
ip address 10.X.X.X 255.255.255.248

Thanks!

 

Labels:
0 Helpful
3 Replies 3

liviu.gheorghe
Spotlight
Spotlight

‎02-29-2024 12:56 PM

Hello @gavinr98 ,

Adding another link from the 9500 stack to your firewall is a good move, but depending on your configuration, the second link could stay un-utilised until the firs link fails. I am thinking of bundling the two links in a Etherchannel.

The configuration for the switch will be similar to this:

interface HundredGigE1/0/3
description Uplink to FW
no switchport

channel-group 1 mode active

interface HundredGigE2/0/3
description Uplink to FW
no switchport

channel-group 1 mode active

interface Port-channel 1

ip address 10.X.X.X 255.255.255.248

This way you have the redundancy given by two links and the added bandwidth of the second link.

If the firewall is a Cisco FPR, than the the configuration steps can be found in this document: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215351-configure-verify-and-troubleshoot-port.html#toc-hId-1981994155

Regards, LG
*** Please Rate All Helpful Responses ***

gavinr98
Level 1
Level 1
In response to liviu.gheorghe

‎02-29-2024 01:29 PM - edited ‎02-29-2024 01:52 PM

Thank you! I will give this a try. The connection is going to a 10GB FS switch, so hopefully it wont we an issue. We are going to split out the connections for HA to our FW's.

0 Helpful

Richard Pidcock
Level 1
Level 1

‎03-01-2024 03:25 AM

Agree with @liviu.gheorghe , I would EtherChannel the interfaces.  Not sure what FW you are connecting to and what the capabilities are on that side of the connection but that will drive your decision.

Richard W. Pidcock
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card