Porfast on firewall-on-a-stick on Nexus 5672UP

John Naggets · ‎01-22-2018

Hello,

I have two Nexus 5672UP switches and have redundantly connected my firewall to both of the switches using a trunk which serves as a firewall-on-a-stick for multiple VLANs.

Now when I need to reboot my firewall I would like to have the network available immediately using portfast but I have a few questions before:

1) Is the following command the correct interface command to apply for this purpose:

spanning-tree port type edge trunk

2) Do I apply this command on the Ethernet interfaces or onto the Port-Channel (or both)?

3) Is it safe to enable portfast in such a firewall-on-a-stick config?

My config looks currently like that (taken from the first switch):

interface Ethernet1/22
  description firewall interface 1
  switchport mode trunk
  switchport trunk allowed vlan 2,5,6,11,13,14
  channel-group 22 mode active
 
interface port-channel22
  description firewall trunk
  switchport mode trunk
  switchport trunk allowed vlan 2,5,6,11,13,14
  speed 10000
  vpc 22

Thanks for your input.

Regards,

John

paul driver · ‎01-23-2018

Hello

L2 PC configuration comes from the the PC itself, So I would suggest apply it to the PC not the physical interfaces

I would be a cautious on applying portfast to anything other then a end host like a server, otherwise you could introduce an unwarranted loop

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul