Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
4
Replies

Switchport Configuration

fatalXerror
Level 5
Level 5

‎03-25-2020 10:46 AM

Hi Guys,

I have a firewall configured in bridge mode (transparent) and it is in between of my two switches and these two switches needs to form OSPF neighbor.

The two interface of my firewall is configured as trunk and I tag the VLAN per interface like eth1.100 <-> eth2.100 and eth1.200 <-> eth2.200. 

What should be the configuration of the ports of my two switches connecting to the eth1 and eth2 of my firewall? 

Thank you very much.

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎03-25-2020 10:59 AM

Hi,

Assuming you are using vlan 100 and 200, you need a trunk port on each of the switches connected to the firewall. You also need to create an SVI for the vlan you are going to use to peer OSPF with the other switch. In reality, you only need one vlan for peering and not 2. So, vlan 100 with an SVI on each switch and OSPF config on each switch should do the peering.

HTH

0 Helpful

fatalXerror
Level 5
Level 5
In response to Reza Sharifi

‎03-25-2020 11:07 AM

Hi @Reza Sharifi ,

We tried that kind of configuration but for some reason the OSPF is not forming and I cannot even reach the P2P IP of the switch. But, when we tried to configure the switchport as an access port for example VLAN 100, the OSPF formed.

You are correct, one OSPF should be fine already however, as per my network engineer who designed it, the reason why it is like that is because it uses VRF as well in which all inter-VRF routing will be done on the core switch above my firewall.

Do you have an idea why it works when we configured the switchport to an access port?

Thanks

 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to fatalXerror

‎03-25-2020 02:09 PM - edited ‎03-25-2020 02:16 PM

Can you post switch config and point out the interfaces you are using to connect to the firewall and also the SVIs?

Even with VRF, you still need one global transit vlan between the 2 switches for OSPF peering. If you are also using a VRF to peer the switches together than that is different vlan or sub-interface. I am still not clear, why you are trying to peer globally as well as within a VRF, if my understanding is correct.

HTH

0 Helpful

Quentin Gabrel
Level 1
Level 1

‎03-25-2020 11:01 AM

Hi,

 

Could you give us more details ?

What's the model of your switch ? OSPF is a routing protocol which have to "bind" to L3 interface of your equipment.

 

I'm not sure to understand why you have two vlan.

I think you should use interface vlan on your switch to run OSPF. 
The configuration of your physical interface must be switchport mode trunk with an allow vlan 100, 200

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card