Solved: Two Catalyst 3750G and FortiGate 100D Redundancy

FlawlessEntropy · ‎03-15-2024

Hello,

What I'm trying to accomplish is redundancy in such a way that if one switch or link fails, the other one seamlessly takes over, according to the following network sketch:

The aggregation protocol on the FortiGate:

The config on both switches:

The problem I'm encountering is that one of the switches does not connect to the FortiGate, only one connection is active.

If I remove the active connection, it does turn on at the other switch (which was off) but it takes a while.

I'd like to have them both active at the same time and if possible use load balancing on them.

I've yet to figure out how or what is going on. The connection seems to be working fine in between them.

The FortiGate model is 100D running FortiOS v6.2.16 build 1392

Please help.

MHM Cisco World · ‎03-15-2024

You can NOT use PO betweet One Device and two separate SW, the SW must be stack or VSS or vPC to make this design work.

MHM

View solution in original post

MHM Cisco World · ‎03-15-2024

You can NOT use PO betweet One Device and two separate SW, the SW must be stack or VSS or vPC to make this design work.

MHM

FlawlessEntropy · ‎03-15-2024

Thank you, can you please help me with a few general guidelines before looking further into the matter?

Would I have to change anything on the FortiGate side in order to use either of those two, are they compatible with my particular use case?

balaji.bandi · ‎03-15-2024

Its all depends on how your Layer 3 SVI configured (are you using any HSRP ? on the switch?)

Also make sure Each Interface going to Fortigate should be Trunk not PO.

there are some testing required and tweak on Fortigate side to work. (i can not remember top of my head fortigate have some link monitor config - look their documentation)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

FlawlessEntropy · ‎03-15-2024

Thank you for all your answers so far, I'll look further into the matter and attempt a few things, and if I'm not successful, I'll be back.

MHM Cisco World · ‎03-15-2024

I check other solution and all need either Stack L2 SW or change it to be L3SW.
sorry
goodluck friend

MHM

Joseph W. Doherty · ‎03-15-2024

Generally, you can only do EtherChannel connections on the "same" device. So, only the port-channel between the two 3750Gs is valid.

To provide EtherChannel between the two 3750Gs, stack them (which also eliminates the need for EtherChannel between them and provides more bandwidth too).

Joseph W. Doherty · ‎03-15-2024

Oh, regarding load balancing, that depends on the LB options available on the transmitting device and the attributes of the traffic. 3750Gs do provide some LB options.

FlawlessEntropy · ‎03-18-2024

Thank you all for the very helpful responses, I've dropped the redundancy since this is a non-critical infrastructure, I'll use only one switch.

asdeep1232 · ‎03-18-2024

Hello All,

I have enabled the syslog below CMD's syslog server (Google Chronicle) on my Cisco C-9500 switch, but I am not receiving any logs. Could you please help with this?

host 10.118.X.X is being traced via UDP port 10524.
recording trap alerts, recording monitor warnings, and recording source-interface Vlan5.