cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
354
Views
0
Helpful
4
Replies
Huddles18
Beginner

WAN Switch with Multiple ISPs

I feel like I'm losing it and am looking for some clarification. Seems to be an easy enough question and I'm just overthinking it.

 

We have 2 ISPs and 1 WAN (C9200-24-E) switch at the moment going to our firewalls. The port list as follows:

 

G1/0/1: ISP1 (VLAN 5)

G1/0/2: ISP2 (VLAN 6)

G1/0/3: FW1-WAN1 (VLAN 5)

G1/0/4: FW1-WAN2 (VLAN 6)

G1/0/5: FW2-WAN1(VLAN 5)

G1/0/6: FW2-WAN2 (VLAN 6)

 

G1/0/1-4 Work as expected, but when we setup FW2 (which we've had in place for a while now -- the WAN switch we're using is the new device) G1/0/5 does not turn up. No link lights on either device.

 

When looking at the configs, I see that the ports are not configured correctly.

They all have switchport trunk allow vlan [VLAN_ID] set in, but they do not have switchport mode trunk configured. So technically, there is no VLANing happening

 

Because of this misconfiguration, is it possible that's why port 5 is not working correctly? Or is this port just dead?

 

Is there another way to set up these ports for the 2 ISPs?

 

4 REPLIES 4
Reza Sharifi
Hall of Fame Expert

What type of firewalls are you using? Are the firewalls in active/standby mode?

Can you provide a diagram showing how the switch, firewalls, and the ISPs are connecting to your environment?

HTH

Hey Reza,

 

They are 2 Meraki MXs in HA. Active/Passive.

 

Here is a diagram:

 

2021-04-13 15_00_01-FV Network Plan_ Lucidchart — Mozilla Firefox.png

 

From there is goes straight to our core routers

Hi,

So, depending on the firewall vendor, when the firewalls are configured in active/passive mode, the passive firewall connections are offline until the primary firewall fails.  I am thinking That is the reason you don't see ports 5 and 6 coming up.

The other thing you should try is to put all 4 links for both firewalls in the same vlan and test again.

HTH

 

chudd18
Beginner

Ok. It looks like neither the ideas I had ended up being the issue.

 

Before I made the configuration changes on the WAN switch, I turned the secondary firewall back online (I turned it off after troubleshooting it previously). Once back online, all ports were functioning as normal. When I orginally turned it on, I had the ports on the WAN switch shutdown and ran the no shutdown command on both of those ports after the secondary firewall was up and running. Not sure why the secondary port started working and the primary port was off though.

 

Either way, it works now.

 

After I had good connectivity, I set all active ports to trunk ports, and applied a native VLAN on ports for their respective ISP traffic. All worked as intended.