I feel like I'm losing it and am looking for some clarification. Seems to be an easy enough question and I'm just overthinking it.
We have 2 ISPs and 1 WAN (C9200-24-E) switch at the moment going to our firewalls. The port list as follows:
G1/0/1: ISP1 (VLAN 5)
G1/0/2: ISP2 (VLAN 6)
G1/0/3: FW1-WAN1 (VLAN 5)
G1/0/4: FW1-WAN2 (VLAN 6)
G1/0/5: FW2-WAN1(VLAN 5)
G1/0/6: FW2-WAN2 (VLAN 6)
G1/0/1-4 Work as expected, but when we setup FW2 (which we've had in place for a while now -- the WAN switch we're using is the new device) G1/0/5 does not turn up. No link lights on either device.
When looking at the configs, I see that the ports are not configured correctly.
They all have switchport trunk allow vlan [VLAN_ID] set in, but they do not have switchport mode trunk configured. So technically, there is no VLANing happening
Because of this misconfiguration, is it possible that's why port 5 is not working correctly? Or is this port just dead?
Is there another way to set up these ports for the 2 ISPs?
What type of firewalls are you using? Are the firewalls in active/standby mode?
Can you provide a diagram showing how the switch, firewalls, and the ISPs are connecting to your environment?
So, depending on the firewall vendor, when the firewalls are configured in active/passive mode, the passive firewall connections are offline until the primary firewall fails. I am thinking That is the reason you don't see ports 5 and 6 coming up.
The other thing you should try is to put all 4 links for both firewalls in the same vlan and test again.
Ok. It looks like neither the ideas I had ended up being the issue.
Before I made the configuration changes on the WAN switch, I turned the secondary firewall back online (I turned it off after troubleshooting it previously). Once back online, all ports were functioning as normal. When I orginally turned it on, I had the ports on the WAN switch shutdown and ran the no shutdown command on both of those ports after the secondary firewall was up and running. Not sure why the secondary port started working and the primary port was off though.
Either way, it works now.
After I had good connectivity, I set all active ports to trunk ports, and applied a native VLAN on ports for their respective ISP traffic. All worked as intended.