Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2574
Views
0
Helpful
4
Replies

WAN Switch with Multiple ISPs

Huddles18
Level 1
Level 1

‎04-13-2021 09:12 AM

I feel like I'm losing it and am looking for some clarification. Seems to be an easy enough question and I'm just overthinking it.

 

We have 2 ISPs and 1 WAN (C9200-24-E) switch at the moment going to our firewalls. The port list as follows:

 

G1/0/1: ISP1 (VLAN 5)

G1/0/2: ISP2 (VLAN 6)

G1/0/3: FW1-WAN1 (VLAN 5)

G1/0/4: FW1-WAN2 (VLAN 6)

G1/0/5: FW2-WAN1(VLAN 5)

G1/0/6: FW2-WAN2 (VLAN 6)

 

G1/0/1-4 Work as expected, but when we setup FW2 (which we've had in place for a while now -- the WAN switch we're using is the new device) G1/0/5 does not turn up. No link lights on either device.

 

When looking at the configs, I see that the ports are not configured correctly.

They all have switchport trunk allow vlan [VLAN_ID] set in, but they do not have switchport mode trunk configured. So technically, there is no VLANing happening

 

Because of this misconfiguration, is it possible that's why port 5 is not working correctly? Or is this port just dead?

 

Is there another way to set up these ports for the 2 ISPs?

 

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-13-2021 09:19 AM

What type of firewalls are you using? Are the firewalls in active/standby mode?

Can you provide a diagram showing how the switch, firewalls, and the ISPs are connecting to your environment?

HTH

0 Helpful

Huddles18
Level 1
Level 1
In response to Reza Sharifi

‎04-13-2021 12:01 PM

Hey Reza,

 

They are 2 Meraki MXs in HA. Active/Passive.

 

Here is a diagram:

 

2021-04-13 15_00_01-FV Network Plan_ Lucidchart — Mozilla Firefox.png

 

From there is goes straight to our core routers

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Huddles18

‎04-13-2021 12:17 PM

Hi,

So, depending on the firewall vendor, when the firewalls are configured in active/passive mode, the passive firewall connections are offline until the primary firewall fails.  I am thinking That is the reason you don't see ports 5 and 6 coming up.

The other thing you should try is to put all 4 links for both firewalls in the same vlan and test again.

HTH

 

0 Helpful

chudd18
Level 1
Level 1

‎04-14-2021 08:44 AM

Ok. It looks like neither the ideas I had ended up being the issue.

 

Before I made the configuration changes on the WAN switch, I turned the secondary firewall back online (I turned it off after troubleshooting it previously). Once back online, all ports were functioning as normal. When I orginally turned it on, I had the ports on the WAN switch shutdown and ran the no shutdown command on both of those ports after the secondary firewall was up and running. Not sure why the secondary port started working and the primary port was off though.

 

Either way, it works now.

 

After I had good connectivity, I set all active ports to trunk ports, and applied a native VLAN on ports for their respective ISP traffic. All worked as intended.

0 Helpful
Customers Also Viewed These Support Documents
Top