Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1362
Views
0
Helpful
4
Replies

WAN Switch with Multiple ISPs

Huddles18
Level 1
Level 1

‎04-13-2021 09:12 AM

I feel like I'm losing it and am looking for some clarification. Seems to be an easy enough question and I'm just overthinking it.

 

We have 2 ISPs and 1 WAN (C9200-24-E) switch at the moment going to our firewalls. The port list as follows:

 

G1/0/1: ISP1 (VLAN 5)

G1/0/2: ISP2 (VLAN 6)

G1/0/3: FW1-WAN1 (VLAN 5)

G1/0/4: FW1-WAN2 (VLAN 6)

G1/0/5: FW2-WAN1(VLAN 5)

G1/0/6: FW2-WAN2 (VLAN 6)

 

G1/0/1-4 Work as expected, but when we setup FW2 (which we've had in place for a while now -- the WAN switch we're using is the new device) G1/0/5 does not turn up. No link lights on either device.

 

When looking at the configs, I see that the ports are not configured correctly.

They all have switchport trunk allow vlan [VLAN_ID] set in, but they do not have switchport mode trunk configured. So technically, there is no VLANing happening

 

Because of this misconfiguration, is it possible that's why port 5 is not working correctly? Or is this port just dead?

 

Is there another way to set up these ports for the 2 ISPs?

 

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-13-2021 09:19 AM

What type of firewalls are you using? Are the firewalls in active/standby mode?

Can you provide a diagram showing how the switch, firewalls, and the ISPs are connecting to your environment?

HTH

0 Helpful

Huddles18
Level 1
Level 1
In response to Reza Sharifi

‎04-13-2021 12:01 PM

Hey Reza,

 

They are 2 Meraki MXs in HA. Active/Passive.

 

Here is a diagram:

 

2021-04-13 15_00_01-FV Network Plan_ Lucidchart — Mozilla Firefox.png

 

From there is goes straight to our core routers

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Huddles18

‎04-13-2021 12:17 PM

Hi,

So, depending on the firewall vendor, when the firewalls are configured in active/passive mode, the passive firewall connections are offline until the primary firewall fails.  I am thinking That is the reason you don't see ports 5 and 6 coming up.

The other thing you should try is to put all 4 links for both firewalls in the same vlan and test again.

HTH

 

0 Helpful

chudd18
Level 1
Level 1

‎04-14-2021 08:44 AM

Ok. It looks like neither the ideas I had ended up being the issue.

 

Before I made the configuration changes on the WAN switch, I turned the secondary firewall back online (I turned it off after troubleshooting it previously). Once back online, all ports were functioning as normal. When I orginally turned it on, I had the ports on the WAN switch shutdown and ran the no shutdown command on both of those ports after the secondary firewall was up and running. Not sure why the secondary port started working and the primary port was off though.

 

Either way, it works now.

 

After I had good connectivity, I set all active ports to trunk ports, and applied a native VLAN on ports for their respective ISP traffic. All worked as intended.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card