Wired

last person joined: 2 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

3810 active active stacking

Jump to Best Answer
  • 1.  3810 active active stacking

    Posted Sep 10, 2020 11:51 PM

    I have 2 of the aruba 3810's running the latest aos version that are setup with stacking via the stacking modules, i have a commander and a standby. These switches are connected to a pair of firewalls that are in a active active setup and set to round robin traffic. The 3810's will not be doing any routing but have the same vlans as the firewalls which will be doing the routing. Is it possible to have both switches active in this stack?



  • 2.  RE: 3810 active active stacking

    Posted Sep 11, 2020 08:06 AM

    Hi,

     

    Both switches are active (the command and standby is for management)



  • 3.  RE: 3810 active active stacking
    Best Answer

    Posted Sep 11, 2020 11:15 AM

    It looks like you are correct, i was running a continuous ping from the "standby" and traffic wasn't going anywhere but then i noticed i couldn't ping the switch either. I checked the config and noticed that it was different from the commander which is what the problem was, once i configured the interface i was plugged into and the uplink i started to see the ping working.



  • 4.  RE: 3810 active active stacking

    Posted Sep 11, 2020 09:15 AM

    @NetworkWise wrote: Is it possible to have both switches active in this stack?

    Hi! hope to have not misunderstood your request: generally (at least this was my personal experience) a Cluster of Firewalls working in Active/Active mode permits to connect redundantly to downstream devices (in this case your downstream device is the Hardware Stack made of your two Aruba 3810M Switches, stack that is a virtual switch seen from any other peer, Firewalls' Cluster included) BUT these redundant connections - and here I speak necessarily about LACP/Static port trunkings (AKA links aggregations) - can originate each one from each Cluster node and they can terminate distributed across the stack's members switches.

     

    In other words:

     

    FW Cluster node 1 - 1st physical link from Port a1 (part of a defined LACP n) -> terminates on corresponding LACP z1 defined on the Switch Stack (the 1st link can terminate where you want, clearly on the port member of that particular z1 LACP port trunk, say port 1/1 as example)

     

    FW Cluster node 1 - 2nd physical link from Port b1 (part of a defined LACP n) -> terminates on corresponding LACP z1 defined on the Switch Stack (the 2nd link can terminate where you want, clearly on the port member of that particular z1 LACP port trunk, say port 2/1 as example)

     

    FW Cluster node 2 - 1st physical link from Port a2 (part of a defined LACP m) -> terminates on corresponding LACP z2 defined on the Switch Stack (the 1st link can terminate where you want, clearly on the port member of that particular z2 LACP port trunk, say port 1/11 as example)

     

    FW Cluster node 2 - 2nd physical link from Port b2 (part of a defined LACP m) -> terminates on corresponding LACP z2 defined on the Switch Stack (the 2nd link can terminate where you want, clearly on the port member of that particular z2 LACP port trunk, say port 2/11 as example)

     

    AFAIK you can't create on Firewalls a LACP link aggregation that is spanning its member ports across both clustered members (this can be done, as described above, only on the Switch Stack instead because that Stack forms a single logical entity, Firewalls' Cluster doesn't form a single logical entity)...this means that, due to necessity of link aggregations to terminate and originate from "a" same logical entity the scenario you could setup is going to be a "Node 1 to Stack" and "Node 2 to Stack" affair instead of a "Node 1 - across - Node 2 to Stack" affair.

     

    If you have single links from each Firewall nodes then you have this issue since that very one link from a Firewall node will be connected (without LACP being used) to any member of the Switches' stack.