Wired Intelligent Edge

 View Only
  • 1.  Design inquiries

    Posted Jul 10, 2024 03:59 PM

    Dears ,
    According to that design i have some inquiries please 
    1- can i configure vsf between 2 Aruba 6300 with only 1 link ? i will configure as Active-Passive, should i have virtual IP address for both switches to manage ?
    2-Is there specified configuration to prevent loop ?
    3- Any help how can i configure those 2 switches to connect to 2 FortiGate firewalls that also work as Active-Passive?
    Thanks


  • 2.  RE: Design inquiries

    Posted Jul 10, 2024 04:56 PM

    Hi,

    1. You can configure VSF using a single link, but Connections between the switches must use 10G, 25G, or 50G links. All
      VSF links in a stack should operate at the same speed.
    2. VSF creates a single logical switch and you can manage the stack using a single IP.
    3. you can use STP and Loop-protect configuration to prevent loops for edge ports.
    4.  configure lacp port channels for uplinks (Firewalls, Access switches)

    please follow this guide for best practices : https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/vsf.pdf



    ------------------------------
    Harendra
    ACEX165
    ------------------------------



  • 3.  RE: Design inquiries

    Posted Jul 11, 2024 08:19 AM

    Hi,

    Thanks for your reply .

    For point 4 LACP , can i just connect access switch to 2 Aruba switch 6300 as they will work as active passive not active active ? or should i configure LACP but for your info Aruba 6300 as i mention will work as Active-Passive ?
    And same inquire for firewall can i just connect two switches to two firewall and make 2 ports of firewall as Redundant Interface ?

    Thanks in advance




  • 4.  RE: Design inquiries

    Posted Jul 11, 2024 08:37 AM
    A VSF stack is seen by peer devices connected to it (e.g. a standalone Firewall, a Router, a Switch, a Server, etc.) as a single logical device...it means that a Firewall, a Router, a Switch, a Server, etc. can be concurrently connected to the VSF stack by means of multiple aggregated links (Links Aggregation with Non-Protocol or with LACP) distributed to all VSF members.

    Just an example among many possible: if needed, a Server with a four ports NIC could be connected to a four members VSF stack with each Server port connected to a different VSF member (so you will end up with four cables uplinked from the Server to the VSF stack and those uplinks span across the entire VSF stack). Similarly a Switch or a single Firewall chassis.

    Clustered Firewalls are basically always formed by two standalone chassis clustered together (no matter if their logical mode of operation is A/A or A/S or whatever else) so you should treat them as two separated chassis each one connecting to you VSF stack (as per Server or Switch example).