Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

Design inquiries

This thread has been viewed 12 times
  • 1.  Design inquiries

    Posted 13 days ago

    Dears ,
    According to that design i have some inquiries please 
    1- can i configure vsf between 2 Aruba 6300 with only 1 link ? i will configure as Active-Passive, should i have virtual IP address for both switches to manage ?
    2-Is there specified configuration to prevent loop ?
    3- Any help how can i configure those 2 switches to connect to 2 FortiGate firewalls that also work as Active-Passive?

  • 2.  RE: Design inquiries

    Posted 13 days ago


    1. You can configure VSF using a single link, but Connections between the switches must use 10G, 25G, or 50G links. All
      VSF links in a stack should operate at the same speed.
    2. VSF creates a single logical switch and you can manage the stack using a single IP.
    3. you can use STP and Loop-protect configuration to prevent loops for edge ports.
    4.  configure lacp port channels for uplinks (Firewalls, Access switches)

    please follow this guide for best practices : https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/vsf.pdf


  • 3.  RE: Design inquiries

    Posted 12 days ago


    Thanks for your reply .

    For point 4 LACP , can i just connect access switch to 2 Aruba switch 6300 as they will work as active passive not active active ? or should i configure LACP but for your info Aruba 6300 as i mention will work as Active-Passive ?
    And same inquire for firewall can i just connect two switches to two firewall and make 2 ports of firewall as Redundant Interface ?

    Thanks in advance

  • 4.  RE: Design inquiries

    Posted 12 days ago
    A VSF stack is seen by peer devices connected to it (e.g. a standalone Firewall, a Router, a Switch, a Server, etc.) as a single logical device...it means that a Firewall, a Router, a Switch, a Server, etc. can be concurrently connected to the VSF stack by means of multiple aggregated links (Links Aggregation with Non-Protocol or with LACP) distributed to all VSF members.

    Just an example among many possible: if needed, a Server with a four ports NIC could be connected to a four members VSF stack with each Server port connected to a different VSF member (so you will end up with four cables uplinked from the Server to the VSF stack and those uplinks span across the entire VSF stack). Similarly a Switch or a single Firewall chassis.

    Clustered Firewalls are basically always formed by two standalone chassis clustered together (no matter if their logical mode of operation is A/A or A/S or whatever else) so you should treat them as two separated chassis each one connecting to you VSF stack (as per Server or Switch example).