A VSF stack is seen by peer devices connected to it (e.g. a standalone Firewall, a Router, a Switch, a Server, etc.) as a single logical device...it means that a Firewall, a Router, a Switch, a Server, etc. can be concurrently connected to the VSF stack by means of multiple aggregated links (Links Aggregation with Non-Protocol or with LACP) distributed to all VSF members.
Just an example among many possible: if needed, a Server with a four ports NIC could be connected to a four members VSF stack with each Server port connected to a different VSF member (so you will end up with four cables uplinked from the Server to the VSF stack and those uplinks span across the entire VSF stack). Similarly a Switch or a single Firewall chassis.
Clustered Firewalls are basically always formed by two standalone chassis clustered together (no matter if their logical mode of operation is A/A or A/S or whatever else) so you should treat them as two separated chassis each one connecting to you VSF stack (as per Server or Switch example).
Original Message:
Sent: 7/11/2024 8:19:00 AM
From: mohamed hazem
Subject: RE: Design inquiries
Hi,
Thanks for your reply .
For point 4 LACP , can i just connect access switch to 2 Aruba switch 6300 as they will work as active passive not active active ? or should i configure LACP but for your info Aruba 6300 as i mention will work as Active-Passive ?
And same inquire for firewall can i just connect two switches to two firewall and make 2 ports of firewall as Redundant Interface ?
Thanks in advance
Original Message:
Sent: Jul 10, 2024 04:55 PM
From: NHN
Subject: Design inquiries
Hi,
- You can configure VSF using a single link, but Connections between the switches must use 10G, 25G, or 50G links. All
VSF links in a stack should operate at the same speed. - VSF creates a single logical switch and you can manage the stack using a single IP.
- you can use STP and Loop-protect configuration to prevent loops for edge ports.
- configure lacp port channels for uplinks (Firewalls, Access switches)
please follow this guide for best practices : https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/vsf.pdf
------------------------------
Harendra
ACEX165
Original Message:
Sent: Jul 10, 2024 03:58 PM
From: mohamed hazem
Subject: Design inquiries
According to that design i have some inquiries please
1- can i configure vsf between 2 Aruba 6300 with only 1 link ? i will configure as Active-Passive, should i have virtual IP address for both switches to manage ?
2-Is there specified configuration to prevent loop ?
3- Any help how can i configure those 2 switches to connect to 2 FortiGate firewalls that also work as Active-Passive?
Thanks