Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
New Contributor

3810 active active stacking

I have 2 of the aruba 3810's running the latest aos version that are setup with stacking via the stacking modules, i have a commander and a standby. These switches are connected to a pair of firewalls that are in a active active setup and set to round robin traffic. The 3810's will not be doing any routing but have the same vlans as the firewalls which will be doing the routing. Is it possible to have both switches active in this stack?


Accepted Solutions
Highlighted
New Contributor

Re: 3810 active active stacking

It looks like you are correct, i was running a continuous ping from the "standby" and traffic wasn't going anywhere but then i noticed i couldn't ping the switch either. I checked the config and noticed that it was different from the commander which is what the problem was, once i configured the interface i was plugged into and the uplink i started to see the ping working.

View solution in original post


All Replies
Highlighted
MVP Guru Elite

Re: 3810 active active stacking

Hi,

 

Both switches are active (the command and standby is for management)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
MVP Guru

Re: 3810 active active stacking


@NetworkWise wrote: Is it possible to have both switches active in this stack?

Hi! hope to have not misunderstood your request: generally (at least this was my personal experience) a Cluster of Firewalls working in Active/Active mode permits to connect redundantly to downstream devices (in this case your downstream device is the Hardware Stack made of your two Aruba 3810M Switches, stack that is a virtual switch seen from any other peer, Firewalls' Cluster included) BUT these redundant connections - and here I speak necessarily about LACP/Static port trunkings (AKA links aggregations) - can originate each one from each Cluster node and they can terminate distributed across the stack's members switches.

 

In other words:

 

FW Cluster node 1 - 1st physical link from Port a1 (part of a defined LACP n) -> terminates on corresponding LACP z1 defined on the Switch Stack (the 1st link can terminate where you want, clearly on the port member of that particular z1 LACP port trunk, say port 1/1 as example)

 

FW Cluster node 1 - 2nd physical link from Port b1 (part of a defined LACP n) -> terminates on corresponding LACP z1 defined on the Switch Stack (the 2nd link can terminate where you want, clearly on the port member of that particular z1 LACP port trunk, say port 2/1 as example)

 

FW Cluster node 2 - 1st physical link from Port a2 (part of a defined LACP m) -> terminates on corresponding LACP z2 defined on the Switch Stack (the 1st link can terminate where you want, clearly on the port member of that particular z2 LACP port trunk, say port 1/11 as example)

 

FW Cluster node 2 - 2nd physical link from Port b2 (part of a defined LACP m) -> terminates on corresponding LACP z2 defined on the Switch Stack (the 2nd link can terminate where you want, clearly on the port member of that particular z2 LACP port trunk, say port 2/11 as example)

 

AFAIK you can't create on Firewalls a LACP link aggregation that is spanning its member ports across both clustered members (this can be done, as described above, only on the Switch Stack instead because that Stack forms a single logical entity, Firewalls' Cluster doesn't form a single logical entity)...this means that, due to necessity of link aggregations to terminate and originate from "a" same logical entity the scenario you could setup is going to be a "Node 1 to Stack" and "Node 2 to Stack" affair instead of a "Node 1 - across - Node 2 to Stack" affair.

 

If you have single links from each Firewall nodes then you have this issue since that very one link from a Firewall node will be connected (without LACP being used) to any member of the Switches' stack.

Highlighted
New Contributor

Re: 3810 active active stacking

It looks like you are correct, i was running a continuous ping from the "standby" and traffic wasn't going anywhere but then i noticed i couldn't ping the switch either. I checked the config and noticed that it was different from the commander which is what the problem was, once i configured the interface i was plugged into and the uplink i started to see the ping working.

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: