Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Frequent Contributor II

Dual 8320 to single firewall

Hi,

I have a pair of 8320 CX switches, want to connect to a single firewall over a layer 3 OSPF connection.

Am I right in thinking MC LAG over both switches to the firewall is best way? Just confused what I would set me firewall ports to? 2 individual layer 3 interfaces?

Thanks

Accepted Solutions
Highlighted
New Contributor

Re: Dual 8320 to single firewall

MC-LAG on the 8320 and enable active-forwarding under the VLAN interface. you have to configure lacp on the sonicwall side, not individual interfaces.

View solution in original post


All Replies
Highlighted
Frequent Contributor II

Re: Dual 8320 to single firewall

Ps. I tried 2 independent layer 3 links in OSPF on firewall and both switches and it caused asynchronous routing ...
Highlighted
New Contributor

Re: Dual 8320 to single firewall

MC-LAG on the 8320 and enable active-forwarding under the VLAN interface. you have to configure lacp on the sonicwall side, not individual interfaces.

View solution in original post

Highlighted
Frequent Contributor II

Re: Dual 8320 to single firewall

I understand how to set a MC LAG, but would this not have the active gateway? What is the command for active forwarding?

Also can I distribute this into OSPF both sides?

I will create a layer 3 ether channel on firewall side to peer with

Thanks
Highlighted
Frequent Contributor II

Re: Dual 8320 to single firewall

Just seen the ‘vsx active-gateway’ command ... just wanted to clarify the overall design:

Single firewall- etherchannel layer 3 with single IP

2 x 8320’s - use MC LAG (no active gateway) and set the active forwarding. Distribute into OSPF ...

What IP schema to use? /29 to include all 3 devices into the same subnet?
Frequent Contributor II

Re: Dual 8320 to single firewall

Solved

Did a layer 3 etherchannel on the firewall with single IP address

Transit vlan on both 8320s ... multi chassis LAG on both switches with access only on the transit vlan.

All devices in the same /29 subnet

Thanks for your help
Highlighted
MVP Guru Elite

Re: Dual 8320 to single firewall

Hi,

 

Do you have look the VSX Best Pratice guide ? https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/VSX-Configuration-Best-Practices-AOS-CX-10-4/td-p/628402



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Frequent Contributor II

Re: Dual 8320 to single firewall

No I didn’t - but thanks for sending through. Looks like a good read.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: