Cloud Managed Networks

 View Only
last person joined: 2 days ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

Integrating Aruba 6300 Core Switches with Existing FortiGate-Cisco LACP Setup

This thread has been viewed 13 times

  • 1.  Integrating Aruba 6300 Core Switches with Existing FortiGate-Cisco LACP Setup

    Posted Feb 20, 2024 03:55 AM
    Hello Aruba Community
     
    I am currently planning a network upgrade where we aim to integrate Aruba 6300 core switches into our existing environment, which currently consists of a high-availability (HA) setup with two FortiGate firewalls and Cisco core switches. Our setup involves 4 LACP aggregated links (802.3ad) from each FortiGate to the Cisco core switches, managing VLANs and routing directly on the FortiGates.
     
    Here are the specifics of our planned environment:
    Core Switches: 2 x Aruba 6300, intended to be managed via Aruba Central.
    Access Switches: 26 x Aruba 6200 intended to be managed via Aruba Central.
    Current Setup: 2 FortiGates in HA, connected to Cisco core switches via 4 LACP aggregated links per FortiGate.
     
    Objective:
    I would like to connect the new Aruba 6300 switches to the FortiGates, utilizing available ports to extend the existing LACP setup by an additional 2-4 ports, which will then be connected to the Aruba core switches. This setup aims to seamlessly take over the VLANs and routing configurations from the FortiGates. Initially, we plan to run this configuration in parallel with the existing Cisco environment for testing purposes before completely phasing out the Cisco infrastructure.
     
    Questions:
    1. Is it feasible to incorporate the new Aruba 6300 core switches into the existing LACP groups configured on the FortiGates by simply adding 2-4 additional ports to the LACP setup and connecting these to the Aruba cores?
    2. Are there any specific configurations or compatibility issues we should be aware of when integrating Aruba 6300 switches with FortiGate firewalls in an LACP setup that currently includes Cisco switches?
    I am looking for guidance and any recommendations on achieving a smooth transition, ensuring that the new Aruba switches can seamlessly integrate into our network and eventually take over from the Cisco switches without impacting our network's operation.
     
    Thank you for your assistance


  • 2.  RE: Integrating Aruba 6300 Core Switches with Existing FortiGate-Cisco LACP Setup

    Posted Feb 20, 2024 10:06 AM

    If I understand your topology and project correctly, just by reading through, here are my thoughts:

    1. Not Feasible. LACP, on its own, is a 1:1 link. There is Multi-Chassis LAG but that is likely not feasible with the multiple vendors in play here.
    2. LACP is a standard protocol (802.3ad) - you should not have any issues building those 1:1 links. 

    Do you have the available interfaces on the FortiGate to configure as second LACP Group? 1 to Cisco, 1 to Aruba? Even if you had to pull away some of your redundant interfaces to create a second LACP Group for the duration of the migration. From my experience FortiGate should act as an L2 switch for both of those LACP Groups (unlike a Cisco ASA).



    ------------------------------
    If my post was useful, please Accept Solution and Give Kudos.
    ------------------------------
    Zak Chalupka
    Principal Engineer - HPE Aruba
    ACDX | ACMP | ACSP | ACCP
    wifizak@hpe.com
    ------------------------------
    Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
    ------------------------------

    Original Message