LACP 802.3ad tra due firewalls fortigate e due nexus in vpc cisco
16.12 2019 | by massimilianoEsempio di configurazione LACP 802.3ad tra una coppia di firewall FortiGate in cluster e due switch cisco nexus in vpc: […]
https://www.ingegnerianetworking.com/wp-content/uploads/2019/12/fwfg-nexus-lacp-17e.png
Esempio di configurazione LACP 802.3ad tra una coppia di firewall FortiGate in cluster e due switch cisco nexus in vpc:
ARCHITETTURA DI RIFERIMENTO
FWFG-01/02
config system interface |
edit “to_NEXUS” |
set vdom “root” |
set allowaccess ping |
set vlanforward enable |
set type aggregate |
set member “port35” “port36” |
next |
edit “port35” |
set vdom “root” |
set type physical |
next |
edit “port36” |
set vdom “root” |
set type physical |
|
next |
end ! |
N5K-1:
feature lacp
feature vpc
feature lldp
feature vtp
feature fex
!
vtp mode transparent
!
vpc domain 1
peer-switch
role priority 110
system-priority 1000
peer-keepalive destination a.b.c.x source a.b.c.y
delay restore 150
peer-gateway
ip arp synchronize
!
interface port-channel 1
description ** To N5K-2 vPC peer-link **
switchport mode trunk
spanning-tree port type network
speed 10000
vpc peer-link
!
interface port-channel 10
description ** To Firewall-1 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
spanning-tree port type normal
speed 10000
storm-control broadcast level 5.00
storm-control multicast level 5.00
vpc 10
!
interface port-channel 20
description ** To Firewall-2 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
spanning-tree port type normal
speed 10000
storm-control broadcast level 5.00
storm-control multicast level 5.00
vpc 20
!
interface Ethernet1/1
description ** To Firewall-1 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
logging event port link-status
logging event port trunk-status
storm-control broadcast level 5.00
storm-control multicast level 5.00
channel-group 10 mode active
!
interface Ethernet1/2
description ** To Firewall-2 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
logging event port link-status
logging event port trunk-status
storm-control broadcast level 5.00
storm-control multicast level 5.00
channel-group 20 mode active
!
interface Ethernet1/16
description ** To N5K-2 vPC peer-link **
switchport mode trunk
channel-group 1 mode active
!
interface Ethernet1/32
description ** To N5K-2 vPC peer-link **
switchport mode trunk
channel-group 1 mode active
N5K-2:
feature lacp
feature vpc
feature lldp
feature vtp
feature fex
!
vtp mode transparent
!
vpc domain 1
peer-switch
role priority 90
system-priority 1000
peer-keepalive destination a.b.c.y source a.b.c.x
delay restore 150
peer-gateway
ip arp synchronize
!
interface port-channel 1
description ** To N5K-1 vPC peer-link **
switchport mode trunk
spanning-tree port type network
speed 10000
vpc peer-link
!
interface port-channel 10
description ** To Firewall-1 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
spanning-tree port type normal
speed 10000
storm-control broadcast level 5.00
storm-control multicast level 5.00
vpc 10
!
interface port-channel 20
description ** To Firewall-2 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
spanning-tree port type normal
speed 10000
storm-control broadcast level 5.00
storm-control multicast level 5.00
vpc 20
!
interface Ethernet1/1
description ** To Firewall-1 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
logging event port link-status
logging event port trunk-status
storm-control broadcast level 5.00
storm-control multicast level 5.00
channel-group 10 mode active
!
interface Ethernet1/2
description ** To Firewall-2 **
switchport mode trunk
switchport trunk allowed vlan < vlan-id range >
logging event port link-status
logging event port trunk-status
storm-control broadcast level 5.00
storm-control multicast level 5.00
channel-group 20 mode active
!
interface Ethernet1/16
description ** To N5K-1 vPC peer-link **
switchport mode trunk
channel-group 1 mode active
!
interface Ethernet1/32
description ** To N5K-1 vPC peer-link **
switchport mode trunk
channel-group 1 mode active