Connection USG6600 to aggregation layer in out-of-path mode (off-line).

Created: Oct 18, 2019 09:31:42Latest reply: Oct 18, 2019 15:12:26 4327 2 0 0
  Rewarded Hi-coins: 0 (problem resolved)

There are 2 aggregation level switches that do not have VS functionality integrated in the M-LAG.

It is required to connect USG6600 to route mode, HA in out-of-path mode to aggregation level 2, organizing Outside, Inside cross eth-trunks. Due to the limitations on the number of interfaces in this model of switches in the single VS in a dual active gateway, which is for just vlanif (mac-address), or for vrrp id, the default gateway must be terminated on USG. USG connects to AGG using eth-trunk to increase connection bandwidth (eth-trunk subinterfaces)

On USG, the L3 Eth-trunk subinterface interface has the same mac-address backplane, so there is a requirement that when connecting to the L2 port of the switch, in this case, assign a separate mac-address to each eth-trunk subinterface.

“If the FW has multiple Layer-3 Eth-Trunk interfaces directly connected to Layer-2 interfaces of switches, change the MAC addresses of the Layer-3 Eth-Trunk interfaces to ensure that return packets sent from the switches are forwarded to correct Layer-3 Eth-Trunk interfaces.

Is it permissible for only Inside eth-trunk not to make L3 subinterfaces, but to replace the L2 Eth-trunk and Vlanif interfaces with USG as the default gateway in order to save oneself from assigning mac-address. Since Outside is in eth-trunk subinterfaces in L3 mode, we do not have a single broadcast domain with the probability of an incorrect configuration and the coincidence of vlan id on inside and outside and we will not get a broadcast loop. Or am I mistaken? I am referring here because in all the configuration documents that I saw for the out-of-path topology between the USG and the aggregation switches, all connections are organized strictly by L3 in the USG route mode.

Does anyone have any thoughts on this?




  • x
  • convention:

Featured Answers
chenhui
Admin Created Oct 18, 2019 09:51:22 Helpful(0) Helpful(0)

@Curiousman
well, it's kind of little hard to understand your description.
Will you please draw a simple topology?
  • x
  • convention:

All Answers
chenhui
chenhui Admin Created Oct 18, 2019 09:51:22 Helpful(0) Helpful(0)

@Curiousman
well, it's kind of little hard to understand your description.
Will you please draw a simple topology?
  • x
  • convention:

Curiousman
Curiousman Created Oct 18, 2019 15:12:26 Helpful(0) Helpful(0)

The problem is solved. Thank you for your attention.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login