NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

KelvinFu's avatar
KelvinFu
Aspirant
Nov 18, 2016
Solved

M4300 SFP Port Trunking Issues

Hi all,   I recently purchased 2 new M4300 and form a stack. After stacking the SW, I started to setup the switch as normal, the management VLAN, IP, the rest of vlan, subnet of those VLAN. Since i...
Troubleshooting
  • DanielZhang's avatar
    DanielZhang
    Nov 24, 2016

    Hi Kelvin,

     

    It's a good news that the failover problem resolved.:smileyhappy:

     

    Let's carry on the VRRP scenario.

     

    I have checked the  maintenance file just you sent to us.

     

    1) Congratulation!The  address (192.168.100.2 ) is the virtual IP address of VRRP on Firewall.

    Because this IP have same prefix mac-address header just like (00:00:5E:00:xx:xx).

    It's the standard of VRRP for mac-address behavior.

     

    2) Good finding! The "Link state detection” is very useful for VRRP status.

    So we need to set the IP for heartbeat on each Firewall that could monitor VRRP all the time.

    But 192.168.100.1 is not the heartbeat address for Firewall that is VLAN interface on M4300-Stack.

    So Could you set an IP address on Firewall A and B that is not VRRP protocol.

    Such as:

    192.168.100.10 /24 on Firewall A.

    192.168.100.20 /24 on Firewall B.

    Then,

    Set Link state detection IP address to 192.168.100.20 on Firewall A.

    Set Link state detection IP address to 192.168.100.10 on Firewall B.

    That will make Firewall detect each other with this configuration.

     

    3) Could you share me the configuration page or command on your Firewall about LAG/Port/IP address/VRRP configuration?

    The private message is RECOMMENDED.

     

    I'm not very professional on Firewall of other company.

    Just want to help analyze.:smileyhappy:

     

    Look forward to your reply.

     

    Regards,

    Daniel.

     

DanielZhang's avatar
DanielZhang
NETGEAR Expert
Nov 23, 2016

Hi Kelvin,

 

It's all right.

Any posts is welcome :smileyhappy:

 

1. HA Question

For scenario 3,

Please check the VRRP status on Firewall B after you unplug both eth 3 / 4 or poweroff firewall A.

The VRRP status on Firewall B should be Master after Firewall A is down.

Please check VRRP function and configuration on Firewall A&B If above function don't work as expected.

 

I also have some suggest step for you to check VRRP function and configuration on Firewall:

1) VRRP need two router(Firewall) add in same virtual router group with same subnet IP address 

such as:

Firewall A: 192.168.100.10 /24

Firewall B: 192.168.100.20 /24

2) A virtual IP address must be assigned in this virtual group.

such as:

Virtual IP: 192.168.100.30 /24

(you can also set virtual IP same with Firewall A or Firewall B, that will make the Firewall to be VRRP IP owner which have same address as Virtual IP)

3) All clients must set the gateway to Virtual IP instead of the IP on Firewall A or Firewall.

Such as:

PC: 192.168.100.201 /24, Gateway: 192.168.100.30.

 

4) Set LAG mode to LACP(dynamic) 

This mode will detect&switch link status automatic when the link is down or unavailable.

(LACP mode of LAG must support on both side of Switch and Firewall as same time.).

such as:

Set LAG mode to dynamic LACP on Switch:  Static mode-->Disable (Go to Switch--->LAG--->LAG configuration-->Select LAG port--->Static Mode)

Set LAG mode to dynamic LACP on Firewall A&B.(Please check manual document of firewall)

 

5) <*Optional>these extra function will help you to monitor and control VRRP more  Reliable.

Set VRRP track interface on Firewall(if supported)

Set VRRP Router Priority and Preemption on Firewall(if supported)

 

 

2. Failover.

1) Please check the LAG configuration on both side(stack and GS748T)

All LAG member and LAG port should have same VLAN configuration.

2) Please modify the LAG type to dynamic LACP mode on stack.

such as:

Set LAG mode to dynamic LACP on Switch:  Static mode-->Disable (Go to Switch--->LAG--->LAG configuration-->Select LAG port--->Static Mode)

 

On GS748T, the same LAG type should be configured.

 

Let me know if you have any update.

 

 

BTW,

Please send your maintenance to us if possible. 

We can analyze your scenario more carefully with configuration file and topology.

Please follow as below step to send maintenance information.

 

How do I send diagnostic files from my Smart Switch to NETGEAR community moderators?

http://kb.netgear.com/app/answers/detail/a_id/31438

How do I send diagnostic files from my Managed Switch to NETGEAR community moderators?

http://kb.netgear.com/app/answers/detail/a_id/31439

 

Regards,

Daniel.

 

 

 

 

 

 

KelvinFu's avatar
KelvinFu
Aspirant
Nov 23, 2016

Hi Daniel,

 

thx for your professional support, since I'm off today, I will follow your advise and then test again tmr. Thx very much again.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More