NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Two Active Switches With Redundant Uplink
Hi, I am looking to connect both switches to my Firewalla each on port one. I am also looking to create a LAG between the two switches on the sfp ports. I am using the default vlan to assign ip add...
Much easier would be to configure firewalla with multiple ports bridged into a single LAN, and connect these physical ports to one of the switches each.
For this purpose, STP must be enabled on the firewalla on these single LAN for the two bridged ports. This would not make redundancy, but allow two dedicated uplink ports connected to the firewall.
As you have just one active firewall, I'm a little bit lost on how you expect to configure a redundant network. Sure, you could make up a loop and interconnect the two switches direct, permitting you have at lest STP, better some more advanced RSTP to avoid these long recovery times - however, this firewall does not seem to support RSTP.
As STP failover does take 20..30 seconds or more, its not uncommon your network would be blocked fr about 25 seconds following an STP change. https://help.firewalla.com/hc/en-us/articles/14486004537235-Device-is-slow-to-get-an-IP-address-Spanning-Tree-Protocol-STP-
It turns out you were 100% correct, it was a hack.
Upon reading this post I made a few changes:
https://help.firewalla.com/hc/en-us/community/posts/360053051193-New-device-setup-Question-for-GOLD-
I decided I did not want to get into the complexity of a loop system, so I elected for a tree (more like a branch).
Firewalla (fw) => MS510TXM (s1) => MS510TXM (s2)
LAG from fw => s1
LAG from s1 => s2
I have MSTP enabled on s1 and s2
I let the switches auto populate Port Path Cost, and everything just worked.
Things i've learned (which I believe are correct):
1. If STP is not enabled, the up-stream switches wont learn the path to ports on the down-stream switches. I originally assumed that STP was only to block/configure loops.
2. Creating a loop network is more complicated. It is probably easier if my Firewall was Netgear. My first and only attempt to create a loop failed for two reasons: 1) I did not know what I was doing. 2) My connections from my Firewall to each of the 2 Switches was 2.5Gib while the connection between the two Switches was 10Gib. This is non-standard in the enterprise world and I've learned that STP takes into account the connection speed when calculating the Cost, so it was miscalculating the Root.
Thank you for calling my first solution a hack. It just motivated me to dig deeper.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
