Configuring N3024 Switch as Redundant

Use a static route to direct internal traffic out to the SonicWall by using the commad # ip route.

Page 1556: http://dell.to/1TLLWIA

The command will look something like this: # ip route 0.0.0.0 0.0.0.0 (SonicWall IP)

The SonicWall will also need some routes that will help guide returning traffic back to the internal network.

http://dell.to/1SdpdUh

Are the two core switches stacked? using MLAG? VRRP?

Dear Daniel,

Thanks for your answer.

I forgot to mention that SonicWall series is 2600...

Can SonicWall 2600 is each port  have the same subnet? (port 1 and port 2 have subnet ex : 50.50.50.0/24)

If I have the IP of SonicWall that directly connect to Switch A is : 50.50.50.2

So should I do this?

Switch A:

Interface port 1 :

no switchport

ip addr 50.50.50.1

exit

Switch B:

Interface port 1 

no switchport

???

???

1. For Static Routing, should I do like this :?

Switch A :

ip default-gateway 50.50.50.2

ip route 0.0.0.0 0.0.0.0 50.50.50.2 253

Switch B:

ip default-gateway ???

ip route 0.0.0.0 0.0.0.0 ???  253

2. I'm using VRRP with master & backup mode...

Should I register all VLAN with each VLAN for each VLAN?

for Ex :

Switch A

ip routing

ip vrrp

interface VLAN 10

ip addr 10.10.10.1 /24

vrrp 10

vrrp 10 ip 10.10.10.254

vrrp 10 priority 200

vrrp 10 preempt

vrrp 10 track interface vlan 50 (Should I use this?)

vrrp 10 track ip route 50.50.50.0/24 (or I use this?)

exit

Switch B

ip routing

ip vrrp

interface VLAN 10

ip addr 10.10.10.2 /24

vrrp 10

vrrp 10 ip 10.10.10.254

vrrp 10 priority 200

vrrp 10 preempt

exit

Please need your answer and review for this.

If you all have suggestion/opinion please dont mind.

Thanks before

I would proceed with having a different subnets for the switch to firewall connection.

Here is a guide on how to configure the SonicWall interfaces.

http://dell.to/21vfSrl

SonicWall:

X0 = LAN = 50.50.50.2

X1 = LAN = 50.50.51.2

Switch A:

Interface 1 = Access mode for VLAN 50

VLAN 50 = 50.50.50.1

ip route 0.0.0.0 0.0.0.0 50.50.50.2

Switch B:

Interface 1 = Access mode for VLAN 51

VLAN 51 = 50.50.51.1

ip route 0.0.0.0 0.0.0.0 50.50.51.2

I would implement both of these.

vrrp 10 track interface vlan 50

vrrp 10 track ip route 50.50.50.0/24

There is a good guide on setting up VRRP in the user guide. Page 1314: http://dell.to/2548qI8

The VRRP priority by default is 100. When the values are the same the switches will assign the master role to the switch with the highest IP address. You can save some time and clean up the config by just assigning the highest ip address to the desired master switch.

If you do change the value, I would change the value so that the desired master switch has a higher priority.

Example:

Switch A-  vrrp 10 priority 205

Switch B-  vrrp 10 priority 200

Keep us posted.

Thanks Daniel 

Btw,I have another question,

1. What should I configure to port which is directly connect to SonicWall?

switchport mode access 

switchport access vlan 1

or 

switchport mode trunk

switchport trunk allowed vlan all

2. for VRRP configuration :

vrrp 10 track interface vlan 50

vrrp 10 track ip route 50.50.50.0/24

Should I use this example configuration on each switch or just one switch (Master Switch)?

3. Oh yes, when I'm using VRRP, I get this picture :

Why it have Backup and Master on one switch? Whats the problem? Is it OK?

Thanks again Daniel

For the switch to SonicWall connection you want to use Access mode for the VLAN you have designated for the SonicWall connection. In your previous example you were using VLAN 50.

The track command should be used just on the Master switch.

Can you grab the output from # show vrrp, from both switches? This will give us some more insight on the current vrrp status.

Thanks

Hi Daniel,

Here the output :

From SwitchA (Master) : here

and

From SwitchB (BackUp) : here

Thanks before.

The user guide states that: "The VRRP peers will show as being in the “Master” or

“Initializing” state until the layer 2 network is operational."

This leads me to believe that currently there is no traffic in those other VLANs. leading the backup switch to show a state of "Master" for those VLANs. Could that be true about those VLANs?

Hi Daniel,

Thanks again.

Yes, I still using VLAN 1 to pass traffic, still dont try the another one.

For SonicWall, can X0 and X1 the same VLAN?

ex: (All with  vrrp 10 ip 50.50.50.254)

X0 = LAN = 50.50.50.2

X1 = LAN = 50.50.50.2

Switch A:

Interface 1 = Access mode for VLAN 50

VLAN 50 = 50.50.50.253

ip route 0.0.0.0 0.0.0.0 50.50.50.2

Switch B:

Interface 1 = Access mode for VLAN 50

Int VLAN 50 = 50.50.50.254

ip route 0.0.0.0 0.0.0.0 50.50.50.2

or

X0 = LAN = 50.50.50.2

X1 = LA;N = 50.50.50.3

Switch A :

Interface 1 = Access mode for VLAN 50

VLAN 50 = 50.50.50.252

ip route 0.0.0.0 0.0.0.0 50.50.50.2

Switch B:

Interface 1 = Access mode for VLAN 50

Int VLAN 50 = 50.50.50.253

ip route 0.0.0.0 0.0.0.0 50.50.50.3

Thanks before

I don't think you can assign the same IP to multiple interfaces on the SonicWall. So option 2 would be the way to go.

Hi Daniel,

So from your answer, the Gateway on SonicWall (X0 & X1) can be the same VLAN but different IP address.

And CMIIW for the conclusion for this topology :

SONICWALL

X0 : 10.10.10.1/24

X1 : 10.10.10.2/24

SWITCH A

ip routing

ip vrrp

interface port 2

switchport mode trunk

Interface VLAN 10

ip address 10.10.10.252 /24

vrrp 10

vrrp 10 ip 10.10.10.254

vrrp 10 priority 200

vrrp 10 preempt

vrrp 10 track interface vlan 10

vrrp 10 track ip route 10.10.10.0/24 

exit

ip route 0.0.0.0 0.0.0.0 10.10.10.1

SWITCH B

ip routing

ip vrrp

interface port 2

switchport mode trunk

Interface VLAN 10

ip address 10.10.10.253 /24

vrrp 10

vrrp 10 ip 10.10.10.254

vrrp 10 priority 200

vrrp 10 preempt 

exit

ip route 0.0.0.0 0.0.0.0 10.10.10.2

NOTE : Each VLAN (20,30) must be set to VRRP one each switch just like VLAN 10 but with the same subnet of their IP.

VLAN 20 : 20.20.20.xxx/24

VLAN 30 : 30.30.30.xxx/24

Thanks before 

I believe you can use the same VLAN, just need a different IP address. During configuration, if the firewall does not allow for this, then be prepared to introduce a new VLAN, as in my previous example with VLAN 51.

VLAN 10 should not be used for your connection from switch to firewall. You should use a dedicated VLAN/subnet for that connection.

Thanks a lot Daniel,

How about the VRRP when Im using different VLAN on each switch that direct to firewall (VLAN 50 & VLAN 51)?

Should I use  different track ip route on VRRP or only on master?

ip route 0.0.0.0 0.0.0.0 50.50.50.1

vrrp 50 ip 50.50.50.254

vrrp 50 priority 200

vrrp 50 track interface vlan 50 

vrrp 50 track ip route 50.50.50.0/24

vrrp 50 preempt

and

ip route 0.0.0.0 0.0.0.0 50.50.51.1

vrrp 51 ip 50.50.51.254

vrrp 51 priority 195

vrrp 51 track interface vlan 51 

vrrp 51 track ip route 50.50.51.0/24

vrrp 51 preempt

And for the link that from/to storage & server, should I use spanning-tree portfast?