Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Hans.Promanagem

3 Posts

14757

July 3rd, 2012 18:00

PC2824 How to create fail over vLans for redundant firewalls

What I want to create is the scenario drawn found at the bottom of this post. I am in a datacentre. I have two uplinks which give me access to internet (2 redundant 1Gb. lines over which VRRP is used to enable active-passive communications). These uplinks are not tagged with pvID.

I have 2 firewalls which are also active-passive but each one only has one WAN/uplink connection. So i have to create a croslinked config using 4 vLans created on my two Dell powerconnect 2824 switches.

I have this port config:

vLan 1 is on switch 1 and consists of ports 21,22,23
vLan 2 is on switch 2 and consists of ports 21,22,23
vLan 3 is on switch 1 and consists of ports 17,18,19,20
vLan 4 is on switch 2 and consists of ports 17,18,19,20

Each port has a pvID of its respective vLan (admit All, ingress Enabled)
Each port is marked as U (untagged) for its respective vLan

Switch 1 port 21 is connected with switch 1 port 20
Switch 1 port 22 is connected with switch 2 port 19
Switch 2 port 21 is connected with switch 2 port 20
Switch 2 port 22 is connected with switch 1 port 19

Alas no communication with the internet is possible using this configuration. So i am doing something wrong. But i can not figure out what.

Any help is highly appreciated.

Hans.

        +    1   Datacenter uplink    2       +
 +      |                                     |
        |                                     |
     +--+-----------+             +-----------+---+
     | (sw1)vLan1   |             | (sw2) vLan2   |
     +--+-----------...         //+-----------+---+
        |              ...  /////             |
        |                ///.                 |
        |             ////   ....             |
     +--v----------///           ..-----------v---+
     | (sw1) vLan3 |              | (sw2) vLan4   |
     +-+-----------+              +------------+--+
       |                                       |
       |                                       |
     +-v--------------+          +-------------+>---+
     |  Firewall 1    |          |   Firewall 2     |
     +----------------+          +------------------+

 

DELL-Kenny K

685 Posts

July 3rd, 2012 19:00

Hans.Promanagement,

There is a couple things that caught my attention. The first thing would be that it looks like you need to setup routing on the firewall so that you can route traffic between the different VLANs. Another thing I see is that it looks like you are trying to have VLAN 1 failover to VLAN3 but with having the ports set up as an access port(untagged) the ports will not talk. One thing I would like you to do is the following command on both switches to make sure the VLANs are all seen and there is one secondary and one master.

show vrrp interface brief

I would also recommend doing a:

Show ip route

So that we can ensure the routing tables are listed correct. Please let me know what you find. I look forward to hearing from you.

Hans.Promanagem

3 Posts

July 4th, 2012 06:00

Kenny, thank you for your reply. These switches are entry level and don't do routing. In my opinion the problem lies within my vLan config. If I use 4 stand alone switches this will work without using vLan.

In this case i would like to implement this using my 2 PC2824 switces (since I have enough ports available).

DELL-Kenny K

685 Posts

July 5th, 2012 10:00

Okay, to help with the VLAN configuration I would advise taking a look at the following link as on Pg 124 -130 it explains everything on setting up VLAN's.

support.dell.com/.../ug_en.pdf

It also has some screen shots that should be helpful. Let me know how that goes and if there is anything else that you need.

Was this post helpful?

View All

No Events found!

Top