Question

Why VSP 8600 connection with palo alto by mlt and lacp between two core-switch and only one firewall loop into screenshot below.

  • 15 August 2019
  • 3 replies
  • 228 views

In this case looping on new port between Firewall and Core-Switch. Could you please advise for configure on core-switch.


3 replies

Userlevel 3
Not sure I understand.
Your diagram shows the firewall only has LAGs on one side.
You are looking for how to configure those LAGs as dual-homed SMLTs ?
Or you have a problem with network loops ?
@Ludovico Stevens Thank a lot for help.

I have a problem with network loops between the firewall and Core, if I tried to do add LAG on Core-Switch 2. Could you please advice me.
I'm not sure, I must have configure as dual-homed SMLTs on Core-Switch both. 😊
Userlevel 3
Here is an example of configuring LACP-SMLT on a Virtual-IST VSP Cluster
Config is identical on BOTH VSPs.

Global LACP config,
code:
lacp smlt-sys-id 82:bb:00:00:31:32
lacp enable


If your VSPs a SPB fabric enabled, make the smlt-sys-id the same as your smlt-virt-bmac; otherwise just chose any MAC as long as it's the same on both VSPs.

MLT config:
code:
mlt 13 enable
interface mlt 13
smlt
lacp enable key 13
exit


I like to make MLT-id = LACP key, but that's just my convention.

Port config:
code:
interface GigabitEthernet 2/13
lacp key 13 aggregation enable timeout-time short
lacp enable
exit
interface GigabitEthernet 2/14
lacp key 13 aggregation enable timeout-time short
lacp enable
exit

Reply