08-25-2011 01:55 PM
I have a 5060 I'd like to carve up and use one of the vsys's on it for a back-end firewall. My plan was to take two of the 10Gb ports and LAG them together, sending all 4 of my vlans in and out on that one trunk. Will that work, or is there a better way to architect this setup?
I'm a little lost in setting this up and creating the vlans to reside within it.
08-28-2011 07:08 AM
@cmaier,
For Link aggrigation it depends on what kind of bandwidth/Availabilty you are looking into. Normally 1 10G is sufficient in most of the environments and again it depends on your environment. I can give you any suggestions if you can provide me with your network architecture and what are you trying to achieve.
For pump vlan on trunk links you have two options.
1. Create a L3 interface and then create L3 sub-interfaces for each of the four vlans with opropriate vlan Taging, zone, vr-router, VSYS. I would suggest create 4 zones for each of the 4 vlans your trying to use.
2. Create 4 vlans, 4 zones, under network tab and 4 vlan interfaces under network >interfaces. In this case the 10G trunk link will be a layer 2 interface.
Under both the conditions the switch side of the link is always a trunk link.
I'm assuming you are assigning all this objects to the new VSYS that you want to create. If have any question email or reply to this.
Both of them just work fine.
Thanks,
Raj
08-25-2011 07:56 PM
@cmaier:
Your plan looks doable.
If you do this I would recommend making L3 subinterfaces on the aggregate link.
L2 / L3 setups can be more involved if things are not working properly and my experience suggests that keeping it simple and sticking with a full L3 setup would be the way to go.
If you need design guidance you should work with your Sales Engineer to find the right solution for your environment.
-Benjamin
08-28-2011 07:08 AM
@cmaier,
For Link aggrigation it depends on what kind of bandwidth/Availabilty you are looking into. Normally 1 10G is sufficient in most of the environments and again it depends on your environment. I can give you any suggestions if you can provide me with your network architecture and what are you trying to achieve.
For pump vlan on trunk links you have two options.
1. Create a L3 interface and then create L3 sub-interfaces for each of the four vlans with opropriate vlan Taging, zone, vr-router, VSYS. I would suggest create 4 zones for each of the 4 vlans your trying to use.
2. Create 4 vlans, 4 zones, under network tab and 4 vlan interfaces under network >interfaces. In this case the 10G trunk link will be a layer 2 interface.
Under both the conditions the switch side of the link is always a trunk link.
I'm assuming you are assigning all this objects to the new VSYS that you want to create. If have any question email or reply to this.
Both of them just work fine.
Thanks,
Raj
08-29-2011 08:12 AM
Raj,
Your explanation is exactly what I did and it seems to be functioning OK - L3 subinterfaces of the agg group that are tagged and IP'ed. I was concerned initially because I wasn't able to ping any of the subinterfaces, but reading through some other posts, I realize I have to create an Interface Mgmt Profile in order to gain this "functionality."
Thanks!
Chris
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
