Configuring the switch

Since the firewall is in active mode, the switch can remain in passive mode.

The detailed configuration in this example assumes the user's familiarity with the vendor's command line interface.

Only the link aggregation setup will be covered.

 

CISCO CLI

HP CLI

COMMENTS

Switch(config)# interface range Gi 0/23-24

 

Switch(config-if-range)# channel-group 1 mode passive

 

Switch(config-if-range)# channel-protocol lacp

 

ProCurve(config)# trunk 23-24 trk1 lacp

Configuration of the aggregation in passive LACP mode on ports 23 and 24 in this example.

 

Switch(config-if-range)# exit

 

Switch(config)# interface Port-channel 1

 

Switch(config-if)#switchport mode trunk

 

Switch(config-if)#switchport trunk allowed vlan 2-10

ProCurve(config)# vlan 2 tagged trk1

 

ProCurve(config)# vlan 3 tagged trk1

...

...

...

ProCurve(config-vlan)# vlan 10 tagged trk1

 

Optional commands allowing 802.1q tagging on the logical switch-router link, if VLANs 2 to 10 are used in this example.

 

IMPORTANT

In order to avoid layer 2 issues (instability of the MAC address table, broadcast storm, etc.), configure the aggregate on the firewall and on the switch before interconnecting both appliances.

 

  NOTES

  • After ensuring that the aggregate is running properly (by interrupting the link for example), you will need to back up the configuration of the switch.
  • The naming and numbering of interfaces vary according to the chosen switch model. Refer to the vendor's user guide if necessary.
  • The Port-Security feature found on Cisco and HP switches is not compatible with LACP, and should not be configured on any of the members in the aggregate.