Hello,
Given this: https://imgur.com/TW7jR9P
(sw 1 and 2 are one stacked switch and sw 3 and 4 are another stacked switch)
The plan is to have trunk2 and trunk1 connected to the same aggregated interface (2 physical interfaces per sw, 4 total) and then a fiber link between sw2 and sw4 for redundancy.
So in my head it works like this:
If sw1 fails, sw2 can use sw4 then sw 3to access the fw
If sw2 fails, no problem
If sw3 fails, sw4 can use sw2 then sw1 to access the fw
if sw4 fails, no problem
I'm obviously not expecting more than two sw to fail at once or the fw to fail, that's a risk I'm willing to take.
Now my doubts are:
1.- With STP, I assume either trunk1 or trunk2 will be disabled until the other fails, but is there a way to prevent sw3 from going to sw4 then sw2 then sw1 to reach the firewall instead of using the trunk2 directly? same with sw4.
2.- The fiber uplink (trunk3) will also be disabled by STP until one of the other trunks fail, right? How should I configure that trunk? just a regular trunk with all the required vlans tagged on it?
3.- Do I really need two physical interfaces for each trunk (trunk1 and trunk2) or just one per switch would do it (gigabyte ports, Cisco SG350X)? They would be connected to an aggregated interface (which would have 4 ports, 2 per switch, or 2, one per switch if I dont need to physical interfaces per switch) on a fortigate fw which would do the routing to the Internet.
I've thought of MSTP but since both stacks share the same vlans that wouldnt solve anything for my particular case
Thank you!
No comments:
Post a Comment