topic Re: Maestro connection to SMS without a switch in Hyperscale Firewall (Maestro)

Maestro connection to SMS without a switch

marcyn — Fri, 18 Nov 2022 13:40:10 GMT

Hi CheckMates,

I want to create small rack platform (box) with:

1x MHO140 (1U)
1x SMS (1U)
4x SGMs (8U)

And I was wondering if I can handle it ... without a switch.

What I want to achieve is to have demo platform for potential Customer to whom I will send Maestro for testing in their environment.

So it should work something like this:
1) LAN1, LAN2, ..., LANx, DMZ1, DMZ2, ..., DMZx, WAN1, WAN2, ..., WANx - all of these internal and external networks Customer will connect to uplink ports in MHO

2) Customer will connect his mgmt network to MHO's mgmt1 or mgmt2 port (these on back)
3) all SGMs will be already connected via DAC cables to MHOs downlink p
4) MHO MGMT (not mgmt1, mgmt2 on back but these first 4 ports in front) port will be already connected to SMS

So only thing they should do is to connect their networks to 10G uplink ports, and one ethernet cable to mgmt1/2 on back.

And with the above scenario I encountered following issues:
1) does connection from MHO MGMT port to SMS has to be to the SMS's MGMT port or any of 10G ports in SMS ? .... if it does, then I have a problem because on MHO it is 10G SFP interface ... and on SMS it is 1G ethernet interface
Probably I can resolve this issue by using gigabit ethernet SFP module connected to MGMT port in MHO ... does anyone tried that already ?
2) but ... if the above will work how I will connect to this SMS MGMT interface from outsite of Maestro ? There is only one MGMT port on SMS side ... which will be occupied by Maestro. Can I bound "normal" SMS's interface with this MGMT ? So that I will have "2 ports" for MGMT (one for Maestro and one for Customer's network - so that he can connect to SMS from his network).

So in summary I think about such connections:
1) MHO MGMT -> SMS MGMT (port1)
2) Customer's network in MGMT subnet -> SMS MGMT (port2)
3) Rest of Customer's networks -> MHO uplinks
4) MHO downlinks -> SGMs
5) and of course MHO mgmt1 port (in back) -> Customer's network in MGMT subnet (the same as 2nd point above)

Sure I will have absolutely no problems if I will use 10G switch and such of connections:
1) Customer's network in MGMT subnet -> switch
2) Maestro mgmt1/2 port -> switch
3) Maestro MGMT port -> switch -> SMS
But ... I don't have free space in this box for a switch 🙂

Maybe somebody will have interesting idea how to solve this issue.

--
Best
Marcin

Re: Maestro connection to SMS without a switch

_Val_ — Mon, 21 Nov 2022 07:32:11 GMT

@Anatoly , @Lari_Luoma can you please advise here?

Re: Maestro connection to SMS without a switch

marcyn — Mon, 21 Nov 2022 17:44:09 GMT

Hi again,

It looks like I have it already solved.
I had some time and phisical access to these devices so I decided to test my idea ... and hopefully it works like a charm.

Here is what I did:

1) first of all I logged in to SMS gaia portal and added ethernet ports and SFP ports to a bridge
2) then I switched mgmt interface to br1

And ... as you probably already know - it works flawlessly.
Now I have:
1x Maestro
1x SMS
4x SGM
All connected without any phisical switch (you can say there is virtual one ... br1 🙂 ).
And if Customer will have pure ethernet based network ... he can connect to ethernet port of SMS, if he will have fiber he can connect to fiber ... perfect !

So in case anybody else is wondering if it is possible - it is.

--
Best
Marcin

Re: Maestro connection to SMS without a switch

Lari_Luoma — Mon, 21 Nov 2022 16:12:27 GMT

You can get a C3750 switch with gigabit links from e-bay for under $200. That's what I did in my lab and works great! While you might get it working without one, having a switch would make things a bit easier. 🙂

Re: Maestro connection to SMS without a switch

marcyn — Mon, 21 Nov 2022 17:38:40 GMT

Lari, money was not a problem at all... but lack of space for such a switch (I have only 0,5U free 🙂 ).

But all ended as expected - it works as perfectly as Maestro deserves 🙂

--
Best
Marcin