- CheckMates
- :
- Products
- :
- Quantum
- :
- Maestro Masters
- :
- Maestro - Dual Side Question?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maestro - Dual Side Question?
Check Point support L2 connectivity via switches for dual side integration, however, it must support Q-in-Q as well.
Latency requirement is <100ms and <5% loss.
Now my questions:
- In all documentation I only found the following IP scheme. Can this be changed on the orchestrator side? The background to the question is that the customer uses 192.0.2.0/24 this network and would like to use other IP's.
- I can change the "inter-side-sync" with the following command:
> set maestro port 1/47/1 type site_sync
> set maestro configuration orchestrator-site-vlan 1000
I would also define a trunk port on the cisco switch and add VLAN 1000 (red arrow in the picture).
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport trunk allow vlan 1000
Is that all or is there more to configure here on orchestrator and cisco side.
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
- Tags:
- performance
3 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Heiko, AFAIK the 192.0.2.0/24 representative SGM internal vlan without affecting you existing network. this is network between your MHO and SGM downlinks.
maybe other Maestro users know more about this
Best Regards
Kim
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Kim_Moberg
thanks for the answer.
It is not a question about a down link but about an "inter-side-sync" link over a switch from datacenter 1 to datacenter 2.
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
- Tags:
- performance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe the Cisco config is missing the QinQ and LLDP tunnelling, should be something like below:
Interface EthX/Y
switchport access vlan xyz
switchport mode dot1q-tunnel
l2protocol tunnel all (or you can limit to the appropriate ones for you).
Not sure if the 192.0.2.0/24 addresses are changeable but not supposed to participate in any routing outside the MHO...
Maestro - Dual Side Question?
Check Point support L2 connectivity via switches for dual side integration, however, it must support Q-in-Q as well.
Latency requirement is <100ms and <5% loss.
Now my questions:
- In all documentation I only found the following IP scheme. Can this be changed on the orchestrator side? The background to the question is that the customer uses 192.0.2.0/24 this network and would like to use other IP's.
- I can change the "inter-side-sync" with the following command:
> set maestro port 1/47/1 type site_sync
> set maestro configuration orchestrator-site-vlan 1000
I would also define a trunk port on the cisco switch and add VLAN 1000 (red arrow in the picture).
switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport trunk allow vlan 1000
Is that all or is there more to configure here on orchestrator and cisco side.
.png "Wolfgang"){kind=avatar}
