Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Connecting a Check Point VSX cluster to a stack of switches : port channel or not?

Jump to solution

I have a VSX cluster (VSLS) of two Check point appliances. I want to connect one network cable from each cluster member to a stack of two network switches as follow:

CP-switch-connection.png

 

The stack of two switches is acting as one switch.

From what I understand, I will have different MAC addresses on the two ports since each VSX cluster member has their own. But a virtual MAC is used where the active VS is running. So the virtual MAC will move from one port to the other.

My question is : what kind of configuration should I make on the switch?

  1. Should I group the ports into a port-channel
  2. or not? (And let the switch thinks it is connected to two different devices?)

 

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Champion
Champion

you only grouping ports on the switches to a port channel if they are terminated on the bond consisting of at least two interfaces of the Check Point VSX on a single cluster member.

You cannot create a port channel on Cisco stack and expect two different cluster members treat it is a single bond.

You should be able to connect two interfaces from each Check Point VSX cluster member that are grouped into a bond, to two Cisco switches in a stack with corresponding Cisco interfaces grouped into a Port Channel.

View solution in original post

1 Reply
Highlighted
Champion
Champion

you only grouping ports on the switches to a port channel if they are terminated on the bond consisting of at least two interfaces of the Check Point VSX on a single cluster member.

You cannot create a port channel on Cisco stack and expect two different cluster members treat it is a single bond.

You should be able to connect two interfaces from each Check Point VSX cluster member that are grouped into a bond, to two Cisco switches in a stack with corresponding Cisco interfaces grouped into a Port Channel.

View solution in original post