Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 26 subscribers
  • Views 3125 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAG XG 330

cheikh ka

Hi,

i have 1 sophos XG330 and 2 cisco 4500 with redondancy

i create on LAG interface with 2 interfaces (one from switch A, one from switch B)

i set the 2 interfaces of switch with trunk

sometimes the LAN don't get internet, but when i edit the LAG, and save it again, the LAN get internet again 

the same thing happened when i set it LACP or Active-Backup

i need help for that



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi cheikh ka,

    The LAG would need to be configured on both ends of the link, i.e. on both XG and Switch end.

    From the description, it sounds like the LAG is not configured on the switch end and the STP may have one of the links blocked. 

    Please refer to the below link for LAG on XG - 

    Sophos XG Firewall: How to Configure Link Aggregation (LAG)

  • 0 in reply to FormerMember

    Hi, 

    this is exactly how i set the LAG on the Sophos as the link you sended me

    the switch interfaces faced to Sophos interfaces are set to trunk, as you can see it on the capture

     

  • 0 in reply to cheikh ka

    Hi,

    with the same architecture i set sub-interface attached to the LAG i create before (Vlan interface for each VLAN) which are gateway for each vlan

    when i set ACL (Add User/network rule) to allow trafic from one vlan to another i did not work (i unchecked ''Match known users''

    do someone meet this kind of issues?

    and solve it?

    i got this issue when the version of the firmware version was SFOS 17.1.3 MR-3

    I update it today to SFOS 17.5.9 MR-9

     

    i guess when i set sub-interface (Vlan interface for each VLAN) which are gateway for each vlan then i dont need to set routing on sophos for inter vlan routing

    as those sub-interface are connected to the LAG but To make vlan communicate between them we need firewall set, is this correct?

     

Reply
  • 0 in reply to cheikh ka

    Hi,

    with the same architecture i set sub-interface attached to the LAG i create before (Vlan interface for each VLAN) which are gateway for each vlan

    when i set ACL (Add User/network rule) to allow trafic from one vlan to another i did not work (i unchecked ''Match known users''

    do someone meet this kind of issues?

    and solve it?

    i got this issue when the version of the firmware version was SFOS 17.1.3 MR-3

    I update it today to SFOS 17.5.9 MR-9

     

    i guess when i set sub-interface (Vlan interface for each VLAN) which are gateway for each vlan then i dont need to set routing on sophos for inter vlan routing

    as those sub-interface are connected to the LAG but To make vlan communicate between them we need firewall set, is this correct?

     

Children
  • FormerMember
    0 FormerMember in reply to cheikh ka

    cheikh ka said:

    Hi,

    with the same architecture i set sub-interface attached to the LAG i create before (Vlan interface for each VLAN) which are gateway for each vlan

    when i set ACL (Add User/network rule) to allow trafic from one vlan to another i did not work (i unchecked ''Match known users''

    do someone meet this kind of issues?

    and solve it?

    i got this issue when the version of the firmware version was SFOS 17.1.3 MR-3

    I update it today to SFOS 17.5.9 MR-9

     

    i guess when i set sub-interface (Vlan interface for each VLAN) which are gateway for each vlan then i dont need to set routing on sophos for inter vlan routing

    as those sub-interface are connected to the LAG but To make vlan communicate between them we need firewall set, is this correct?

     

     

    I would suggest to check on Log Viewer and see if the traffic hits the correct firewall rule you created for VLAN to VLAN firewall rule -