Connecting a XG Cluster to a virtual stacked switch cluster

Question

Hello, 
 I have a question regarding the configuration of a XG-Cluster, where the firewalls are connected to a virtual stacked switch pair. For better understanding, I have drawed this picture: 
 (Both clusters are configured in A/P mode) 
 
 The Connections between the both firewall pairs are clear (bridging two ports on each firewall for failover - or is there a smarter way?) My main question is how to configure the connection from the XG-Cluster to the switches. As the switches are stacked, they behaive as one logical switch. The cabling above would produce a loop, because the logical switch has always two active connections to the active firewall. 
 The Dell switches supporting MLAG to switch the traffic over multible pathes but not along with other devices then Dell switches though:( 
 So do you guyes have any idea how to cable this failover scenario without loops?

Bart van der Horst · Answer

In the Sophos Cluster A/P you make the ports to the switches a trunk or LACP, on the virtual stack make the port on switch 1 and switch 2 a LACP or LAG (maybe dynamic LAG, don't know how Dell is calling this). Do this for every Sophos to a different LAG or LACP port on the switches and your done. 
 Basically, an LACP or LAG interface are 2 or more ports that are single logical link and hence no loop. An LACP or LAG interface can only be Point to Point But since your switches are a virtual stack that's logical a single point, your point 1 the Sophos LACP interface and the logical LACP or LAG interface on the two switches are logical also a single point, so point 2. Hence point to point. 
 I have no Dell switches, so i can not tell you how to configure them. On HPE it's called a LACP Trunk. Most other switches call it a LAG or (link aggregation group). 
 Hope this helps. 
 
 Bart

Connecting a XG Cluster to a virtual stacked switch cluster

Top Replies