HA setup with VLAN

Question

Hi, 
 
 I have 2 XG210 boxes and I want to enable HA. Problem is that on 5 ports I am using VLAN's and only last port is without any VLAN. When I go through HA configuration on aux device I selected nontagged port as dedicated HA link but on primary device I have a problem because I cannot select tagged port as Peer Administration Port. So my question is - is there a way to setup HA on device which has VLAN's on 5 ports and only 1 port dedicated for HA has no VLAN. 
 
 Pawel

lferrara · Accepted Answer

Pawel, 
 you cannot use a port where VLAN exists for even the Administration port. It is a good feature! Open it on ideas.sophos.com 
 Thanks

contact.pl contact.pl · Answer

Good idea Luk. In mean time I did following to solve my configuration problem (I used fact that both Sophos XG and my switch support tagged and non-tagged traffic on same port) 
 - In my case port 5 had 3 VLAN's and one of them was management VLAN which I wanted to use as administration port 
 - I removed management VLAN from interface 5 and configured its IP directly in Port 5 
 - On switch to which Sophos Port 5 is connected I configured that non-tagged traffic should go to management VLAN 
 - In HA configuration I choose port 5 as Administration port 
 I need to test switch-over but for now HA is enabled and up and running :) 
 Pawel

lferrara · Answer

Thanks Contact. 
 This in not an issue. You cannot use ports that are already used for other VLANs or already used in general. On that interface XG has to have to maximum throughtput in order to sync and talk with the peers. Any traffic can reduce the communication and introduce delay. 
 You should plan to move VLANs to other interfaces or upgrade to a higher XG HW. 
 Regards

sachingurung · Answer

Hi Pawel, 
 You can check #7 in my guide here for HA prerequisites. The other articles on HA deployments are easily available online. 
 Thanks