Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 12596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HA setup with VLAN

contact.pl contact.pl

Hi,

 

I have 2 XG210 boxes and I want to enable HA. Problem is that on 5 ports I am using VLAN's and only last port is without any VLAN. When I go through HA configuration on aux device I selected nontagged port as dedicated HA link but on primary device I have a problem because I cannot select tagged port as Peer Administration Port. So my question is - is there a way to setup HA on device which has VLAN's on 5 ports and only 1 port dedicated for HA has no VLAN.

 

Pawel



This thread was automatically locked due to age.
Parents
  • 0

    Hi Pawel, 

    You can check #7 in my guide here for HA prerequisites. The other articles on HA deployments are easily available online.

    Thanks

  • 0 in reply to sachingurung

    Sachin,

    Thanks for links but I think I read this and some other articles but they all refer to HA sync port which I fully understand must be a dedicated physical port.  My question is related to Peer Administration Port which from my understanding is just used to connect through webUI to aux device so I don't see reason why it would need another dedicated physical port. Based on what I currently see I need 2 dedicated ports to have HA - one for HA Link and one as Administration Port and this is what no manual mentions :)

    Pawel 

  • +1 in reply to contact.pl contact.pl

    Pawel,

    you cannot use a port where VLAN exists for even the Administration port. It is a good feature! Open it on ideas.sophos.com

    Thanks

  • +1 in reply to lferrara

    Good idea Luk. In mean time I did following to solve my configuration problem (I used fact that both Sophos XG and my switch support tagged and non-tagged traffic on same port)

    - In my case port 5 had 3 VLAN's and one of them was management VLAN which I wanted to use as administration port

    - I removed management VLAN from interface 5 and configured its IP directly in Port 5

    - On switch to which Sophos Port 5 is connected I configured that non-tagged traffic should go to management VLAN

    - In HA configuration I choose port 5 as Administration port

    I need to test switch-over but for now HA is enabled and up and running :)

    Pawel

  • 0 in reply to contact.pl contact.pl

    I was not aware you could not have a VLAN on the administration port. My admin port is on a LAG interface and has VLAN's on it. Strange it let me do it that way.

  • 0 in reply to MichaelBolton

    Hello Michael

    We encounter a similar setup for our two-node XG210 FW cluster. Mng. IPs in LAG ports together with one VLAN on it. Did you notice any delay with communication as described above in the thread? Thanks.

     

    PM

Reply Children
No Data