We have 2 data-centers/MER
1 MX450 every MER (warm spare)
2 MS425 every MER (4 in total)
Firewalls are configured as warm spare and have both connectivity to internet WAN1
HA is fine via created LIII interface and management IP addresses.
4 switches are stacked (2 with stack-cable, between DC via port 32)
1 uplink cable from MS to MX in every DC
This works fine so far. Everything is up but to minimum downtime we want to have uplinks from every MS to MX, but
when I connect a uplink for switch 3 to the active firewall everything went down.
I suppose RSTP will help to block one of the uplinks so no looping will occur.
MX interface have: drop untagged traffic to MS enabled
MS interface have vlan1000 as native VLAN, but no LIII exists (best practice Cisco)
Does anyone know the answer to use 4 cables from stack to 2 firewall without breaking everything.
Solved! Go to Solution.
Since the MXs cannot do LACP generally speaking you would not connect multiple links from a single switch to a single MX. If you do do this you're subject to the rules of STP in handling loops. The MX will transparently pass BPDU's received on one link to another link (i.e. a switch may receive its own BPDU back on a different interface).
An alternative would be to make the links L3 instead of L2. You could create multiple transit networks, one per link, and connect those between your stack and the MX. Granted, the MS can;t do routed ports, but you can mimic the functionality with a single access port and an SVI.
I enabled native vlan and now BPDU packets are traversing the interface. All interfaces are up and running (and some are blocked as designed)
thanks for helping