Hi,
I am looking for some recommendations, on how to configure, (1) MX 100 firewall, connected to (2) separate Cisco 9400 Core LAN switches in a HSRP redundancy setup. The Cores will have various L3 SVI VLANs for intervlan routing.
I am unsure on what I need to do on the Cisco Cores and the MX100 to have a full redundant topology here with any issues or asymmetric routing.
Also confused on how to configure the MX100 LAN interfaces going to each core.
Any other useful info please share.
Diagram below.
Thank you!
I use a single MX84 at many sites, connected to two 9K switches running VPC/HSRP for L3 etc.
What I usually do is on CORE2, I'll set the port the MX connect to to have a lower spanning-tree cost, so core 2 is the one that blocks the port.
spanning-tree vlan XXX cost 10
Never had any issues yet. Tested failover from both sides, unplugging cables, powering off one 9k etc. Fail-over is pretty quick and I prefer having some form of redundancy vs nothing. Just really with the MX line would start supporting LACP or something.
To clarify also. I used to only have a single connection from MX to CORE 1. Since the MX doesn't support port-channeling etc. Wanted to keep things simple.
Had it like that for almost 2 years, until CORE 1 at a site had an issue, which ended up taking down the guest network which the MX was the gateway of etc. Not a huge deal to have onsite move the cable, but an annoyance none the less.
After that I said bah-hum-bug, and so they connect to both now, and STP so far has never caused me any grief.
