Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    vpc with pfsense HA

    HA/CARP/VIPs
    vpc
    2
    4
    890
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      c5244714
      last edited by

      Hello.
      0_1547055277245_pfsense_ha_dual_sw.png

      i want to implement two pfsense in HA (exactly as in the topology attached) and connect them to LAN network with two NEXUS switch that in redundancy ( VPC and not STACK).
      now, if i use two 3850 cisco with stack (redundancy ) i just connect each cable from each pfsense to each port of the 3850 stack members (pfsense1 goes to 3850-stack_member1 and pfsense 2 goes to 3850-stack_member2) and spanning tree will take care the loop. but how will it work with nexus? can i connect each pfsense device/apliance to each nexus (Orphan port)? no loop issue with this topology?
      Second option : configure in the nexus two ports as member (VPC Member) and connect each of the port to each of the pfsense.
      please advice if it possible/
      thanks

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Spanning tree is not required to deal with loops in the 3850 stack configuration so not sure what the rest of your question is about. There is no layer 2 loop in an HA configuration.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          c5244714
          last edited by

          Hello.
          thanks for your answer.
          i'm dealing with two 9300 nexus switches which are not connected VIA stack, but VPC (peer-link).
          so the same questions remain - which mechanism deals with loops? vpc or spanning tree.
          remember that the case is pfsense HA are not connected as member ports but , orphan

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by Derelict

            Still not sure what you are asking.

            There are no loops in an HA setup.

            Seems like more of a question for Cisco.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.