SG-7100 with HA wiring?



  • I have some experience with HA on SG-1100's as a router-on-a-stick. I'm interested in getting a pair of SG-7100's with HA but I'd like to not have to rely on trunking. Is the diagram below how I should implement this with SG-7100's?

    SG-7100 HA.jpeg


  • Netgate Administrator

    'Trunking' can mean different things depending on which vendors terminology you're using.
    What exactly are wanting to avoid here?

    Steve



  • I just thought I'd simplify everything since I have the additional ports with a SG-7100 as opposed to the SG-1100, as displayed in the diagram.

    I ask because with the SG-1100 I have a small unmanaged switch on both the WAN and LAN side of the NETGATE unit. It would seem that the previously listed diagram would logically provide the same port relationship as a router-on-a-stick given the addition of ports on the SG-7100... if that makes sense...?

    I'm just trying to take advantage of the ability to simplify things... I hope. ;)


  • Netgate Administrator

    The 1G ports on the XG-7100 are connected via it's internal switch so it is still technically 'router-on-a-stick' if you connect it like that. What you have suggested will work.
    If you are settings this up specifically as HA I would recommend getting the 4 port expansion card in the XG-7100 and using those ports for the failover interfaces. Those will allow the nodes to demote themselves correctly if the link is lost due to a cable or port failure.

    Steve



  • Ah. I see. Thanks for that.

    So router-on-a-stick does not strictly mean trunked VLANs into one router port...? It's a logical concept, so-to-speak?


  • Netgate Administrator

    Yeah it is more of a logical concept in terms of how the ports and switches are arranged. In the XG-7100 the switch is within the device but the actual routing is carried out between VLANs just as it would be with a firewall with a single NIC. The VLANs actually run over a lagg group of two 5G ports internally but logically it's the same.

    Steve


Log in to reply