We've recently bought another Sophos Firewall and are having trouble getting it to talk with any cisco switches over LACP.
The setup is as follows
I've created two Separate LAN type zones called MGMT & NOACC (For no access).
Ports 5-8 are aggregated into a LAG interface linked to the NOACC zone.
I then have two VLAN's running over the LAG interface (VLAN 5 and 10).
The firewall is running DHCP for VLAN 5.
VLAN 5 is in the MGMT zone, VLAN 10 is in the LAN zone.
On the switch side, I've got an etherchannel setup on ports 25-28.
It's setup in trunking mode (dot1q) and the native VLAN is set to 1.
The switch is showing that the LACP tunnel is up successfully as does the Sophos Firewall.
The VLAN 5 interface receives an IP from the firewall (On the switch) but otherwise no traffic will flow through the tunnel.
I've also enabled Admin HTTPS and SSH services as well as ICMP on the MGMT and LAN zones.
For the life of me I cannot figure out what is wrong.
Any Help would be greatly appreciated.
Hi Samuel Murray: Please also confirm on the XG side for both the LAG are you getting a proper count of member interface of LAG or not via the below-console command or are you getting member port info…
Hi Samuel Murray: Please also confirm on the XG side for both the LAG are you getting a proper count of member interface of LAG or not via the below-console command or are you getting member port info properly or not on XG via the below command.
console> show network lag-interface <lag-interface-name> runconfig
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.
I can confirm that all the interfaces are showing up in the LAG interface, see below.