This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN Link aggregation or LAN Failover

Hi All,

We've had a core switch failure today. We used to have a Sophos UTM where it allowed us to configure LAN Aggregation. I can't seem to see this on the XG.

Is it possible, i really could do with connecting the XG to an additional core switch to protect against a failure such as what we've experienced.

thanks

This thread was automatically locked due to age.

Top Replies

Vivek Jagad over 1 year ago in reply to JohnHilton +1 suggested

Unbound Example can be seen below:

0 JohnHilton over 1 year ago in reply to Vivek Jagad

excellent thanks again. i'll report back tomorrow. Planning on doing this at home tonight out of hours.
Cancel
Vote Up +1 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to JohnHilton

This seems* to be ok after creating the new AGG group on ports 1 & 5. I did this remotely from Sophos Central via the firewall manager.

Before i did this i connect to the site using Sophos connect and did a few things before hand (like doing a back up).

I've rebooted the XG and reconnected via Central. I can ping internal (LAN) pcs via the new AGG interface so i assuming all is fine?

*That being said. I don't seem to be able to VPN back into the site via Sophos connect, and all the sophos access points are showing as "inactive". I hoping this is a central bug? :s

I'll be on site early tomorrow just in case. Anything that could have caused this?

I connect to the firewall via central, unbound the single LAN port (port1) and noted it's settings. Created a new AGG interface with Port 1 & 5 (both unbound) and entered the address details noted above.

EDIT: looking at the VPN logs on the xg. i'm getting rejected because of wrong credentials. go figure ?

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to JohnHilton

Seems that there's a bug... if i set the lagg to "auto negotiate" the speed, i can't communicate to the LAN, if i set it manually to 1000 everything is fine.

I can see all the Access points and vpn back into the site. i can now access all lan resources.

.......that was a long night....... still better now than during production.
Cancel
Vote Up 0 Vote Down

Cancel
+1 Vivek Jagad over 1 year ago in reply to JohnHilton

Hey JohnHilton,

Yup, that's true this has been reported bug: NC-92783.
Work around is: change the speed settings to manually.
This will be fixed in the next release of the firmware i.e. SFOS 19.0.1 MR1

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to Vivek Jagad

All sorted now, up and running with a LAN LAG link. Thanks for all your input.

Cheers
Cancel
Vote Up +1 Vote Down

Cancel
0 Vivek Jagad over 1 year ago in reply to JohnHilton

Cheers JohnHilton

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bart van der Horst over 1 year ago

Hi John,

Please set the link in the LAG interface to active/backup else you cannot connect a LAG interface to two switches.

Bart van der Horst

Sophos XG v18(.5) / v19 Certified Architect
https://www.bpaz.nl
Cancel
Vote Up 0 Vote Down

Cancel
0 JohnHilton over 1 year ago in reply to Bart van der Horst

Is this defo the case? I currently have it set to lacp active/active........ however one switch is offline (waiting on a replacement power supply) hence the need for lag on the lans
Cancel
Vote Up 0 Vote Down

Cancel