This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG210 HA unlinked and port not blinking

Hello Community,

I have two Sophos UTM SG210 working in HA Mode (SG210A and SG210B).

We recently connected everything on an Aruba switch. The LAN Port on the Aruba switch for SG210B was configured incorrectly. The VLAN for Management wasn't assigned.

At the moment the SG210B is master. So we can't connect to the Aruba Switch in the Management VLAN. The Sophos web interface shows me correctly that SG210A is unlinked. At the same time there are no "blinking" signals on the LAN port of the SG210A and the Aruba port.

Is this behavior normal if a Port is unlinked? Does it behave as if the port is not connected at all?

I am not quite shure if I can shut down SG210B and everything will be ok as soon as SG210A is master.

If the "not blinking port" indicates a Aruba error I will lose LAN completely if SG210A becomes master. But if this is working I can configure the LAN Port of SG210B myself via Aruba web interface (I am not common with the console).

Thanks for your help.



This thread was automatically locked due to age.
Parents
  • Hello,

    if the UTM webinterface shows: "UNLINKED" i think that something on the ARUBA switch config ist wrong.
    Are the network ports activated on the switch and are all cables connected the same to both nodes? (SG210A + SG210B)?


    How are the cables connected? 
    How is the switch configured? (VLANs on which ports?)
    How is HA configured in the utm?

    --> You can set there a HA-SYNC NIC + preferred node



  • Thanks for your answer.

    I know that the vlans are not configured correctly.

    Here is the scheme.

    SG210A | SLAVE | ETH0 | Interfaces (Management, LAN, Additional) > Arruba Port C1 | VLAN (Management, LAN, Additional)

    SG210B | MASTER | ETH0 | Interfaces (Management, LAN, Additional) > Arruba Port C2 | VLAN (LAN)

    So the configuration is different and i think that is why the state of SG210A is unlinked.

    But maybe the state ist unlinked because C1 on Aruba is off in any way.

    I am not shure if the SG210 would send some signals and causing a blinking port even if a port is stated unklinked. Or if the missing signals are due to an error on the Aruba switch.

  • Hello Erik,

    so the interface mapping is the following:

    Sophos Node Role Interface ARUBA Port VLANs
    SG210A SLAVE ETH0 C1 Management, LAN, Additional
    SG210B MASTER ETH0 C2 LAN



    can you check the logfile of the ARUBA Switch?
    --> CLI:  show logging -r

    + Post the configuration of the ARUBA Ports: C1 + C2

    --> CLI: show running-config int C1
    --> CLI: show running-config int C2

    What is the ETH0 interface config in the UTM? --> Ethernet / Ethernet VLAN? 

Reply
  • Hello Erik,

    so the interface mapping is the following:

    Sophos Node Role Interface ARUBA Port VLANs
    SG210A SLAVE ETH0 C1 Management, LAN, Additional
    SG210B MASTER ETH0 C2 LAN



    can you check the logfile of the ARUBA Switch?
    --> CLI:  show logging -r

    + Post the configuration of the ARUBA Ports: C1 + C2

    --> CLI: show running-config int C1
    --> CLI: show running-config int C2

    What is the ETH0 interface config in the UTM? --> Ethernet / Ethernet VLAN? 

Children
  • Hello Bepo,

    thanks again for your help. Last Night i reboot the Aruba switch and the port of SG210A was alive again. I turned off SG210B an I could access the aruba web interface and corrected the vlan config myself. Now the HA works fine.

    Just for my curiosity I tried to connect via console. On our second aruba switch this works fine and I can run your commands. But if I try the same thing on our main aruba switch (which was part of the problem), I get an "can't find file on com3" error starting putty. I think I need to have an aruba expert check this out.

    So the "not blinking" port was definitely an aruba switch problem and not caused of the "unlinked" state of the firewall.

  • Hello Erik,

    ok that sounds good :-)
    Yes check the ARUBA switch configuration. I think that the misconfigured vlans on the ports caused the problem. 

    Best regards 
    Bepo