802.1q Trunk between 3750 and Checkpoint

MachadoGB · ‎08-28-2008

Hello,

I would liek to know if there is a configuration sample to set up a trunk between a Checkpoint-Nokia FW and a Cisco 3750 switch. I know both boxes can do 802.1q. Please let me know.

Thanks.

Willem de Groot · ‎08-29-2008

Hi,

I have a Checkpoint Cluster on IBM Hardware with Secure Linux connected to my 3560E but not Trunked.

Both Firewalls are connected to the same Switch (Single point of failure).

My interfaces are configed like this:

interface GigabitEthernet0/11

description FW1 eth1 ISP

switchport access vlan 86

switchport mode access

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust

spanning-tree portfast trunk

spanning-tree bpduguard enable

!

interface GigabitEthernet0/12

description FW2 eth1 ISP

switchport access vlan 86

switchport mode access

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust

spanning-tree portfast trunk

spanning-tree bpduguard enable

!

Qos is not necessary.

Failover from one Firewall to the otther ist with no interuption.

Willem

MachadoGB · ‎08-29-2008

Hello Willen,

Thanks for the information. But in my case I have the Firewall doing routing between VLANS, so I need to trunk the Firewal(Checkpoint/Nokia) box to the Cat3750.

I am going to use the normal trunk configuration for the switch side and have the FW selecting the interface I am peering to as trunk with 802.1q trunking protocol running on it.

Thanks,

Gilson