Configure Branch HA with Internet, MPLS, Layer 2 LAN Switch
Let us learn more about on Configure Branch HA with Internet, MPLS, Layer 2 LAN Switch Topology-2 in Prisma SD-WAN.
In this topology, the internet link terminates on one ION device, and the MPLS link terminates on the second ION device. The LAN switches are Layer 2 switches. The following example shows a sample configuration for an ION 2000, but you can use an ION 3000, ION 7000, or ION 9000 if more throughput is required.
- Configure physical connections.
- Connect the controller port of each ION device to the local LAN.Connect both in the same subnet if possible so that you can use the interfaces for HA control communication. In this example, the ION device controller port IP addresses are in VLAN 100 and are 10.10.100.10/24 and 10.10.100.11/24, respectively.
- Connect port 1 of each ION device to each of the Layer 2 switches with the same sub-interfaces and IP addresses configured on both ION devices.
- Configure the same IP address for port 1 for both the ION devices. Only the Active ION device responds to ARP requests for this IP address.To enable this interface to be used for LAN traffic forwarding,Enable L3 LAN Forwardingwhen you configure the device.
- Connect the internet circuit on the fail-to-wire bypass pair WAN port 4 on the ION 2000 of the active ION device.
- Connect port 5 of the active ION device to port 2 of the backup ION device. Port 2 of the backup ION device is an Internet port with the same IP address as the active ION device bypass ports 4/5. The IP address is configured asStaticorDHCP.
- Connect the MPLS circuit on the fail-to-wire bypass pair WAN port 4 on the ION 2000 of the backup ION device.
- Connect port 5 of the backup ION device to port 2 of the active ION device. Port 2 of the active ION device is an Internet port with the same IP address as the backup ION device bypass ports 4/5. The IP address is configured asStaticorDHCP.
- Configure interfaces.Port-Interface TypeIn Active ION Device Use These Ports ForIn Backup ION Device Use These Ports ForPort 1-Sub-InterfaceLANLANPort 2-PortPrivate WANInternetPort 4, Port 5-Bypass PairPrivate WANPrivate WANThe following images display the port configuration screens of the active and backup ION devices used in this specific scenario.On the ION 3000, the front panel ports are labeled as Internet and Internet Bypass and may need to be configured as a bypass pair. On the ION 7000, ports 5, 6 and 7, 8 have fail-to-wire capability and can be configured as either WAN-side or LAN-side when creating the bypass pair. If BGP peering to the MPLS PE or WAN side static routes are required, this must be done on each device individually and the settings must be the same.
- Configure HA Groups.
- On theEdit HA-Groupscreen, enablePreemptand set theAdvertisement Intervalto one second.
- On theSpoke HA Configurationscreen for the active ION device, setPriorityto 150, configure the controller port as the HA control interface and enable tracking for the LAN port with a priority reduction value of 150.
- On theSpoke HA Configurationscreen for the backup ION device, setPriorityto 100, configure the controller port as the HA control interface and enable tracking for the LAN port with a priority reduction value of 100.
- Add the ION Devices to the HA Groups.
Recommended For You
Recommended videos not found.