hope everything is well.
i have the attached design, and i wonder if i can use the two Core N3024 switches as VRRP for the vlans of edge switches and in the same time to make them MLAG domain.
means in the attached design i want to make MLAG between the edge and core to expand bandwidth and for high availability of the hosts configure the same tow core as VRRP for vlans.
because in some dell docs they apply the VRRP feature on core switch and MLAG on Distribution switch so that confused for applying both features on same core switches as in my case
any update please
This can absolutely be done. The MLAG deployment guide has an example on page 31 that details the use of VRRP with MLAG. The example also includes the configuration that is used on each switch.
Daniel Covey Dell EMC | Enterprise Support ServicesGet support on Twitter: @DellCaresPRO
Download our QRL app: iOS, Android, Windows
yes thank you daniel.
another question if i have the above scenario and each edge switch is placed in different building,
and each switch has uplink to core. as in the previous attached PDF.
what is the best case scnario to make the security. in this way
each building talk to core but buildings cannot talk to each other but can talk to core ( Data Center)
each building has its own vlan.
2. trunk allowed
The implementation of ACLs will be a good way of controlling which VLANs can communicate with each other.
# ip access-list test123
# deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
# deny ip 10.10.1.0 0.0.0.255 10.10.3.0 0.0.0.255
# deny ip 10.10.1.0 0.0.0.255 10.10.4.0 0.0.0.255
# deny ip 10.10.1.0 0.0.0.255 10.10.5.0 0.0.0.255
# permit ip any any
# interface port-channel 1# ip access-group test123 in
This example denies ingress traffic from accessing the specific subnets, while at the end permitting access to everything else.