Hi,
I am setting up a lab with 2 Nokia in VRRP in Master/Backup
mode with 4
interfaces and 1 for the synchro. I connected all the
interfaces without the
synchro one to the same switch but on different VLANs.
Everything worked fine for my lab but after a reboot of the
switch the
configuration was erased and all the VLANs disappeared and I
started to see
some strange behaviour.
I saw some drops on the Firewall and specially on VRRP
multicast address. I
was first thinking that this was normal due to the missing
of the VLANs. But
all my VRIDs (for a member) are different for all the
interfaces. So all the
VMAC are also different.
After reviewing the drops I saw that the message was a
spoofing error from
the firewalls to the multicast address.
I try to make a tcpdump on all my interfaces to 224.0.0.18
and I clearly saw
all the traffic go through it. And I try to see if there is
a problem on the
failover configuration and the Cluster still work fine.
So I try to delete the cluster object and separate each
member only on the
Checkpoint configuration the Nokia cluster was still
available. I did not
perform antispoofing and I put a rule with any any accept. I
still have the
drop on the multicast address and the Nokia cluster was OK.
I checked that it is not recommended to have several
clusters on the same
VLAN or Switch but there is a workaround but only for the
ClusterXL
configuraton and not on Nokia VRRP.
Thus I do not understand this behaviour.
Does anybody have any explanation?
BR
K
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|