[j-nsp] nsrp ha link over ex4200
Tim Eberhard
xmin0s at gmail.com
Tue Apr 28 13:50:15 EDT 2009
Silly question...
Why would you not just cable the firewalls directly into each other? What is
the point of adding a couple of additional points of failure if you don't
have to?
Unless you're working with two firewalls at two physical geographic
locations I see no reason to have a switch in between the two firewalls.
Perhaps I don't clearly understand what your goals and reasons for using the
switches are.
-Tim Eberhard
On Tue, Apr 28, 2009 at 3:17 AM, Yordan Boikov <boikov at spnet.net> wrote:
> Hi,
>
> we have two SSG 520M firewalls and two ex4200 switches
>
>
> [ SSG520M fw1 ][eth1/7] ----- [ge-0/0/3][ ex4200 sw1
> ][ge-0/1/2]===trunk===[ge-0/1/2][ ex4200 sw2 ][ge-0/0/3] ---- [eth1/7][
> SSG520M fw2 ]
>
> I want to configure HA between fw1 and fw2
> the problem is that sw2 doesn't see fw1
>
> sw1>show ethernet-switching table vlan ha-vlan
> Ethernet-switching table: 2 unicast entries
> VLAN MAC address Type Age Interfaces
> ha-vlan * Flood - All-members
> ha-vlan 00:22:83:88:38:15 Learn 0 ge-0/0/3.0
> ha-vlan 00:22:83:88:3f:15 Learn 0 ge-0/1/2.0
>
> sw2> show ethernet-switching table vlan ha-vlan
> Ethernet-switching table: 1 unicast entries
> VLAN MAC address Type Age Interfaces
> ha-vlan * Flood - All-members
> ha-vlan 00:22:83:88:3f:15 Learn 0 ge-0/0/3.0
>
>
> both switches have same config and same junos version.
> IGMP snooping is disable for all VLANs
>
>
>
> --
> Yordan Boikov
> :wq
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list