[j-nsp] nsrp ha link over ex4200
boikov at spnet.net
boikov at spnet.net
Thu Apr 30 03:16:35 EDT 2009
Hi,
10x for response
when I remove interfaces of SSG from HA zone and put them an IP
address everything work.
NSRP ha-link probe is run on both SSGs
cheers
Quoting Ross Vandegrift <ross at kallisti.us>:
> On Tue, Apr 28, 2009 at 11:17:04AM +0300, Yordan Boikov wrote:
>> Hi,
>>
>> we have two SSG 520M firewalls and two ex4200 switches
>>
>>
>> [ SSG520M fw1 ][eth1/7] ----- [ge-0/0/3][ ex4200 sw1
>> ][ge-0/1/2]===trunk===[ge-0/1/2][ ex4200 sw2 ][ge-0/0/3] ----
>> [eth1/7][ SSG520M fw2 ]
>>
>> I want to configure HA between fw1 and fw2
>> the problem is that sw2 doesn't see fw1
>>
>> sw1>show ethernet-switching table vlan ha-vlan
>> Ethernet-switching table: 2 unicast entries
>> VLAN MAC address Type Age Interfaces
>> ha-vlan * Flood - All-members
>> ha-vlan 00:22:83:88:38:15 Learn 0 ge-0/0/3.0
>> ha-vlan 00:22:83:88:3f:15 Learn 0 ge-0/1/2.0
>>
>> sw2> show ethernet-switching table vlan ha-vlan
>> Ethernet-switching table: 1 unicast entries
>> VLAN MAC address Type Age Interfaces
>> ha-vlan * Flood - All-members
>> ha-vlan 00:22:83:88:3f:15 Learn 0 ge-0/0/3.0
>>
>>
>> both switches have same config and same junos version.
>> IGMP snooping is disable for all VLANs
>
> Two things to check:
>
> 1) The trunk connecting ge-0/1/2.0 to ge-0/1/2 needs to permit ha-vlan
> on both switches.
>
> 2) Have you renamed or changed the tag on ha-vlan on sw2? If so,
> there is a bug on the ex4200 that prevents reliable learning of MAC
> addrs. Delete ha-vlan, commit, recreate ha-vlan, and then try again.
>
> Remember to enable active NSRP HA probing with a setup like this.
> It's also useful to pick a production interface as an NSRP secondary
> path.
>
> --
> Ross Vandegrift
> ross at kallisti.us
>
> "If the fight gets hot, the songs get hotter. If the going gets tough,
> the songs get tougher."
> --Woody Guthrie
>
More information about the juniper-nsp
mailing list