04-22-2010 02:56 AM - edited 03-11-2019 10:36 AM
Hi,
We have two sites connected via a 1Gb trunk. There is a cluster of Nokia IP530 firewalls, split between the two site. Everything was working fine until the core switches were changed out on one of the sites (went from a Cisco 4507 to Cat6500 with Sup720).
Since the change, both firewall think they are the "Master". We have verrified L2 & L3 conenctivity - all looks ok.
We moved the Nokia off the 6500 and moved it to the same site as the other Nokia (these sit on Cisco 4506E with Sup6)....clustering works fine when they are on the same site.
Here the general port configuration that works on the 4506E
!
interface GigabitEthernet6/46
description TEMP_NOKIA_HB
switchport access vlan 202
switchport mode access
switchport nonegotiate
speed 100
duplex full
spanning-tree portfast
!
On the Cisco 6500, we are using the following general configuration....
!
interface GigabitEthernet8/47
description NOKIA_HB
switchport
switchport access vlan 202
switchport mode access
switchport nonegotiate
speed 100
duplex full
spanning-tree portfast edge
end
I believe that both the firewalls are set to use Unicast for clustering, however when I put a sniffer on the directly on the FW Heart Beat port, I noticed alot of Multicast traffic... On both sites, the port connecting to the Nokia Heartbeat port is receining M/cast traffic.
We've moved the firewalls back into one site to maintain redundancy.
My next step is to put a sniffer on the one segment to view a "normal" cluster establishment.
Does anyone have any insights in regard to this issue?
Thanks
Simon
04-22-2010 04:50 AM
04-22-2010 05:10 AM
Jon,
Yes the Nokia Heart Beat interfaces are in the same L2 VLAN.
Thanks for the information - will review and post up the results.
Regards
Simon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide