Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
1
Replies

Pix failover Arp query

sean_woods
Level 1
Level 1

‎05-07-2004 02:18 PM - edited ‎02-20-2020 11:23 PM

Hi,

I'm hoping someone can help clear this up for me...

Scenario:

Two switches are separated by a primary and secondary pix using failover.

For whatever reason, the pix's failover.

Question:

Once the failover occurs, won't the switches (using spanning tree) receive the same mac address (active pix address) advertised on a second, different port (the one connected to the secondary pix), causing a spanning tree recalculation and hence a temporary network outage ?

The cisco documentation states that because the same mac address is used, no arp entries need to change or timeout anywhere on the network. Is there something obvious I'm missing here ?

The live network this relates to actually has more than one switch each side of the firewalls, but I'd like to get the principle clear first.

Thanks in advance...

0 Helpful
1 Reply 1

ehirsel
Level 6
Level 6

‎05-08-2004 04:23 AM

I don't believe that a spanning tree recalculation won't occur due to the same mac-address being learned on a different port. The STP recalc is done only as ports become active and inactive, as the pixes failover the ports do not do that unless the pix code rebooting on one unit causes the fialover.

The switch ports are always active as long as the pix code is active (both the active and standby units) The pix failover hearbeat signal between them runs over the enet interfaces as well as the serial cable.

The pix documentaion recommends that the portfast feature be enabled on cisco cat switches when configuring ports for pix interfaces to allow the port to go into forward mode as soon as the pix activates its interface. This is to allow for the situaion to achieve fast pix failover status convergence where a pix reboots - and some failovers will cause the pix to reboot.

It is my understanding that the new rapid stp protocol is now standardized and the newer non-cisco switches should have a similar capability too.

I recommend that either portfast or rapid stp be configured on the switches and switchports that the pix units connect to (for all interfaces).

I hope this clears the issue up for you. If not, let me know what other help you need.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card