01-06-2003 12:15 PM - edited 03-02-2019 03:58 AM
Hello.
I have the following scenario:
2 Firewall1in load-balance - FW1 and FW2
2 catalyst 2950 48 ports with 12.1(9) EA1 version - SW1 and SW2
FW1 is plugged to SW1 by trunk on interface G0/1, FW2 is plugged to SW2 by trunk on interface G0/1 and between switches there is a trunk fyber link on interface G0/2 on each switch.
The ip igmp snooping feature is disabled and multicast mac-addresses are statically defined on interfaces G0/1 and G0/2 on each switch.
It seems to me that if i have a PC connected to SW1, packets arrive to FW1 with right tagging on correct VLAN and to FW2 without tag.
Hence, FW2 will discard the packets and connectivity will be lost.
With 2 FW and just one switch everything works well. This scennario drives me to point to a multicast problem or a bug not reported on these
release.
Do you advice any workaround?
Maybe an upgrade to new version 12.1(12c)EA1...
01-10-2003 11:17 AM
An upgrade would be a good idea if you feel the problem is possibly due to a bug.
However the following doc on Multicast Troubleshooting might help you rule out any possible problems.
http://www.cisco.com/en/US/tech/tk648/tk363/technologies_tech_note09186a0080094b55.shtml
01-12-2003 11:28 PM
Hi
You expect the multicast will be send bi-directional over a single link. This will introduce a classic bridge loop and is not permitted, even this is recommended by some FW suppliers!
Regards Andy
01-13-2003 07:19 AM
I have the same scenario working with catalyst 3550 L3 with just layer 2 !!
Beside this all gigabit ports of the catalyst 2950 are in forwarding state so, i think this is not a loop problem and i didn't detect any blocked state. The Firewalls should prevent eventual loops!!!!
Thanks Nuno
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide