cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
73
Views
0
Helpful
1
Replies
Highlighted
Beginner

pFsense CARP using cisco switch

Hi, 

I am curious to find out why i face the following situation.
I have a customer who has two pfsense firwalls, and has set up CARP. 

You know the configuration with the virtual IP, which stands for router redundancy.

From my side, i am using cisco catalyst.

Customer's two pfsense are connected on 2 different ports.

Every time Customer looses one of two routers, i am getting port security violation.

%PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5e00.xxxx on port GigabitEthernet1/2

 

Config of two switchports

switchport
switchport access vlan xxx
switchport mode access
switchport port-security
switchport port-security maximum 700
switchport port-security aging time 120
switchport port-security violation restrict
switchport port-security aging type inactivity
no logging event link-status
storm-control broadcast level 10.00
no cdp enable
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
end

Everyone's tags (2)
1 REPLY 1
VIP Advisor

Re: pFsense CARP using cisco switch

PfSense when the primary fails, the secondary take over with same MAC Address

 

So you see violation here because your switch already learned MAC address on a different port, now you getting same MAC address from a different port.

 

The solution is arp aging time out configure to resolve. or loose on the port security.

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards