pFsense CARP using cisco switch

net.curious · ‎09-11-2019

Hi,

I am curious to find out why i face the following situation.
I have a customer who has two pfsense firwalls, and has set up CARP.

You know the configuration with the virtual IP, which stands for router redundancy.

From my side, i am using cisco catalyst.

Customer's two pfsense are connected on 2 different ports.

Every time Customer looses one of two routers, i am getting port security violation.

%PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5e00.xxxx on port GigabitEthernet1/2

Config of two switchports

switchport
switchport access vlan xxx
switchport mode access
switchport port-security
switchport port-security maximum 700
switchport port-security aging time 120
switchport port-security violation restrict
switchport port-security aging type inactivity
no logging event link-status
storm-control broadcast level 10.00
no cdp enable
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
end

balaji.bandi · ‎09-11-2019

PfSense when the primary fails, the secondary take over with same MAC Address

So you see violation here because your switch already learned MAC address on a different port, now you getting same MAC address from a different port.

The solution is arp aging time out configure to resolve. or loose on the port security.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help