Hi again,
I just ran into another interesting problem I actually have no solution for. We are working with WAN Accelerators and two Firewalls running in active/standby failover mode. Normally we had only one firewall so setup was quite easy. From the C2 switch to the LAN port of the accelerator and from the wan port to the inside port of the firewall. Since we now have two firewalls we have to connect I thought of a simple VLAN. Connecting the switch port fe.1.39 to the lan port of the accelerator, the wan port to, let's say, fe.1.40 and the two inside interfaces of the firewalls to fe.1.41 and fe.1.42. For those three ports I have created a vlan set vlan create 2 set vlan name 2 "Transit" set port vlan fe.1.40 2 modify-egress set port vlan fe.1.41 2 modify-egress set port vlan fe.1.42 2 modify-egress set port alias fe.1.39 "LAN Acc" set port alias fe.1.40 "WAN Acc" set port alias fe.1.41 "Inside-Primary FW" set port alias fe.1.42 "Inside-Secondary FW" When I try to ping or send any other packets it always fails. I can see the ARP broadcast, requesting for the inside IP of the FW, coming out of the WAN port of the accelerator, but I don't see it coming out of either port fe.1.41 or fe.1.42. So the broadcast goes into the VLAN 2 but not exiting it... I am pretty confused about this. Does anybody has an idea about this? BTW, if I use a simple 5 port switch and connect all three "ports" it works like a charm, it only fails with the VLAN configuration... Bye Tom -- Thomas Hofmann, System-/Networkadministrator, IT EB - Discover the Experience Visitors: Am Wolfsmantel 46, 91058 Erlangen, Germany Phone: +49 (9131) 7701 6969, mailto:[email protected] <mailto:[email protected]> Fax: +49 (9131) 7701 6333, http://www.elektrobit.com <http://www.elektrobit.com/> PGP-Key: http://keyserver.elektrobit.com <http://keyserver.elektrobit.com/> Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, Germany Managing Director Otto Fößel Register Court Fürth HRB 4886 ---------------------------------------------------------------- Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
